Last updated: 26 MARCH 2026

Privacy Policy

Trace Space, Inc. (“Trace.Space”, “we”, “us”, or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process Personal Data when you:

  • visit our Website;
  • use our Cloud Software;
  • use or interact with our Self-Hosted Software;
  • communicate with us in connection with sales, support, marketing, events, or other business activities; or
  • otherwise interact with us.

Please note that capitalized terms not defined in this Privacy Policy have the meanings given in the Trace.Space Terms of Service or any other applicable written agreement between you and Trace.Space.

Summary

We collect and process Personal Data only where we have a valid legal basis to do so. We seek to limit the Personal Data we process to what is reasonably necessary for the relevant purpose. We do not sell Personal Data to third parties. We use Personal Data only as described in this Privacy Policy or as otherwise permitted by applicable law.

The way we process data depends in part on whether you are using:

  • our Website;
  • our Cloud Software, which is hosted by Trace.Space; or
  • our Self-Hosted Software, which is installed and operated on infrastructure owned or controlled by the Customer.

When Customers use the Self-Hosted Software, Customer Data generally remains within the Customer’s own environment. In that case, Trace.Space may still process limited User Data for purposes such as account administration, billing, support, telemetry, license verification, security, and legal compliance.

If you are located in the European Union, European Economic Area, Switzerland, the United Kingdom, California, or another jurisdiction with specific privacy rights, you may have additional rights under applicable law. Please see the sections below on your rights and how to contact us.

1. What information do we collect

A. Categories of individuals

We may collect Personal Data relating to the following categories of individuals:

  • visitors to our Website who have not signed up for the Platform or Services;
  • prospective customers and customer representatives;
  • natural persons who are our Customers;

Authorized Users who are registered or permitted by a Customer to access an Organization’s Workspace or use the Services; and

individuals who communicate with us in connection with support, surveys, webinars, events, job applications, or other interactions.

B. Types of information

We collect two general categories of information:

Personal Data, meaning information that identifies, relates to, describes, or can reasonably be associated with an identified or identifiable individual; and

Aggregated Information or Usage Data, meaning technical, statistical, de-identified, anonymized, or aggregated information that does not identify an individual, or has been processed so that it can no longer reasonably be linked to an individual.

In this Privacy Policy, we may refer to both categories together as “User Data.”

Some information is provided directly by you. Other information is collected automatically. Certain Personal Data is necessary for us to provide the relevant Services. If you do not provide certain Personal Data, we may be unable to provide the Services or respond to your request.

C. Personal Data

“Personal Data” means information that can be used to identify, contact, or locate an individual, or that is otherwise defined as personal data or personal information under applicable law.

Depending on how you interact with us, Personal Data we collect may include:

  • full name;
  • work email address;
  • phone number;
  • company name;
  • job title or role;
  • account and login information;
  • billing-related contact information;
  • support communications;
  • technical and device information;
  • IP address;
  • browser type;
  • operating systems;
  • timestamps;
  • usage logs; and
  • any other information you choose to provide to us.

When you visit our Website or use our Cloud Software, we may automatically collect certain technical data through logs, cookies, and similar technologies. This may include information such as your IP address, browser type, device type, operating system, date and time of access, referring websites, pages visited, and actions taken within the Website or Cloud Software.

For Cloud Software, Personal Data may also be included in Customer Data submitted to the hosted service by a Customer or its Authorized Users.

For Self-Hosted Software, Trace.Space generally does not collect Customer Data. However, we may still receive limited Personal Data in connection with support requests, license verification, telemetry, diagnostics, billing, account administration, or other direct interactions with the Customer or its users.

You are responsible for ensuring that the Personal Data you provide to us is accurate and up to date. Inaccurate or incomplete Personal Data may affect your use of the Services or our ability to communicate with you.

D. Aggregated Information and Usage Data

We may collect or generate technical logs, analytics, telemetry, and other usage information relating to the operation, performance, support, security, and use of the Website, Cloud Software, or Self-Hosted Software.

We may also de-identify, anonymize, or aggregate Personal Data so that it can no longer reasonably be used to identify an individual. For example, we may remove direct identifiers from usage logs or combine information across users to better understand how the Platform and Services are used.

