Veybyte Labs
Terms Health Consent Delete Account Contact

Traceora

Privacy Policy

This Privacy Policy explains how Traceora collects, uses, stores, shares, and protects account, health-related, and technical information in the app.

1. Who We Are and Scope

Traceora is published by Veybyte Labs and operated by Nexoria Labs LLC, registered in Wyoming, USA. This Policy applies to the Traceora mobile app, backend API, app-specific legal pages, support requests, and related app communications. For app support, contact [email protected]. For privacy or legal requests, contact [email protected].

2. Important Health Privacy Note

Traceora is a consumer journaling app, not a healthcare provider, health plan, healthcare clearinghouse, or business associate acting for one. Information you enter into Traceora may not be protected by HIPAA. Other privacy, consumer protection, health breach notification, and data protection laws may still apply.

3. Information You Provide

  • Account information, such as email address, authentication identifiers, account status, and password reset events.
  • Profile information, such as display name, gender or demographic choices, onboarding status, and app preferences.
  • Symptom logs, severity ratings, lifestyle variables, activity logs, sleep or exercise values, notes, dates, and times.
  • Optional health or activity information you choose to import from device health services or platform permissions.
  • Support communications, feedback, bug reports, requests, and any attachments or details you send to us.
  • Legal consent records, including accepted Terms, Privacy Policy, Health Data Consent versions, and timestamps.

4. Information Generated by the App

  • Pattern summaries, correlations, lag calculations, confidence scores, charts, and derived insight text.
  • Export files you create, such as CSV or PDF summaries, which may contain health-related data.
  • Operational records such as request timing, rate-limit events, backend logs, error details, and security events.
  • Ad delivery records generated by advertising providers when ads are displayed in the free version of the app.

5. Information Collected Automatically

We may collect technical information needed to operate, secure, debug, and improve Traceora, such as IP address, device or browser metadata, app version, operating system, timestamps, API request metadata, crash or error information, and approximate region inferred from network data. We do not use health-related app data for advertising.

6. How We Use Information

  • To create and manage accounts, authenticate users, send password reset emails, and provide support.
  • To store symptom, lifestyle, note, and optional health import data you choose to enter or authorize.
  • To generate charts, exports, pattern summaries, and plain-language insight text from your own logged data.
  • To maintain consent records and show updated legal terms when versions change.
  • To secure the app, prevent abuse, enforce rate limits, investigate errors, and protect users and systems.
  • To comply with legal, tax, regulatory, platform, security, and operational requirements.
  • To show ads in the free version of Traceora, measure basic ad delivery, prevent ad fraud, and manage frequency capping. We do not use health-related app data for personalized ads or ad targeting.

7. Legal Bases for International Users

Where GDPR, UK GDPR, Saudi PDPL, or similar laws apply, we process personal information based on one or more legal bases, including your consent for health-related data, performance of the service you request, legitimate interests such as security and service improvement, compliance with legal obligations, and protection of vital interests in limited circumstances.

8. Health Data and AI Processing

Traceora may process health-related information you enter or import. Pattern insights are generated from your own logs and are for personal journaling only. When AI providers are used to transform statistical patterns into plain language, we send only the structured pattern information needed to generate the wording, not your full account history unless necessary for the feature. AI output is not medical advice.

9. Advertising and AdMob

Traceora may show ads in the free version of the app using Google AdMob or similar advertising services. We use contextual or non-personalized ads for Traceora and do not use your symptom logs, health imports, notes, pattern insights, or other health-related app data to target ads. Advertising providers may process device identifiers, advertising IDs, IP address, approximate location, app information, ad delivery metadata, ad views or taps, and fraud-prevention signals to deliver ads, measure performance, cap frequency, prevent fraud, and comply with their obligations. You can limit ad tracking or reset advertising identifiers through your device settings where available.

10. Service Providers

We use service providers to operate Traceora, including Supabase for authentication and database services, Render for backend hosting, Resend for transactional email, Anthropic for limited AI-assisted insight wording, and Apple or Google platform services where you use the app on their devices or stores. These providers may process information only as needed to provide, secure, troubleshoot, or support app services, subject to their contracts, policies, and applicable law.

11. Sharing, Sale, and Advertising

We do not sell your personal health information. We do not share health-related app data with advertisers. We do not use health-related app data for targeted advertising. We may disclose information to service providers, to comply with law, to protect rights and safety, during a business transfer, with your direction or consent, or as otherwise described in this Policy.

12. Security

We use safeguards such as authentication, row-level access controls, restricted service credentials, rate limiting, transport encryption, provider access controls, and separation between client and backend secrets. No system is perfectly secure. You are responsible for protecting your device, email account, password, and any exported files you create from Traceora.

13. Retention

We keep account and app data while your account is active or as needed to provide Traceora. If you delete your account, we intend to remove your account and app data from active systems, subject to limited backup, security, fraud-prevention, legal, dispute, accounting, and operational retention. Backup copies may persist for a limited time before deletion or overwrite.

14. Your Choices and Rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, object to, or withdraw consent for certain processing. You can use in-app features to export data or delete your account where available. You may also contact [email protected]. We may need to verify your identity before fulfilling a request.

15. Account Deletion and Consent Withdrawal

You can delete your account in the app. Because Traceora's core function requires health-related logs, withdrawing consent for health-related processing may require account deletion. Deleting the app from your device does not automatically delete your server-side account or stored app data.

16. Device Permissions and Exports

Optional device health imports require permissions controlled by your device or platform. You can change those permissions in device settings. Exported CSV or PDF files may contain sensitive health-related data; once exported, you are responsible for storing, sharing, or deleting those files securely.

17. International Transfers

We and our providers may process information in the United States and other countries. Those countries may have privacy laws different from your location. Where required, we use appropriate safeguards for transfers of personal information.

18. Children

Traceora is not intended for children under 13 and is not directed to children. If your jurisdiction requires a higher minimum age or parental consent for digital services or health-related data, you must meet that requirement before using Traceora. Contact us if you believe a child provided personal information.

19. Legal Requests and Safety Disclosures

We may disclose information if required by law, subpoena, court order, regulator request, app store process, or to protect rights, safety, users, security, and the integrity of Traceora. We will assess such requests under applicable law.

20. Breach Notifications

If we discover a security incident involving personal or health-related information, we will assess it and provide notices where required by applicable breach notification laws, including health breach notification rules that may apply to consumer health apps.

21. Changes to This Policy

We may update this Policy as Traceora, providers, laws, or platform requirements change. Material changes may require you to review and accept updated terms in the app. The effective date below shows when this version became effective.

22. Contact

Support: [email protected]
Privacy/legal: [email protected]

Effective date: June 28, 2026

© 2026 Veybyte Labs. All rights reserved.

Operated by Nexoria Labs LLC. Registered in Wyoming, USA.

Privacy Terms Health Consent Delete Account