trace·warrior
legal

Privacy Policy

We collect only what's necessary to run the service. We don't sell your data, ever.

What we collect

  • Account info. Email, display name, and OAuth provider ID when you sign up. If you sign in with Google, see the dedicated Google user data section below for exactly what we receive and how it is handled.
  • Tool usage. We log every on-demand tool run (timestamp, tool slug, plan tier) for usage history shown in your dashboard. We don't store the inputs you submit or the results returned.
  • Monitor configuration. When you create a monitor, we store the target hostname / port / URL you specified, the check schedule, and the alert channels you configured (your email address, already on the account, plus any webhook URL you provided and a per-monitor HMAC secret we generate to sign payloads).
  • Monitor check history. Each scheduled check writes one row: timestamp, observed state, the raw result (DNS records, cert metadata, port status, HTTP status code) and the duration. This data is what powers your sparkline and the public status page when you enable it. History is retained per plan (3 days on Free, 14 on Starter, 30 on Professional, 90 on Enterprise) and pruned daily by an automated job.
  • Alert delivery audit. When an alert fires we record which channel was attempted (email address or webhook URL), whether it delivered successfully, and the error message if it didn't. Same retention window as check history.
  • Billing. If you subscribe, Stripe handles your card. We store your Stripe customer ID and subscription status, nothing else.
  • Analytics. Aggregate, anonymous page views. No IP, no fingerprinting.

Google user data

If you choose to sign in with Google, we use Google OAuth to authenticate you. This section explains exactly what we receive from Google and what happens to it.

  • What we access. Only your basic profile through the non-sensitive OAuth scopes (openid, email, profile): your name, email address, profile picture URL, and Google account identifier. We never request access to Gmail, Drive, Calendar, Contacts, or any other Google service or content.
  • How we use it. Solely to create and sign you into your Trace Warrior account, to show your name in the dashboard, and to send service email (alert notifications, billing receipts, account messages) to your address. We do not use Google user data for advertising, and we do not use it to train artificial intelligence or machine learning models.
  • How we store it. Your profile data is stored in our authentication database, hosted on Supabase (PostgreSQL), encrypted in transit (TLS) and at rest.
  • How we share it. We never sell Google user data and never share it with third parties for their own purposes. It is processed only by the subprocessors that operate the service: Supabase (authentication and database), Resend (delivers service email to your address), and Stripe (receives your email address only if you subscribe, for billing). No advertisers, no data brokers.
  • Retention and deletion. We keep this data only while your account exists. Deleting your account permanently removes it. You can also revoke Trace Warrior's access at any time in your Google Account security settings (myaccount.google.com/permissions), or email support@tracewarrior.com and we will delete it for you.

Trace Warrior's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Public status pages

When you toggle a monitor to public, anyone with the URL can see the monitor's name, target, current state, 24-hour uptime percentage, and the last 24 hours of check history. Nothing about your account, billing, or other monitors is exposed. Toggle the monitor back to private to remove it from the public URL.

Webhook deliveries

When you provide a webhook URL we POST a signed JSON payload to it on alert events. The payload contains the monitor name, target, current and previous state, and the check result. We retry once on 5xx or timeout. We don't store the response body from your webhook endpoint, only whether the request succeeded.

What we don't

  • Sell or rent your data.
  • Store your on-demand tool inputs or outputs.
  • Track you across third-party sites.
  • Share your monitor configuration or check history with anyone outside the audit trail above.

Your rights

You can export, correct, or delete your account at any time from the dashboard. Deleting your account removes all monitors, check history, and alert records via cascade. EU and UK users have additional rights under GDPR. Email us to exercise any of them.

Last updated: 2026-06-12