We may use Aggregated Information or Usage Data for purposes such as:

  • operating and improving the Platform and Services;
  • troubleshooting issues;
  • analyzing usage patterns;
  • developing new features;
  • conducting research and business intelligence;
  • improving security and performance; and
  • other lawful business purposes.

Where required by applicable law, we will only use Personal Data for these purposes on an appropriate legal basis.

2. How do we collect your Personal Data

We collect Personal Data in several ways, depending on how you interact with us and which Services you use.

A. Information you provide directly

You may provide Personal Data directly to us in a variety of ways, including when you:

  • create or manage an Account or Organization’s Workspace;
  • sign up for a free trial or paid Subscription;
  • request a demo or contact our sales team;
  • communicate with us via email, chat, support tickets, or other channels;
  • register for webinars, events, or marketing communications;
  • respond to surveys or provide feedback;
  • apply for a job; or
  • otherwise interact with Trace.Space.

This information may include your name, email address, phone number, company name, role, and any other information you choose to provide.

B. Billing and payment information

If you subscribe to a paid Plan, payment-related information is collected and processed by our third-party payment processors or financial institutions.

Depending on the payment method, this may include:

  • payment card details;
  • billing address;
  • bank account information; and
  • transaction data.

Trace.Space does not intentionally store full payment card numbers. However, we may have access to limited billing-related information, such as:

  • billing contact details;
  • payment status;
  • invoice information; and
  • partial payment method details (e.g., last four digits),

as provided by our payment processors.

C. Information collected automatically

When you visit our Website or use our Cloud Software, we automatically collect certain technical and usage data using logs, cookies, and similar technologies.

This may include:

  • IP address;
  • browser type and version;
  • device type and operating system;
  • timestamps of access;
  • pages visited and actions taken;
  • referring URLs; and
  • general usage patterns.

We use this information to operate, maintain, secure, and improve the Website and Cloud Software, as well as to analyze performance and usage.

D. Third-party services and integrations

Customers may choose to enable integrations with third-party services (for example, project management, storage, or developer tools).

When such integrations are enabled:

  • Trace.Space may receive certain data from the third-party service; and
  • Trace.Space may share limited data with the third-party provider as necessary to enable the integration.

The type of data exchanged depends on the integration and may include account identifiers, email addresses, configuration data, or content necessary for the integration to function.

Authorized Users should review the privacy policies of those third-party services to understand how their data is handled by those providers.

For Self-Hosted Software, the Customer controls whether to enable any external integrations and is responsible for ensuring that such integrations comply with its internal policies and applicable laws.

E. Information from third parties

We may receive Personal Data about you from third-party sources, such as:

  • publicly available business information;
  • marketing and lead generation providers;
  • event partners;
  • referral sources; or
  • identity providers used for single sign-on (e.g., Google, Microsoft, GitHub, Okta).

This may include information such as your name, company, role, contact details, or engagement data. We may combine this information with data we already hold to improve our Services and communications.

F. Self-Hosted Software telemetry and license verification

When you use the Self-Hosted Software, Trace.Space may receive limited technical data in connection with:

  • license verification;
  • system health monitoring;
  • diagnostics and error reporting; and
  • product improvement.

This data may include:

  • software version;
  • system configuration metadata;
  • performance metrics;
  • error logs; and
  • usage within licensed limits.

Unless otherwise expressly stated, such data is designed not to include Customer Data or Customer Personal Data.

Customers may have the ability to configure or restrict certain telemetry features, depending on the deployment and applicable agreements.

G. Support and troubleshooting data

When you request support, we may receive Personal Data and other information necessary to assist you.

This may include:

  • contact details;
  • descriptions of issues;
  • logs, screenshots, or exports; and
  • other materials you choose to share.

For Self-Hosted Software, any Customer Data shared with Trace.Space for support purposes is provided at the Customer’s discretion and subject to the applicable agreements.

3. What is our legal basis for processing information

Where required by applicable data protection laws, including the General Data Protection Regulation, we only collect and process Personal Data where we have a valid legal basis to do so.

