1. Who We Are and Scope
Traceora is published by Veybyte Labs and operated by Nexoria Labs LLC, registered in Wyoming, USA.
This Policy applies to the Traceora mobile app, backend API, app-specific legal pages, support requests,
and related app communications. For app support, contact [email protected].
For privacy or legal requests, contact [email protected].
2. Important Health Privacy Note
Traceora is a consumer journaling app, not a healthcare provider, health plan, healthcare clearinghouse,
or business associate acting for one. Information you enter into Traceora may not be protected by HIPAA.
Other privacy, consumer protection, health breach notification, and data protection laws may still apply.
3. Information You Provide
- Account information, such as email address, authentication identifiers, account status, and password reset events.
- Profile information, such as display name, gender or demographic choices, onboarding status, and app preferences.
- Symptom logs, severity ratings, lifestyle variables, activity logs, sleep or exercise values, notes, dates, and times.
- Optional health or activity information you choose to import from device health services or platform permissions.
- Support communications, feedback, bug reports, requests, and any attachments or details you send to us.
- Legal consent records, including accepted Terms, Privacy Policy, Health Data Consent versions, and timestamps.
4. Information Generated by the App
- Pattern summaries, correlations, lag calculations, confidence scores, charts, and derived insight text.
- Export files you create, such as CSV or PDF summaries, which may contain health-related data.
- Operational records such as request timing, rate-limit events, backend logs, error details, and security events.
- Ad delivery records generated by advertising providers when ads are displayed in the free version of the app.
5. Information Collected Automatically
We may collect technical information needed to operate, secure, debug, and improve Traceora, such as IP
address, device or browser metadata, app version, operating system, timestamps, API request metadata,
crash or error information, and approximate region inferred from network data. We do not use health-related
app data for advertising.
6. How We Use Information
- To create and manage accounts, authenticate users, send password reset emails, and provide support.
- To store symptom, lifestyle, note, and optional health import data you choose to enter or authorize.
- To generate charts, exports, pattern summaries, and plain-language insight text from your own logged data.
- To maintain consent records and show updated legal terms when versions change.
- To secure the app, prevent abuse, enforce rate limits, investigate errors, and protect users and systems.
- To comply with legal, tax, regulatory, platform, security, and operational requirements.
- To show ads in the free version of Traceora, measure basic ad delivery, prevent ad fraud, and manage frequency capping. We do not use health-related app data for personalized ads or ad targeting.
7. Legal Bases for International Users
Where GDPR, UK GDPR, Saudi PDPL, or similar laws apply, we process personal information based on one or
more legal bases, including your consent for health-related data, performance of the service you request,
legitimate interests such as security and service improvement, compliance with legal obligations, and
protection of vital interests in limited circumstances.
8. Health Data and AI Processing
Traceora may process health-related information you enter or import. Pattern insights are generated from
your own logs and are for personal journaling only. When AI providers are used to transform statistical
patterns into plain language, we send only the structured pattern information needed to generate the wording,
not your full account history unless necessary for the feature. AI output is not medical advice.
9. Advertising and AdMob
Traceora may show ads in the free version of the app using Google AdMob or similar advertising services.
We use contextual or non-personalized ads for Traceora and do not use your symptom logs, health
imports, notes, pattern insights, or other health-related app data to target ads. Advertising providers may
process device identifiers, advertising IDs, IP address, approximate location, app information, ad delivery
metadata, ad views or taps, and fraud-prevention signals to deliver ads, measure performance, cap frequency,
prevent fraud, and comply with their obligations. You can limit ad tracking or reset advertising identifiers through your device settings where
available.
10. Service Providers
We use service providers to operate Traceora, including Supabase for authentication and database services,
Render for backend hosting, Resend for transactional email, Anthropic for limited AI-assisted insight wording,
and Apple or Google platform services where you use the app on their devices or stores. These providers may
process information only as needed to provide, secure, troubleshoot, or support app services, subject to
their contracts, policies, and applicable law.
11. Sharing, Sale, and Advertising
We do not sell your personal health information. We do not share health-related app data with advertisers.
We do not use health-related app data for targeted advertising. We may disclose information to service
providers, to comply with law, to protect rights and safety, during a business transfer, with your direction
or consent, or as otherwise described in this Policy.
12. Security
We use safeguards such as authentication, row-level access controls, restricted service credentials,
rate limiting, transport encryption, provider access controls, and separation between client and backend
secrets. No system is perfectly secure. You are responsible for protecting your device, email account,
password, and any exported files you create from Traceora.
13. Retention
We keep account and app data while your account is active or as needed to provide Traceora. If you delete
your account, we intend to remove your account and app data from active systems, subject to limited backup,
security, fraud-prevention, legal, dispute, accounting, and operational retention. Backup copies may persist
for a limited time before deletion or overwrite.
14. Your Choices and Rights
Depending on where you live, you may have rights to access, correct, delete, export, restrict, object to,
or withdraw consent for certain processing. You can use in-app features to export data or delete your account
where available. You may also contact [email protected].
We may need to verify your identity before fulfilling a request.
15. Account Deletion and Consent Withdrawal
You can delete your account in the app. Because Traceora's core function requires health-related logs,
withdrawing consent for health-related processing may require account deletion. Deleting the app from your
device does not automatically delete your server-side account or stored app data.
16. Device Permissions and Exports
Optional device health imports require permissions controlled by your device or platform. You can change
those permissions in device settings. Exported CSV or PDF files may contain sensitive health-related data;
once exported, you are responsible for storing, sharing, or deleting those files securely.
17. International Transfers
We and our providers may process information in the United States and other countries. Those countries may
have privacy laws different from your location. Where required, we use appropriate safeguards for transfers
of personal information.
18. Children
Traceora is not intended for children under 13 and is not directed to children. If your jurisdiction requires
a higher minimum age or parental consent for digital services or health-related data, you must meet that
requirement before using Traceora. Contact us if you believe a child provided personal information.
19. Legal Requests and Safety Disclosures
We may disclose information if required by law, subpoena, court order, regulator request, app store process,
or to protect rights, safety, users, security, and the integrity of Traceora. We will assess such requests
under applicable law.
20. Breach Notifications
If we discover a security incident involving personal or health-related information, we will assess it and
provide notices where required by applicable breach notification laws, including health breach notification
rules that may apply to consumer health apps.
21. Changes to This Policy
We may update this Policy as Traceora, providers, laws, or platform requirements change. Material changes
may require you to review and accept updated terms in the app. The effective date below shows when this
version became effective.
22. Contact
Support: [email protected]
Privacy/legal: [email protected]
Effective date: June 28, 2026