Introduction and scope
This Privacy Policy explains how Tracore (“Tracore”, “we”, “us”) collects, uses, and protects personal data when you use the Tracore document-extraction service. It applies to our website, dashboard, and API. We process personal data in line with the EU General Data Protection Regulation (GDPR).
By creating an account or using the service, you accept the practices described here. If you do not agree, please do not use the service.
Who we are (controller identity)
Tracore is the data controller for the personal data described in this policy.
- Operator: Tracore
- Registered address: Marchlewskistr. 77, 10243 Berlin, Germany
- Contact: legal@tracore.io
Data we collect
We collect only the data needed to run the service:
- Account data — your email address, authentication credentials, and account settings, managed through our authentication provider.
- Documents — the files you upload for extraction, stored until you delete them.
- Extraction outputs — the structured data produced when your documents are processed against your schemas.
- Usage and log data — technical logs of API requests and processing jobs, used for operating and securing the service.
- Billing data — subscription status and the identifiers needed to manage your plan. Card details are handled by our payment processor; we do not store full card numbers (see Sub-processors).
- Aggregate analytics — we use Plausible, a privacy-friendly, cookieless analytics tool, to measure aggregate site usage. It sets no cookies, does not track you across other websites, and does not collect personal data that identifies you. See our Cookie Policy for details.
Purposes and legal basis
We process your data on the following legal bases under the GDPR:
- Performance of a contract — to provide the service you sign up for: account management, document processing, results delivery, and billing.
- Consent — where you actively opt in, for example by accepting these terms at signup, or by connecting your own third-party AI provider key.
- Legitimate interests — to secure the service, prevent abuse, keep operational logs, and improve reliability, balanced against your rights.
Data retention
- Account data is retained while your account is active.
- Documents are retained until you delete them.
- Operational logs are retained for 7 days.
When you delete data or close your account, we remove the associated data within a reasonable period, except where we must retain limited records to meet legal or billing obligations.
Sub-processors
We use a small set of third-party services to operate Tracore. The current list, their locations, and what each one does is published on our Sub-processors page. We commit to updating that list before adding a new sub-processor that processes your data.
International transfers
Documents are stored in the European Union and, by default, processed by an EU-based AI provider. Some of our sub-processors are located outside the EU. For those transfers we rely on the European Commission’s Standard Contractual Clauses (SCCs) or an equivalent safeguard.
If you connect your own OpenAI, Anthropic, or Google provider key, the extractions you run with that key are processed by those providers, which are based in the United States. We explain this in plain terms on our Data Residency page.
Your rights
Under the GDPR you have the right to:
- access the personal data we hold about you;
- request correction of inaccurate data (rectification);
- request deletion of your data (erasure);
- receive your data in a portable format (portability);
- object to certain processing;
- lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us at legal@tracore.io.
Security
We apply technical and organisational measures to protect your data, including encryption in transit, encryption of sensitive secrets at rest, and per-request tenant isolation. Our Security page describes these measures in detail.
Contact
For any privacy question or request, contact legal@tracore.io.
Changes to this policy
We may update this policy as the service evolves. When we make a material change to our Terms or Privacy Policy, we increment a version identifier and ask you to review and accept the updated terms the next time you sign in.