Depending on the context, we rely on one or more of the following legal bases:

A. Performance of a contract

We process Personal Data where it is necessary to:

  • enter into a contract with you;
  • provide the Platform, Cloud Software, Self-Hosted Software, or Services; or
  • perform our obligations under applicable Terms of Service, Order Forms, or other agreements.

For example, this includes processing Personal Data to:

  • create and manage Accounts;
  • provide access to the Platform;
  • deliver support;
  • process payments; and
  • administer Subscriptions.

B. Legitimate interests

We may process Personal Data where it is necessary for our legitimate interests, provided that such interests are not overridden by your rights and freedoms.

Our legitimate interests may include:

  • operating, maintaining, and improving the Platform and Services;
  • ensuring security, integrity, and performance;
  • detecting, preventing, and investigating fraud, misuse, or security incidents;
  • providing customer support and responding to inquiries;
  • managing business relationships with Customers and prospective customers;
  • conducting analytics, research, and product development; and
  • sending relevant communications about our Services.

Where required by law, we will consider and balance any potential impact on your rights before relying on this legal basis.

C. Consent

We rely on your consent where required by applicable law.

This may include, for example:

  • sending marketing communications;
  • placing certain cookies or similar technologies on your device; or
  • processing Personal Data in situations where consent is the appropriate legal basis.

Where we rely on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

D. Legal obligations

We may process Personal Data where necessary to comply with legal or regulatory obligations.

This may include obligations relating to:

  • accounting and tax requirements;
  • sanctions and export control laws;
  • fraud prevention and security;
  • responding to lawful requests from authorities; and
  • compliance with applicable data protection laws.

E. Vital interests and public interest

In limited circumstances, we may process Personal Data where necessary to:

  • protect the vital interests of an individual; or
  • carry out a task in the public interest,

to the extent permitted under applicable law.

If you have any questions about the legal basis on which we process your Personal Data, you may contact us at: privacy@trace.space.

4. How will we use your Personal Data

The way we use your Personal Data depends on how you interact with Trace.Space, the Services you use, and the choices you make in your settings.

Where Customers use the Cloud Software, we process Customer Personal Data in accordance with the Customer’s instructions and applicable agreements. Where Trace.Space acts as a controller, we use Personal Data as described below.

A. To provide the Platform and Services

We use Personal Data to operate, maintain, and provide our Website, Cloud Software, Self-Hosted Software-related services, and other Services.

This includes:

  • creating and managing Accounts and Organization’s Workspaces;
  • authenticating users and managing access;
  • enabling collaboration and core product functionality;
  • processing transactions and managing Subscriptions; and
  • delivering the features and functionality of the Platform.

B. To manage business relationships

We use Personal Data to establish and manage relationships with prospective and existing Customers.

This includes:

  • scheduling demos, meetings, and calls;
  • preparing proposals and agreements;
  • onboarding Customers;
  • administering billing and payments; and
  • maintaining ongoing business communications.

C. To provide customer support

We use Personal Data to respond to support requests, troubleshoot issues, and provide assistance.

This may include:

  • responding to inquiries and support tickets;
  • diagnosing technical issues;
  • reviewing logs, screenshots, or other materials you provide; and
  • communicating about incidents, updates, or resolutions.

For Self-Hosted Software, support may involve reviewing information voluntarily shared by the Customer, such as logs or exported data.

D. To improve and develop our Services

We use Personal Data and Usage Data to improve the performance, functionality, and usability of the Platform and Services.

This includes:

  • analyzing usage patterns and trends;
  • identifying bugs and performance issues;
  • developing new features, tools, and products;
  • improving user experience; and
  • training internal systems and processes (where permitted by applicable law).

E. To ensure security and prevent misuse

We use Personal Data to protect the Platform, Services, Customers, and users.

This includes:

  • monitoring for suspicious activity;
  • detecting and preventing fraud, abuse, or unauthorized access;
  • investigating security incidents;
  • enforcing our Terms of Service and policies; and
  • maintaining system integrity and reliability.

F. To send service-related communications

We may use Personal Data to send service-related communications that are necessary for the operation of the Services.

