Last updated: March 6, 2026
AgentTraceHQ Oy ("AgentTraceHQ", "we", "us", or "our") operates the agenttracehq.com website and the AgentTraceHQ platform. This Privacy Policy describes how we collect, use, store, and share information when you use our services.
Account Information: When you register, we collect your name, email address, and authentication credentials (or OAuth tokens if you sign in via GitHub or Google).
Organization Data: Organization name, team member details, and role assignments you provide during onboarding.
Trace Data: The audit trail data your AI agents send through our SDK, including agent identifiers, actions, inputs, outputs, reasoning steps, timestamps, and any metadata you choose to include. You control what data your agents send to us.
Usage Data: We collect information about how you interact with our platform, including pages visited, features used, API call volumes, and session duration.
Payment Information: If you subscribe to a paid plan, payment details are collected and processed by Stripe. We do not store your full credit card number.
To provide, maintain, and improve the AgentTraceHQ platform and services.
To process and store audit trail data as instructed by you through our SDK and API.
To authenticate your identity and manage access to your organization.
To send transactional communications (account confirmations, security alerts, billing receipts).
To monitor platform performance, detect anomalies, and ensure service reliability.
To comply with legal obligations, including the EU AI Act and other applicable regulations.
All data is stored on servers located within the European Union (Hetzner Cloud, Finland/Germany).
Trace data is cryptographically hash-chained using SHA-256 to ensure tamper-proof integrity. Any modification to stored records is detectable through chain verification.
Data is encrypted in transit (TLS 1.2+) and at rest.
API keys are SHA-256 hashed before storage. The full key is displayed only once at creation and is never stored in plaintext.
We implement access controls, audit logging, and regular security reviews to protect your data.
Free plan: Trace data is retained for 7 days.
Team plan: Trace data is retained for 1 year.
Enterprise plan: Custom retention periods as agreed in your contract.
Account information is retained for as long as your account is active. Upon account deletion, we remove your personal data within 30 days, subject to legal retention requirements.
We do not sell your data to third parties.
We share data only with service providers necessary to operate the platform: Stripe (payment processing), MongoDB Atlas (database hosting), and Hetzner (infrastructure).
We may disclose data if required by law, regulation, or valid legal process.
If AgentTraceHQ is acquired or merged with another company, your data may be transferred to the successor entity. We will notify you of any such change.
As a data controller based in the EU (Finland), we comply with the General Data Protection Regulation (GDPR). You have the right to:
Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate personal data.
Erasure: Request deletion of your personal data ("right to be forgotten").
Portability: Request your data in a structured, machine-readable format.
Restriction: Request that we limit the processing of your data.
Objection: Object to processing based on legitimate interests.
To exercise any of these rights, contact us at privacy@agenttracehq.com.
We use essential cookies for authentication and session management. These are strictly necessary for the platform to function.
We do not use third-party advertising or tracking cookies.
Analytics cookies, if used, are anonymized and privacy-respecting.
Your data is primarily stored and processed within the EU. If data is transferred outside the EU (e.g., through third-party service providers), we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs).
AgentTraceHQ is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the platform. Continued use of the service after changes constitutes acceptance of the updated policy.
AgentTraceHQ Oy
Oulu, Finland
Email: privacy@agenttracehq.com
For GDPR inquiries or data subject requests, please use the email above.