tracsio.

Privacy Policy

Last updated: April 27, 2026

This Privacy Policy explains how Cognityone Ltd ("Cognityone", "Tracsio", "we", "us", or "our") collects, uses, shares, and otherwise processes personal data when you visit our website, create an account, or use Tracsio and related services (collectively, the "Services").

If you have questions or want to exercise your privacy rights, you can contact us at privacy@tracsio.com.

1. Scope and relationship to other terms

This Policy applies to visitors, account holders, collaborators, and people who communicate with us. It should be read together with our Terms of Service and any separate written agreement we have with you or your organization.

If a customer submits personal data about third parties into a project, workspace, prompt, or generated resource, that customer is responsible for having the rights and notices needed to do so. Tracsio is not intended for storing special-category, highly sensitive, or regulated data unless we have agreed to that in writing.

2. Definitions

"Personal data" means information that identifies, relates to, describes, or could reasonably be linked to an identifiable person. "Customer data" means the content and information that you or your collaborators submit to Tracsio, including project content, onboarding answers, workspace data, generated resources, and collaborator details. "Service data" means operational data created through use of the Services, such as logs, usage events, billing status, and security telemetry.

3. Who is responsible for your data

Cognityone Ltd is the controller of personal data we process to run Tracsio, manage accounts and billing, communicate with users, secure the Services, and improve the product. Where we process customer data solely on behalf of an organization under a separate data processing agreement, we act as a processor or service provider according to that agreement.

4. Data we collect

We collect the following categories of data.

  • Account and authentication data, such as name, email address, login identifiers, authentication provider identifiers, session status, and account access information. Authentication is provided through Clerk. You can learn more about Clerk's handling of authentication and account data in Clerk's Privacy Policy.
  • Project and workspace data, such as project names and descriptions, startup or product ideas, problem statements, audiences, categories, stage, competitors, constraints, unique advantages, lean canvas content, experiment decisions, task status, workspace activity, collaborator email addresses, generated markdown resources, and related context.
  • AI input and output data, such as prompts, request context, workspace summaries, task descriptions, lean canvas summaries, generated resource documents, and AI response metadata needed to provide AI-assisted features.
  • Billing data, such as plan selection, subscription status, trial eligibility, checkout and billing portal activity, Stripe customer identifiers, invoice history, and payment status. Stripe processes payments and related transaction data directly. We do not intentionally collect or store full payment card numbers in Tracsio. You can learn more about Stripe's handling of payment and transaction data in Stripe's Privacy Policy.
  • Technical and usage data, such as IP address, approximate location derived from IP address, browser and device information, operating system, referring URLs, pages viewed, features used, timestamps, diagnostics, errors, analytics events, and security logs. We use tools such as PostHog and Vercel Analytics to understand and improve the Services.
  • Communications data, such as support messages, email content, contact details, feedback, survey responses, and other information you choose to send us.

5. Sources of data

We collect data directly from you, from your use of the Services, from your organization or collaborators, and from service providers that help us operate Tracsio. For example, Clerk may provide account identity information, Stripe may provide billing records, and analytics providers may provide usage reports.

6. How we use data

We use personal data to:

  • provide, secure, maintain, and debug the Services;
  • create and manage accounts, sessions, and access controls;
  • create, save, display, and synchronize projects, workspaces, collaborators, generated resources, and dashboard activity;
  • generate AI-assisted outputs, including lean canvas summaries, task descriptions, workspace summaries, and markdown resources;
  • process subscriptions, invoices, trials, and billing changes;
  • measure feature usage, diagnose performance, improve workflows, and prioritize product development;
  • communicate about your account, security, billing, support, product changes, legal notices, and policy updates;
  • detect, prevent, and investigate spam, fraud, abuse, security incidents, and violations of our terms;
  • comply with legal, tax, accounting, and regulatory duties.

7. Legal bases for processing

Where GDPR, UK GDPR, or similar laws apply, we rely on one or more of these legal bases:

  • Performance of a contract, when we provide the Services, manage accounts, process billing, and deliver support.
  • Legitimate interests, when we secure Tracsio, prevent abuse, analyze usage, improve the product, communicate with users, and operate our business in a way that does not override your rights.
  • Consent, when required for non-essential cookies, certain marketing communications, or optional processing.
  • Legal obligations, when we keep records, respond to lawful requests, or comply with tax, accounting, and regulatory rules.

8. AI processing

Tracsio uses AI systems to help turn your project context into summaries, experiment support, and generated resources. To provide these features, relevant project, onboarding, lean canvas, workspace, task, decision, and resource context may be sent to AI infrastructure providers such as OpenRouter and the underlying model providers used for a request.

AI requests are used to generate the output requested by you or your workspace. We do not sell your project data. We do not use customer project data to train our own public AI models. You should avoid submitting sensitive personal data, confidential third-party data, or regulated data to AI features unless you have the necessary rights and a clear business need to do so.

AI outputs may be inaccurate or incomplete. You are responsible for reviewing outputs before relying on them, publishing them, or using them in decisions about other people.

9. Automated decision-making

Tracsio does not use personal data for automated decision-making that produces legal or similarly significant effects about individuals. AI features are designed to assist users with product validation work, not to make eligibility, employment, credit, housing, insurance, or similarly significant decisions about people.