This includes:

  • technical notices;
  • billing and account notifications;
  • security alerts;
  • updates about changes to the Platform, Terms, or policies; and
  • other administrative communications.

These communications are considered part of the Services and may not be subject to opt-out.

G. To send marketing and event communications

Where permitted by applicable law, we may use Personal Data to send:

  • product updates;
  • newsletters;
  • event invitations;
  • surveys; and
  • other marketing communications.

You may opt out of marketing communications at any time by using the unsubscribe link in the message or by contacting us.

H. To comply with legal obligations

We may use Personal Data where necessary to comply with legal and regulatory requirements.

This includes:

  • accounting and tax obligations;
  • compliance with applicable laws and regulations;
  • responding to lawful requests from authorities; and
  • enforcing legal rights.

I. Cloud Software vs Self-Hosted Software

For Cloud Software, Trace.Space processes Personal Data, including Customer Personal Data, as part of hosting and providing the Services.

For Self-Hosted Software, Customer Data generally remains within the Customer’s own infrastructure. Trace.Space does not access or process such data except in limited circumstances, such as:

  • when the Customer requests support and shares data;
  • where telemetry or diagnostics are enabled;
  • for license verification; or
  • where otherwise agreed or required by law. 

5. Personal Data Trace.Space does not collect

A. Sensitive Information

Unless expressly agreed in writing, Trace.Space does not intend to collect, store, or process Sensitive Information through the Cloud Software.

“Sensitive Information” includes Personal Data or other data subject to heightened regulatory or security requirements under applicable law, such as:

  • health or medical information;
  • financial account details beyond standard billing data;
  • government-issued identification numbers;
  • biometric or genetic data; or
  • other categories of data requiring enhanced protection under applicable law.

Customers are responsible for ensuring that they do not submit Sensitive Information to the Cloud Software unless expressly permitted by Trace.Space.

For Self-Hosted Software, Trace.Space does not have visibility into or control over Customer Data stored within the Customer’s environment. The Customer is solely responsible for:

  • determining what data is processed;
  • ensuring compliance with applicable laws and regulations (including sector-specific frameworks such as HIPAA or similar); and
  • implementing appropriate safeguards.

Trace.Space may, where permitted or required by law or contract, remove or request removal of Sensitive Information from the Cloud Software if it is submitted in violation of these Terms or applicable agreements.

B. Children’s data

Trace.Space does not knowingly collect or process Personal Data from individuals below the minimum age required to provide valid consent under applicable law.

If we become aware that Personal Data has been collected from a child in violation of applicable law, we will take appropriate steps to delete such data.

C. Customer-controlled data and end-user data

For Cloud Software, Customers may submit or store Personal Data relating to their own end-users, employees, contractors, or other individuals. In such cases:

  • the Customer acts as the controller of that Personal Data; and
  • Trace.Space processes such data on behalf of the Customer in accordance with applicable agreements and instructions.

For Self-Hosted Software, Customer Data, including any Personal Data, remains within the Customer’s infrastructure. Trace.Space does not access or process such data unless:

  • the Customer explicitly shares it (for example, for support purposes); or
  • it is transmitted through limited mechanisms such as telemetry or license verification, as described in the Terms.

The Customer is solely responsible for ensuring that any Personal Data processed through the Services complies with applicable data protection laws.

D. Automated decision-making

Trace.Space does not engage in automated decision-making that produces legal or similarly significant effects on individuals within the meaning of applicable data protection laws, except where explicitly described and permitted under applicable agreements.

Any outputs generated by AI or machine learning features are intended to support users and require human review and validation.

6. How We Disclose Personal Data

We disclose Personal Data only where necessary for the purposes described in this Privacy Policy, where instructed by a Customer, or where required or permitted by applicable law. A list of our current subprocessors is available at https://www.trace.space/sub-processors, and may be updated from time to time in accordance with the applicable Data Processing Agreement.

A. Service providers and vendors

We may disclose Personal Data to trusted third-party service providers who process data on our behalf to support the operation of our business and Services.

