TraceCover.
TraceCover.
Log InGet Started — Free

Privacy Policy

Last Updated: May 2026

At TraceCover, a trading name of Aktif Management Ltd ("we," "us," or "our"), we respect your privacy and are committed to protecting your personal data and the proprietary risk data of your clients.

1. Important Information and Who We Are

TraceCover operates as a B2B Software-as-a-Service (SaaS) provider. For legal and compliance purposes, Aktif Management Ltd (registered in England & Wales) is the controller and is responsible for your personal data. If you have any questions about this privacy policy, please contact our Data Privacy Manager at: privacy@tracecover.com.

2. What We Store and What We Never Store

We fundamentally separate Account Data from Processing Data to maintain our Zero-Retention Architecture.

A. What is Stored (Retained)

  • Comparison Results User Explicitly Saves: Any analysis output you click "Save Analysis" on, written to your secure PolicyVault.
  • Account Credentials: Securely encrypted using industry-standard AES-256 encryption.
  • Usage Counters & Logs: Comparison tracking metrics for plan enforcement and billing purposes only.

B. What is Never Stored (Zero-Retention Architecture)

When you upload documents into our AI Core Engine, they are processed in-memory and immediately destroyed. We never store:

  • Original expiring policy PDFs
  • Renewal quote PDFs
  • Any other uploaded documents or raw client text

3. Data Collection for Plan Enforcement

We collect Usage Counters strictly for plan enforcement (e.g., Starter vs Enterprise limits). We maintain a 24-month retention period for all usage and billing data, after which it is anonymized or deleted.

4. UK GDPR, GDPR & CCPA Compliance

TraceCover complies with the UK General Data Protection Regulation (UK GDPR), and where applicable, the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). You have the right to access, rectify, or erase your personal data at any time by contacting privacy@tracecover.com. We do not sell any personal or usage data to third parties under any circumstances.

5. How We Use Your Personal Data

We will only use your Account Data when the law allows us to. Most commonly, we use it to:

  • Perform the contract we have entered into with you
  • Manage your subscription and enforce plan billing
  • Notify you about critical security updates

6. Data Security & Infrastructure

We have implemented enterprise-grade security measures to prevent your data from being accidentally lost, altered, or accessed in an unauthorized way.

  • Encryption in Transit: TLS 1.2+ protocols
  • Encryption at Rest: AES-256 encryption
  • Access Control: Strict Role-Based Access Control (RBAC) with Row Level Security (RLS)
  • Infrastructure: Hosted on SOC2 Type II certified cloud infrastructure with enterprise-grade security controls

7. Data Retention

We will only retain your Account Data for as long as reasonably necessary to fulfill the purposes for which we collected it. If you cancel your TraceCover subscription, you may request complete deletion of your Account Data by contacting privacy@tracecover.com.

8. Data Breach Notification

In the event of a confirmed data breach affecting your account data, TraceCover will notify affected users within 72 hours of becoming aware of the breach, in accordance with UK GDPR Article 33 requirements. Notifications will be sent to the email address registered to your account.

9. Your Legal Rights

Depending on your jurisdiction, you possess specific rights regarding your personal data, including the right to:

  • Request Access: Receive a copy of your personal data
  • Request Correction: Correct incomplete or inaccurate data
  • Request Erasure: Ask us to delete your personal data where there is no good reason for continued processing
  • Withdraw Consent: Withdraw consent at any time where we rely on consent to process your data

To exercise any of these rights, please email privacy@tracecover.com.

10. Changes to the Privacy Policy

We may update this policy periodically to reflect changes to our architecture or regulatory requirements. We will notify active users of any material changes via email or a prominent notice within the TraceCover web application.