Skip to content
Traceflow

Privacy Policy

Last updated: May 7, 2026

Traceflow ("we," "our," or "us") is operated by PaceForms Inc. We are committed to protecting your privacy and handling your personal data with transparency and care. This Privacy Policy explains how we collect, use, store, share, and protect information when you use our website at gettraceflow.com and our customer journey analytics platform (the "Service").

The short version

We collect data to provide and improve our analytics service. We never sell your personal data. You have full rights over your data under GDPR. We use cookies — you can control them via our Cookie Policy.

1. Who We Are

Traceflow is a customer journey analytics platform developed and operated by PaceForms Inc., a company incorporated in the United States. Our product helps businesses understand the complete journey their customers take — from email interactions to website behavior — using email address as a single identifier.

For GDPR purposes, PaceForms Inc. is the data controller for data collected through our website and marketing activities. For data processed within our analytics platform on behalf of our customers, PaceForms Inc. acts as a data processor.

Contact us at: [email protected]

2. Data We Collect

2.1 Account and Registration Data

When you sign up for Traceflow, we collect:

  • Name and email address
  • Company name (optional)
  • Password (stored as a secure hash — we never store plaintext passwords)
  • Billing information (processed by our payment provider, Stripe — we do not store raw card data)

2.2 Usage and Platform Data

As you use the Traceflow dashboard, we collect:

  • Login and session activity
  • Feature usage patterns (which dashboard sections you access)
  • Configuration data (connected email accounts, website integrations)
  • Support ticket history and communications

2.3 Website Analytics Data (Traceflow Tracking Script)

When you install the Traceflow tracking script (<script src="https://app.gettraceflow.com/tracer.js">) on your website, Traceflow collects behavioral data about visitors to your website on your behalf. This data belongs to you as our customer. It includes:

  • Page views and session data
  • Visitor IP address (used for geolocation; raw IPs are not stored long-term)
  • Device type, browser, and operating system
  • Traffic source and referrer
  • Heatmap interaction data (clicks, scrolls)
  • Email address — only when matched to a contact in your Traceflow account

In this context, you (our customer) are the data controller for your end-users' data, and we process it as a data processor under a Data Processing Agreement (DPA). Your end-users should be informed of this tracking via your own Privacy Policy and cookie consent mechanisms.

2.4 Email Integration Data

When you connect Gmail or Outlook to Traceflow, we access email metadata necessary to build the customer journey timeline:

  • Sender and recipient email addresses
  • Email subject lines
  • Email send, open, and click timestamps

We do not read or store the full body content of your emails.

2.5 Website Visitor Data (gettraceflow.com)

When you visit our own website, we collect:

  • IP address and approximate geographic location
  • Browser type, version, and device information
  • Pages visited and time spent
  • Referring website or campaign source
  • Cookie identifiers (see our Cookie Policy)

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and UK, we process personal data under the following legal bases:

  • Contract performance — Processing necessary to provide the Traceflow service you have subscribed to (account management, platform operation, billing)
  • Legitimate interests — Improving our platform, preventing fraud, security monitoring, and communicating product updates
  • Consent — Marketing emails, analytics cookies, and non-essential data processing (you can withdraw consent at any time)
  • Legal obligation — Processing required to comply with applicable laws and regulations

4. How We Use Your Data

We use the data we collect to:

  • Provide, operate, and maintain the Traceflow platform
  • Process billing and manage your subscription
  • Send transactional emails (account confirmations, invoices, security alerts)
  • Send product updates and marketing communications (only with your consent; you can unsubscribe at any time)
  • Respond to support requests and troubleshoot issues
  • Improve and develop new features based on usage patterns
  • Detect, prevent, and investigate fraud, abuse, and security incidents
  • Comply with legal obligations

5. Data Sharing and Third-Party Services

We do not sell your personal data. We may share data with:

  • Stripe — Payment processing (their Privacy Policy)
  • Amazon Web Services (AWS) — Infrastructure and cloud hosting
  • Vercel — Website hosting and edge delivery
  • Postmark / SendGrid — Transactional email delivery
  • Intercom / Crisp — Customer support communications
  • Legal authorities — When required by law, court order, or to protect rights and safety

All sub-processors are bound by Data Processing Agreements and provide adequate data protection guarantees.

6. Cookies

We use cookies and similar tracking technologies on our website. For full details on what cookies we use, why, and how to manage them, please read our Cookie Policy.

We will always ask for your consent before setting non-essential cookies. You can update your preferences at any time via the cookie banner on our website.

7. Data Retention

  • Account data — Retained for the duration of your subscription plus 90 days after cancellation, then deleted or anonymized
  • Analytics and journey data — Retained for up to 24 months; configurable per plan
  • Email integration metadata — Retained for up to 12 months of history
  • Billing records — Retained for 7 years as required by US tax law
  • Support communications — Retained for 3 years

8. Data Security

We implement industry-standard technical and organizational security measures:

  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access to production systems is limited to authorized personnel with MFA
  • Regular security audits and vulnerability assessments
  • Incident response procedures with prompt notification in case of a data breach

9. International Data Transfers

Traceflow is based in the United States. If you are accessing our Service from the EEA, UK, or other regions with data transfer restrictions, your data will be transferred to the US. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for such transfers, ensuring an adequate level of protection.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Correct inaccurate or incomplete data
  • Erasure — Request deletion of your personal data ("right to be forgotten")
  • Restriction — Request that we limit how we process your data
  • Portability — Receive your data in a structured, machine-readable format
  • Objection — Object to processing based on legitimate interests
  • Withdraw consent — Withdraw any consent you have previously given at any time

To exercise any of these rights, please email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

11. Children's Privacy

Traceflow is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 16, we will delete it promptly.

12. Data Processing Agreement (DPA)

If you use Traceflow's tracking script to collect data about your own website visitors, you act as a data controller and we act as your data processor. A Data Processing Agreement (DPA) is available upon request for customers who require it for GDPR compliance. Please contact [email protected] to request a DPA.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email (to your account email address) and by posting the updated policy on this page with a new "Last updated" date. Your continued use of Traceflow after any changes constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Privacy Team:

← Back to Home Terms of Service → Cookie Policy →