10. How we share data

We share personal data with service providers and subprocessors that help us run Tracsio. These providers may support authentication, database and backend infrastructure, hosting and delivery, analytics, AI processing, payments, communications, security, monitoring, and operational tooling.

Key providers currently include Clerk for authentication, Convex for backend and database infrastructure, Stripe for billing and payments, PostHog and Vercel Analytics for analytics, OpenRouter and relevant AI model providers for AI processing, and hosting and infrastructure providers used to deliver the website and product.

When you sign up, sign in, manage your session, or use account access features, relevant account and authentication information may be sent to Clerk or collected by Clerk directly. This may include your name, email address, authentication identifiers, session data, device and browser information, IP address, security signals, and related login activity needed to provide authentication, protect accounts, prevent abuse, and maintain access controls. Clerk processes this data under its own terms and privacy policy, available at clerk.com/privacy.

When you start checkout, manage a subscription, update a payment method, or access invoice history, relevant billing information may be sent to Stripe or collected by Stripe directly. This may include your name, email address, billing details, payment method details, tax information, transaction identifiers, subscription status, and usage or invoice information needed to process payments, prevent fraud, comply with financial obligations, and provide billing records. Stripe processes this data under its own terms and privacy policy, available at stripe.com/privacy.

We may also disclose data if required by law, to protect the rights and safety of users or third parties, to investigate abuse or security incidents, to enforce our terms, or as part of a merger, acquisition, financing, reorganization, or sale of assets.

11. No sale of personal data

We do not sell personal data. We also do not knowingly share personal data for cross-context behavioral advertising as that term is used under California privacy law. If our practices change, we will update this Policy and provide any required choices.

12. International transfers

Tracsio and its service providers may process data in countries other than where you live. When required, we rely on appropriate safeguards such as data processing agreements, contractual commitments, standard contractual clauses, and other legally recognized transfer mechanisms.

13. Data retention

We keep personal data for as long as needed to provide the Services, maintain your account, comply with legal and accounting obligations, resolve disputes, enforce agreements, and protect the Services. Customer data is generally kept while the account or workspace is active, unless deleted earlier by you or retained where required.

Operational logs and analytics data are retained for periods that are appropriate for security, debugging, analytics, and product improvement. Billing, tax, and accounting records may be retained for longer periods required by law. If you request deletion, we will delete or anonymize personal data unless we need to retain it for legitimate business, security, or legal reasons.

14. Security

We use reasonable technical and organizational measures designed to protect personal data, including access controls, authentication, encrypted transport, provider-level security controls, and limited internal access. We restrict access to personal data to people and systems that need it for the purposes described in this Policy.

No online service can guarantee absolute security. You should use a strong password or single sign-on protection, keep credentials confidential, and limit workspace access to trusted collaborators. If we become aware of a security incident involving your personal data, we will notify affected users or authorities when required by law.

15. Cookies and similar technologies

We use cookies, local storage, pixels, and similar technologies to operate and improve Tracsio. These technologies may include:

  • Essential technologies for login, session management, security, routing, and core product functionality.
  • Preference technologies that remember choices such as interface or consent settings.
  • Analytics technologies that help us understand visits, feature usage, performance, and errors.
  • Marketing technologies, if used, that help us understand campaign performance and communicate with interested users.

Where required, we will ask for your consent before using non-essential cookies. You can also control cookies through your browser settings. Blocking essential cookies may prevent parts of Tracsio from working correctly.

16. Communications

We may send transactional and administrative messages about your account, security, billing, product changes, and legal notices. You may opt out of non-essential marketing emails by using the unsubscribe link in those emails or by contacting us. Opting out of marketing will not stop service, security, billing, or legal messages.

17. Your privacy rights

Depending on where you live, you may have the right to access, correct, delete, restrict, or object to our processing of your personal data. You may also have the right to data portability, to withdraw consent, to opt out of certain processing, or to complain to a data protection authority.

To exercise these rights, contact us at privacy@tracsio.com. We may need to verify your identity before responding. We will not discriminate against you for exercising privacy rights.

18. Regional privacy disclosures

If you are located in the EEA, United Kingdom, or Switzerland, you may have the rights described above under GDPR, UK GDPR, or equivalent local laws. You may also have the right to lodge a complaint with your local supervisory authority.

If you are located in a U.S. state with a consumer privacy law, you may have rights to know, access, correct, delete, port, or opt out of certain processing of personal information, subject to legal limits. We do not sell personal information, and we do not knowingly process sensitive personal information for purposes that require a right to limit use under California law.

If you are located in Canada or another jurisdiction with applicable privacy laws, you may have similar rights to access, correct, or challenge our handling of your personal data.

19. Children

Tracsio is not intended for children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact us and we will take appropriate steps to remove it.

20. Third-party links and integrations

The Services may link to third-party websites, services, or integrations. Their privacy practices are governed by their own policies, not this Privacy Policy. We encourage you to review those policies before providing personal data to third parties.

21. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, legal requirements, or the Services. If we make material changes, we will take reasonable steps to notify you, such as updating the date above, posting a notice in the Services, or sending an email.

22. Contact

For privacy questions, requests, or complaints, contact Cognityone Ltd at privacy@tracsio.com.