Privacy Policy
Effective July 19, 2026
EngTrace (“EngTrace,” “we,” “us”) is a permanent decision log for hardware engineering teams. This policy explains what information we collect when you use EngTrace, why we collect it, who we share it with, and the choices you have. It applies to engtrace.com and the EngTrace application.
1. Information we collect
Account information. When you create an account, we (through our authentication provider, Supabase) collect your email address and a securely hashed password — we never see or store your password in plain text. If you sign in with Google or GitHub instead, we receive the email address and basic profile information those providers share with us. You may optionally add a username (which, if set, makes a read-only portfolio page public at /portfolio/your-username) and a profile picture.
Approximate location. We record the approximate location (city/region/country, derived from your IP address — never precise coordinates or GPS data) of the request that created your account, and of your most recent sign-in. This is shown back to you in Account Settings, and exists purely so you can notice if someone else has signed in to your account. We do not log a full history of every sign-in location — only the most recent one.
Content you provide. EngTrace is built to store the engineering content you choose to put into it: projects, decision records (what was decided, why, and any calculations), and files you upload — datasheets (PDF), Gerber/PCB manufacturing files, source code files, KiCad schematics, and whiteboard/stickyboard drawings and images. This content is yours; we store it so the product can function, not to make use of it ourselves.
What we don’t collect. We do not use third-party advertising trackers, and we do not currently run any analytics tooling — the “analytics” storage option in your cookie preferences exists ahead of any such tooling being wired up, and is not doing anything yet even if enabled. If that changes, this policy will be updated first.
2. How we use your information
- To create and secure your account, and let you sign in.
- To operate the core product: storing, displaying, and letting you edit and export your projects, decisions, and uploaded files.
- To let you notice unauthorized access to your account, via the account-creation and last-sign-in location shown in Settings.
- To respond to you when you contact us for support.
- To detect, prevent, and investigate abuse, fraud, or violations of our terms.
3. The AI assistant (Tracy)
EngTrace includes an optional in-app assistant. When our OpenAI integration is configured, messages you send it — along with relevant context from your projects and decisions needed to answer your question — are sent to OpenAI’s API to generate a response, subject to OpenAI’s own privacy policy. When that integration isn’t configured, the assistant falls back to a local, rule-based responder that never sends anything outside of EngTrace. Either way, using the assistant is optional — it never runs on your content unless you open the chat and send it a message.
6. Data retention
We retain your account and content for as long as your account is active. If you delete a project, decision, or file, it’s removed from our active database; associated storage objects are removed on the same request. If you’d like your account and all associated content permanently deleted, contact us (Section 12) and we’ll do so, other than what we’re required to retain for legal or accounting purposes.
7. Your rights and choices
- Access and correct your account information (profile picture, username, password) at any time from Account Settings.
- See the approximate location on file for your account creation and most recent sign-in, also in Account Settings.
- Manage cookie/storage preferences from the footer at any time.
- Request deletion or an export of your account and content by emailing privacy@engtrace.com.
Depending on where you live, you may have additional rights under laws like the GDPR or CCPA — including the right to object to or restrict certain processing. Contact us and we’ll do our best to help.
8. Security
Your content is access-controlled at the database level, so it’s only readable by your account (or, for a public portfolio, only the fields you’ve explicitly chosen to make public). Passwords are hashed by Supabase Auth and never stored or logged in plain text by us. No method of transmission or storage is perfectly secure, but we work to protect your information using industry-standard practices.
9. Children’s privacy
EngTrace is not directed at children, and we do not knowingly collect information from anyone under 16. If you believe a child has provided us with personal information, contact us and we’ll delete it.
10. International data transfers
Our service providers (Section 5) operate infrastructure in the United States and other countries, so your information may be processed outside the country you live in. Where required, we rely on those providers’ own safeguards for cross-border transfers.
11. Changes to this policy
If we make material changes to this policy, we’ll update the effective date above and, for significant changes, make a reasonable effort to notify you directly (for example, by email or an in-app notice).
12. Contact us
Questions about this policy, or requests regarding your data? Email us at privacy@engtrace.com.