These providers may assist with:

  • hosting and infrastructure;
  • data storage;
  • payment processing;
  • customer support systems;
  • analytics and monitoring;
  • communications and email delivery; and
  • security and fraud prevention.

These service providers are contractually required to process Personal Data only on our instructions and to apply appropriate confidentiality and security measures. 

B. Third-party integrations

The Platform may enable integrations with third-party services.

If a Customer enables such an integration:

  • certain Personal Data and/or Customer Data may be shared with the third-party provider; and
  • Trace.Space may receive data from that provider as necessary to enable the integration.

The Customer decides whether to enable these integrations and is responsible for reviewing the third party’s terms and privacy practices.

For Self-Hosted Software, the Customer controls whether to connect the software to external services and is responsible for ensuring such connections comply with its internal policies and applicable laws.

C. Affiliates and corporate transactions

We may disclose Personal Data to our affiliates for internal administrative, operational, and business purposes.

We may also disclose or transfer Personal Data in connection with:

  • a merger, acquisition, or reorganization;
  • a sale of assets or shares;
  • financing or investment transactions; or
  • bankruptcy or similar proceedings.

In such cases, Personal Data will remain subject to appropriate confidentiality obligations.

D. Customer administrators and collaborators

Within an Organization’s Workspace, certain Customer-designated users (such as administrators or account owners) may have access to Personal Data of Authorized Users.

This may include the ability to:

  • view or modify user profiles;
  • manage access and permissions;
  • export data or activity logs; or
  • restrict or remove access.

The Customer is responsible for managing such access and ensuring appropriate use of Personal Data within its organization.

E. Legal compliance and protection

We may disclose Personal Data where we reasonably believe it is necessary to:

  • comply with applicable laws, regulations, or legal processes;
  • respond to requests from courts, regulators, or government authorities;
  • enforce our Terms, agreements, or policies;
  • protect the rights, property, or safety of Trace.Space, our Customers, users, or the public; or
  • detect, prevent, or investigate fraud, abuse, security incidents, or technical issues.

F. De-identified and aggregated information

We may use and disclose de-identified, anonymized, or aggregated information for lawful business purposes, including analytics, research, and product improvement.

Such information does not identify individuals and is not considered Personal Data.

G. Cloud Software vs Self-Hosted Software

For Cloud Software, Trace.Space may process and disclose Personal Data, including Customer Personal Data, as part of providing the hosted Services, subject to the Customer’s instructions and applicable agreements.

For Self-Hosted Software, Trace.Space does not host or control Customer Data stored within the Customer’s environment. Disclosure of such data is determined by the Customer’s own systems, policies, and configurations.

Trace.Space may still disclose limited Personal Data it receives directly (for example, through support interactions, telemetry, account management, or license verification) in accordance with this Privacy Policy.

H. No sale of Personal Data

Trace.Space does not sell Personal Data to third parties for their independent commercial purposes.

7. What are your data protection rights

Depending on your location and subject to applicable law, you may have certain rights in relation to your Personal Data.

If you are located in the European Union, European Economic Area, Switzerland, or the United Kingdom, these rights may include the following under the General Data Protection Regulation and applicable local laws:

A. Your rights

Right to access
You have the right to request confirmation of whether we process your Personal Data and to obtain a copy of that data, along with information about how it is used.

Right to rectification
You have the right to request correction of inaccurate or incomplete Personal Data.

Right to erasure
You have the right to request deletion of your Personal Data in certain circumstances, for example where it is no longer necessary for the purposes for which it was collected.

Right to restriction of processing
You have the right to request that we limit the processing of your Personal Data in certain situations, such as where you contest its accuracy or object to processing.

Right to object
You have the right to object to processing based on our legitimate interests. You also have the right to object at any time to the use of your Personal Data for direct marketing purposes.

Right to data portability
You have the right to receive Personal Data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible.

Right to withdraw consent
Where we rely on your consent, you may withdraw it at any time. This does not affect the lawfulness of processing carried out before withdrawal.

Right to lodge a complaint
You have the right to lodge a complaint with a competent data protection authority if you believe your rights have been violated.

