Last updated: March 30, 2026
Tract Intelligence LLC ("Tract," "we," "us") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information and case data when you use our Service at tract-ai.com.
Account information. When you create an account, we collect your name and email address through our authentication provider (Clerk). We do not collect or store passwords -- authentication is handled entirely by Clerk.
Case documents. When you upload documents to a case, we store those documents in encrypted storage (AWS S3) for the sole purpose of generating your compliance audit report. We do not read, review, or access your documents except through the automated analysis pipeline.
Payment information. Payment is processed by Stripe. We do not collect, store, or have access to your credit card number, bank account, or other payment credentials. We receive from Stripe: confirmation of payment, amount, and a transaction identifier.
Usage data. We collect: pages visited, features used, analysis runs initiated, and timestamps. We use this data to improve the Service and diagnose technical issues. We do not sell or share usage data with third parties.
Audit log. We maintain an immutable log of significant account actions (case creation, document upload, analysis runs, deletions) for security and compliance purposes. This log includes your user identifier, the action taken, a timestamp, and your IP address.
We use your information to: (a) provide and operate the Service; (b) process payments; (c) send transactional emails (analysis started, analysis complete, analysis failed); (d) respond to support requests; (e) maintain security and prevent fraud; (f) comply with legal obligations.
We do not use your information for: advertising, profiling, selling to third parties, or AI model training.
No model training. Your documents are processed through the Anthropic API to generate compliance analysis. Under Anthropic's API Terms of Service, API inputs and outputs are not used to train, improve, or fine-tune any AI model. We have verified this with Anthropic and maintain zero-data-retention configuration on our API usage.
Processing scope. Document content is sent to the Anthropic API only during active analysis runs. It is not stored by Anthropic after processing. The analysis results are stored in our systems as part of your case record.
Pipeline isolation. Each case is processed independently. No data from one case is used in the analysis of another case, even within the same account.
Encryption at rest. All documents and case data are encrypted at rest using AES-256 encryption on AWS S3.
Encryption in transit. All data transmitted between your browser and our servers, and between our servers and third-party services, is encrypted using TLS 1.2 or higher.
Access control. Each case is tied to a single authenticated user. Access is enforced at both the application layer (JWT verification) and the database layer (row-level ownership). No other user can access your cases.
Infrastructure. Our application runs on Railway (backend), Vercel (frontend), AWS S3 (document storage), and Databricks (AI pipeline). Each provider maintains their own security certifications. Authentication is handled by Clerk (SOC 2 Type II certified). Payments by Stripe (PCI DSS Level 1 certified).
Active data. Your case data is retained as long as your account is active.
Deletion. You may delete individual cases at any time through the Service. Deletion permanently removes the case record, all uploaded documents, all analysis results, and the generated report. Deleted data cannot be recovered.
Account deletion. You may request deletion of your entire account by contacting us at privacy@tract-ai.com. We will delete all account data, case data, and documents within 30 days of a verified request.
Inactive accounts. Accounts with no login activity for 24 months may be flagged for deletion. We will send 60 days written notice before deleting inactive account data.
Audit log retention. Audit log entries are retained for 7 years for compliance purposes, even after account or case deletion. Audit logs contain action metadata (who, what, when) but do not contain document content.
We share data with the following service providers, solely for the purpose of operating the Service:
Clerk -- Authentication. Receives: name, email. Privacy policy.
Stripe -- Payment processing. Receives: email, payment amount. Privacy policy.
Anthropic -- AI analysis. Receives: document content during analysis only. Zero-data-retention configuration. Privacy policy.
AWS -- Document storage. Receives: encrypted document files. Privacy policy.
Resend -- Transactional email. Receives: email address, case name (for notification emails only). Privacy policy.
We do not sell, rent, or share your personal information with any other third party.
Under California law (CCPA/CPRA), you have the right to: (a) know what personal information we collect; (b) request deletion of your personal information; (c) opt out of the sale of personal information (we do not sell personal information); (d) non-discrimination for exercising your rights.
To exercise any of these rights, contact us at privacy@tract-ai.com.
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use after changes take effect constitutes acceptance.
Privacy inquiries: privacy@tract-ai.com
Tract Intelligence LLC
Carlsbad, CA 92009