Privacy Policy

Last updated: July 5, 2026

TraceCode ("we", "us", or "our") operates the website at tracecode.app. This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.

By creating an account or using TraceCode, you agree to the practices described in this policy. If you do not agree, please do not use the service.

1. Information We Collect

1.1 Account Information

When you sign in with Google or GitHub, we receive your name, email address, and profile picture from the OAuth provider. We do not receive or store your password.

1.2 Learning & Progress Data

When you use TraceCode, we store data about your activity, including:

  • Problems attempted and completed, along with time spent and attempt counts
  • Code you write in the editor (saved as drafts and submissions)
  • Drill attempts, accuracy, and streak data
  • Detected coding mistakes (mistake type, line number, code snippet)
  • Pattern proficiency scores and learning progress
  • Mock assessment session state and results
  • User settings and preferences

1.3 Cloud Feature Data

Some TraceCode features process code through TraceCode-operated server infrastructure. For example, cloud judging and trace export may send your code, selected language, problem identifier, test case metadata, execution status, generated trace data, job diagnostics, and export artifact metadata to our servers so we can run the job and return results or downloads.

1.4 Billing Information

If you subscribe to TraceCode Pro, payments are handled by Stripe. We do not store full card numbers or card security codes. We may store billing-related metadata such as your Stripe customer ID, subscription ID, product or price label, subscription status, renewal or cancellation period, and billing portal or checkout state so we can provide and manage paid access.

1.5 Automatically Collected Data

We use session cookies (JSON Web Tokens) to keep you signed in. When analytics are enabled, we also use PostHog to collect privacy-scoped product analytics such as page views, navigation events, feature usage, runtime timing, and high-level interaction events inside TraceCode. Some performance events include coarse device capability buckets, such as CPU thread-count range or memory range, to help us understand runtime reliability across devices. We do not use advertising trackers or third-party ad pixels. We do not use PostHog session replay by default, and we do not intentionally send editor code, submission contents, or exported data contents to PostHog.

1.6 Connected Apps and Agents

If you connect TraceCode to another app, AI assistant, or agent, we store connection metadata such as the app name, requested permissions, access token records, expiration time, revocation status, last-used time, and limited security or audit logs. These records help us authorize the connection, show it in your Connections settings, enforce limits, and let you revoke access.

2. How We Use Your Information

We use the information we collect to:

  • Authenticate your identity and maintain your session
  • Save and sync your learning progress across devices
  • Provide personalized feedback based on your coding patterns and mistakes
  • Run cloud judging, trace rendering, and export jobs you request
  • Process subscriptions, manage paid access, and provide billing support
  • Provide user-approved connections between TraceCode and other apps, AI assistants, or agents
  • Enforce scoped permissions, rate limits, abuse prevention, and audit logging for connected apps
  • Track your streaks, proficiency, and drill performance
  • Improve the platform based on aggregate usage patterns and product flow analytics

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. How We Store Your Data

Your data is stored in two places:

  • Browser local storage— Progress, code drafts, and settings are cached locally for offline access and performance.
  • Cloudflare D1 database— When signed in, your data is synced to a server-side database hosted on Cloudflare's global network for cross-device access and backup.
  • TraceCode cloud job storage— Cloud judge and trace export requests may be stored with your account so we can track job status, return results, retry or reconcile jobs, enforce quotas, and troubleshoot failures.

Data is transmitted over HTTPS. Cloudflare provides infrastructure-level encryption at rest and in transit.

4. Third-Party Services

We rely on the following third-party services:

When you choose to connect TraceCode to another app, AI assistant, or agent, TraceCode may share only the data permitted by the connection you approve. Current connector permissions are read-only and may include progress summaries, weak spots, practice recommendations, problem metadata, problem history, and attempt status. Connected apps cannot submit code, change account settings, manage billing, or read raw submitted source code or full test payloads through these permissions. The connected app's handling of data is governed by that app's own terms and privacy policy.

5. Cookies

We use the following cookies:

  • Session cookie(JWT) — Required for authentication. Expires when your session ends or after the configured token lifetime.
  • Cloudflare Access cookie (CF_Authorization) — Used for access management when applicable.
  • PostHog cookies/local storage— Used for product analytics when analytics are enabled. You can disable this in Settings.

We do not use cookies for advertising. If product analytics are enabled, TraceCode may store analytics identifiers through PostHog to understand aggregate usage and product flow health.

6. Your Rights

You have the right to:

  • Access your data— You can export a portable summary of your TraceCode progress through your account settings.
  • Delete your data— You can request deletion of your account and all associated data by contacting us.
  • Correct your data— Profile information is sourced from your OAuth provider. Update it there, and it will be reflected in TraceCode.
  • Manage connected apps— You can view and revoke connected app access from TraceCode settings. Revoking access prevents future access, but it does not delete data that an app may have already received while connected.
  • Withdraw consent— You can stop using the service and request account deletion at any time.

To exercise any of these rights, contact us at obinna@tracecode.app.

7. Data Retention

We retain your data for as long as your account is active. If you request account deletion, we will remove your personal data from our systems within 30 days, except where we need to retain limited records for security, fraud prevention, billing, tax, accounting, dispute handling, or legal compliance. Anonymized, aggregate data (e.g., total number of submissions) may be retained indefinitely.

Export downloads and similar generated artifacts are temporary and may expire before the related job metadata is removed from our systems.

Data stored in your browser's local storage persists until you clear it manually or uninstall the browser.

8. Children's Privacy

TraceCode is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or through a notice on the site. Your continued use of TraceCode after changes take effect constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or your data, contact us at:

obinna@tracecode.app