B. How to exercise your rights

You may exercise your rights by contacting us at: privacy@trace.space

We may need to verify your identity before responding to your request. We will respond within the timeframes required by applicable law.

If we no longer need to process your Personal Data for the purposes described in this Privacy Policy, we will not retain or collect additional data solely to identify you.

Where Trace.Space acts as a processor of Personal Data on behalf of a Customer, such processing is governed by the applicable Data Processing Agreement (“DPA”) between Trace.Space and the Customer.

C. Controller vs processor context

Your rights may be exercised differently depending on how you use the Services:

  • If you are a Customer or Authorized User of the Cloud Software, Trace.Space may process Personal Data on behalf of the Customer. In such cases, the Customer is typically the data controller, and requests relating to Customer Data should first be directed to the Customer.
  • If you are interacting with Trace.Space directly (for example, as a Website visitor, contact, or account holder), Trace.Space acts as the controller of your Personal Data, and you may exercise your rights directly with us.
  • For Self-Hosted Software, Customer Data generally remains within the Customer’s environment, and Trace.Space does not control or access that data except in limited cases (such as support or telemetry). The Customer is responsible for handling data subject requests relating to such data.

D. Additional rights for California residents

If you are a California resident, you may have additional rights under applicable California privacy laws, including:

  • the right to know what categories of Personal Data we collect and how we use them;
  • the right to request access to specific pieces of Personal Data;
  • the right to request deletion of Personal Data (subject to certain exceptions); and
  • the right not to be discriminated against for exercising your rights.

To exercise these rights, please contact us at: privacy@trace.space

8. Cookies

We use cookies and similar technologies to operate, secure, and improve our Website and Cloud Software, including for authentication, performance analysis, and remembering user preferences.

You can control or disable cookies through your browser settings. Please note that disabling cookies may affect certain functionality.

For Self-Hosted Software, cookie behavior is determined by the Customer’s own deployment and configuration, and not controlled by Trace.Space.

9. How do we store your data

We retain Personal Data only for as long as necessary to fulfill the purposes described in this Privacy Policy, including providing the Services, complying with legal obligations, resolving disputes, and enforcing our agreements.

For Cloud Software, Personal Data (including Customer Data) is stored on infrastructure operated by Trace.Space or its service providers and may be retained for a limited period after termination to allow export, after which it may be deleted.

For Self-Hosted Software, Customer Data remains within the Customer’s own infrastructure, and the Customer is responsible for its storage, retention, and deletion.

10. Security of Customer Data

We take the security of Personal Data seriously and implement appropriate administrative, technical, and organizational safeguards to protect it against unauthorized access, loss, misuse, or disclosure.

For Cloud Software, Trace.Space maintains security practices aligned with industry standards, including SOC 2 Type II controls.

For Self-Hosted Software, security of Customer Data depends on the Customer’s infrastructure, configuration, and operational practices. Trace.Space is not responsible for security incidents arising from the Customer’s environment.

11. Privacy Policies of other websites

Our Platform may include links to or integrations with third-party services. These third-party providers operate independently and have their own privacy policies and practices.

For Cloud Software, enabling integrations may result in the exchange of Personal Data between Trace.Space and the relevant third-party provider.

For Self-Hosted Software, integrations may require outbound connections from the Customer’s infrastructure. The Customer is solely responsible for evaluating whether such integrations comply with its internal policies and applicable laws.

Trace.Space does not control and is not responsible for the privacy practices of third-party services.

12. Identifying Data Controller and Processor

Data protection laws distinguish between a controller (who determines the purposes and means of processing Personal Data) and a processor (who processes Personal Data on behalf of the controller).

For Cloud Software:

  • If you are a Customer or an Authorized User, the Customer is the controller of Customer Personal Data.
  • Trace.Space acts as a processor, processing Personal Data solely on behalf of the Customer and in accordance with its instructions and applicable agreements.
  • If you are a visitor to our Website or otherwise interact with us outside of a Customer relationship, Trace.Space acts as the controller of your Personal Data.

For Self-Hosted Software:

  • The Customer acts as the controller and is solely responsible for all processing of Personal Data within its environment.
  • Trace.Space does not act as a processor of Customer Personal Data unless such data is explicitly shared with Trace.Space (for example, during support interactions or through limited telemetry as described in the Terms).

