Privacy Policy

Effective July 19, 2026

EngTrace (“EngTrace,” “we,” “us”) is a permanent decision log for hardware engineering teams. This policy explains what information we collect when you use EngTrace, why we collect it, who we share it with, and the choices you have. It applies to engtrace.com and the EngTrace application.

1. Information we collect

Account information. When you create an account, we (through our authentication provider, Supabase) collect your email address and a securely hashed password — we never see or store your password in plain text. If you sign in with Google or GitHub instead, we receive the email address and basic profile information those providers share with us. You may optionally add a username (which, if set, makes a read-only portfolio page public at /portfolio/your-username) and a profile picture.

Approximate location. We record the approximate location (city/region/country, derived from your IP address — never precise coordinates or GPS data) of the request that created your account, and of your most recent sign-in. This is shown back to you in Account Settings, and exists purely so you can notice if someone else has signed in to your account. We do not log a full history of every sign-in location — only the most recent one.

Content you provide. EngTrace is built to store the engineering content you choose to put into it: projects, decision records (what was decided, why, and any calculations), and files you upload — datasheets (PDF), Gerber/PCB manufacturing files, source code files, KiCad schematics, and whiteboard/stickyboard drawings and images. This content is yours; we store it so the product can function, not to make use of it ourselves.

What we don’t collect. We do not use third-party advertising trackers, and we do not currently run any analytics tooling — the “analytics” storage option in your cookie preferences exists ahead of any such tooling being wired up, and is not doing anything yet even if enabled. If that changes, this policy will be updated first.

2. How we use your information

  • To create and secure your account, and let you sign in.
  • To operate the core product: storing, displaying, and letting you edit and export your projects, decisions, and uploaded files.
  • To let you notice unauthorized access to your account, via the account-creation and last-sign-in location shown in Settings.
  • To respond to you when you contact us for support.
  • To detect, prevent, and investigate abuse, fraud, or violations of our terms.

3. The AI assistant (Tracy)

EngTrace includes an optional in-app assistant. When our OpenAI integration is configured, messages you send it — along with relevant context from your projects and decisions needed to answer your question — are sent to OpenAI’s API to generate a response, subject to OpenAI’s own privacy policy. When that integration isn’t configured, the assistant falls back to a local, rule-based responder that never sends anything outside of EngTrace. Either way, using the assistant is optional — it never runs on your content unless you open the chat and send it a message.

4. Cookies and local storage

EngTrace keeps you signed in using your browser’s local storage, not a traditional tracking cookie — this is “necessary” storage and can’t be turned off without also signing you out. You can accept or reject an “analytics” storage category from the cookie banner or the “Cookie preferences” link in the footer at any time; as noted above, it currently gates nothing, since no analytics are wired up yet.

5. Who we share information with

We don’t sell your information. We share it only with the service providers that run EngTrace itself:

  • Supabase — our database, file storage, and authentication provider. All account and content data described above is stored with Supabase.
  • Vercel — our hosting provider, whose edge network is also the source of the approximate location described in Section 1.
  • OpenAI — only when you use the AI assistant and our OpenAI integration is enabled, as described in Section 3.
  • Google / GitHub — only if you choose to sign in with one of those providers, in which case they act as your identity provider for that sign-in.

We may also disclose information if required by law, or to protect the rights, safety, or property of EngTrace or our users.

6. Data retention

We retain your account and content for as long as your account is active. If you delete a project, decision, or file, it’s removed from our active database; associated storage objects are removed on the same request. If you’d like your account and all associated content permanently deleted, contact us (Section 12) and we’ll do so, other than what we’re required to retain for legal or accounting purposes.

7. Your rights and choices

  • Access and correct your account information (profile picture, username, password) at any time from Account Settings.
  • See the approximate location on file for your account creation and most recent sign-in, also in Account Settings.
  • Manage cookie/storage preferences from the footer at any time.
  • Request deletion or an export of your account and content by emailing privacy@engtrace.com.

Depending on where you live, you may have additional rights under laws like the GDPR or CCPA — including the right to object to or restrict certain processing. Contact us and we’ll do our best to help.

8. Security

Your content is access-controlled at the database level, so it’s only readable by your account (or, for a public portfolio, only the fields you’ve explicitly chosen to make public). Passwords are hashed by Supabase Auth and never stored or logged in plain text by us. No method of transmission or storage is perfectly secure, but we work to protect your information using industry-standard practices.

9. Children’s privacy

EngTrace is not directed at children, and we do not knowingly collect information from anyone under 16. If you believe a child has provided us with personal information, contact us and we’ll delete it.

10. International data transfers

Our service providers (Section 5) operate infrastructure in the United States and other countries, so your information may be processed outside the country you live in. Where required, we rely on those providers’ own safeguards for cross-border transfers.

11. Changes to this policy

If we make material changes to this policy, we’ll update the effective date above and, for significant changes, make a reasonable effort to notify you directly (for example, by email or an in-app notice).

12. Contact us

Questions about this policy, or requests regarding your data? Email us at privacy@engtrace.com.

EngTrace uses essential storage to keep you signed in. With your permission, it can also use analytics storage to understand how the app is used.