Where Trace.Space acts as a controller, the relevant entity is:

Trace Space, Inc.
111 NE 1st St, Suite: 88511, 8th Floor
Miami, FL 33132, USA
privacy@trace.space

13. International Data Transfers

Trace.Space operates globally. Personal Data may be processed in countries other than the country in which it was originally collected, including the United States and the European Union.

For Cloud Software, Personal Data may be transferred to and processed by Trace.Space and its service providers in different jurisdictions. Where such transfers involve Personal Data originating from the European Economic Area, the United Kingdom, or Switzerland, Trace.Space ensures that appropriate safeguards are in place in accordance with applicable Data Protection Laws. These safeguards may include:

  • participation in applicable data transfer frameworks;
  • use of Standard Contractual Clauses; and/or
  • reliance on adequacy decisions issued by relevant authorities.

For Self-Hosted Software, Customer Data remains within the Customer’s infrastructure. Trace.Space does not transfer or process such data unless it is explicitly shared with Trace.Space (for example, during support interactions or through limited telemetry). The Customer is solely responsible for ensuring that any international data transfers it performs comply with applicable Data Protection Laws.

In all cases, we take commercially reasonable steps to ensure that Personal Data is protected in accordance with this Privacy Policy and applicable law when transferred internationally.

14. Onward Transfer

Trace.Space may share Personal Data with subcontractors and service providers that assist in delivering the Services. These recipients are required to process Personal Data only on our behalf and in accordance with applicable Data Protection Laws and appropriate confidentiality and security obligations.

For Cloud Software, Trace.Space remains responsible for the processing of Personal Data by its subprocessors and ensures that they provide a level of protection consistent with this Privacy Policy and applicable legal requirements.

For Self-Hosted Software, Trace.Space does not share or transfer Customer Personal Data unless such data is explicitly provided to us (for example, through support interactions or diagnostics). In such cases, any onward transfer will be limited to what is necessary to provide the requested support and will be subject to appropriate safeguards.

Trace.Space may also disclose Personal Data if required to do so by law, regulation, or valid legal process, or where necessary to protect its rights, customers, or the security of its Services.

15. Newsletter

With your consent, we will be happy to send you our newsletter. To do this, you must register for our newsletter. More details on the content of the newsletter in question are explained in the declaration of consent or on the registration page.

For the subscription to our marketing communications, we use a double opt-in procedure for GDPR compliance provided that GDPR applies to the country from which you are registering and the mandatory double opt-in procedure is in effect. After your registration, we will send you an email requesting that you confirm your subscription to the specified email address with a link to click to confirm that you wish to receive our marketing communications.

16. Changes to our Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, or business practices.

When we make changes, we will update the “Last Updated” date at the top of this Privacy Policy. If the changes are material, we will provide notice through the Platform, by email, or by other reasonable means.

By continuing to use the Services after the effective date of the updated Privacy Policy, you agree to the revised terms. If you do not agree, you should stop using the Services.

17. How to contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of Personal Data, you can contact us at:

Trace Space, Inc.
111 NE 1st St, Suite: 88511, 8th Floor
Miami, FL 33132, USA

Email: privacy@trace.space

We will respond to requests within a reasonable timeframe and in accordance with applicable Data Protection Laws.

18. How to contact the appropriate authorities

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the right to lodge a complaint with a competent data protection authority if you believe that your Personal Data has been processed in violation of applicable Data Protection Laws.

A list of EU data protection authorities is available via the European Data Protection Board.

We encourage you to contact us first so we can try to resolve your concern directly.

19. Glossary

Capitalized terms used in this Privacy Policy have the meanings given in the Terms of Service, unless otherwise defined here.

“Services” means the software, software-as-a-service tools, functionality, and related services provided by Trace.Space, whether through the Platform, Cloud Software, or Self-Hosted Software, including requirements management, collaboration, and AI-powered features.

All other capitalized terms not defined in this Privacy Policy have the meanings assigned to them in the Terms of Service or any applicable agreement between you and Trace.Space.