Tracely
ENPTFRDE
Sign inSign up ->
Legal

Privacy Policy

Last updated: April 30, 2026

Overview

Tracely ("we", "our", or "us") provides a test automation and session recording platform consisting of a web application and a Chrome browser extension (the "Extension"). This Privacy Policy explains what data we collect, how we use it, how long we retain it, and your rights with respect to that data.

By installing the Extension or using the Tracely web application you agree to the practices described in this policy. If you do not agree, please uninstall the Extension and discontinue use of the platform.

Data We Collect

Account data

When you register, we collect your name, email address, and a hashed password. We never store your password in plain text.

Session recordings

When you start a recording via the Extension, it captures a video of the browser tab (WebM format), HTTP network requests and responses (URL, method, status code, headers, timing), JavaScript console output (log, warn, error levels), and JavaScript runtime errors. This data is transmitted to the Tracely API and stored in your workspace.

Network metadata

The Extension uses the Chrome Debugger API to intercept network activity on the active tab during a recording. Only requests made while the recording is active are captured. We do not monitor traffic outside of an active recording session.

Usage data

We may log API request metadata (endpoint, timestamp, response status) for security and operational purposes. We do not use third-party analytics SDKs or ad-tracking pixels.

Workspace data

Test suites, test runs, and associated results that you create or import (including from Azure DevOps) are stored in your workspace.

Chrome Extension Permissions

The Extension requests the following Chrome permissions and uses them solely for the purposes described:

tabsIdentify the active tab to attach the recorder and display the tab title in the session metadata.
activeTabLimit recording to the tab you explicitly selected — the Extension does not access other tabs.
debuggerAttach the Chrome Debugger API to capture network requests and console output on the active tab during a recording.
storagePersist your login token and recording state locally in Chrome, so you remain signed in across browser restarts.
offscreenRun the MediaRecorder API in an offscreen document to capture and encode the tab video stream.
scriptingInject a minimal script into the active tab to capture JavaScript errors that occur during recording.

The Extension does not access your browsing history, bookmarks, passwords, file system, or any tab other than the one you are actively recording.

How We Use Your Data

  • Provide and operate the Tracely platform and Extension.
  • Store and serve session recordings, test suites, and test runs within your workspace.
  • Authenticate your identity and protect your account.
  • Enforce plan limits (storage quotas, retention windows, seat counts).
  • Respond to support requests and resolve technical issues.
  • Send transactional emails (account creation, billing receipts). We do not send marketing emails without your explicit consent.

Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. We may share data only in these limited circumstances:

  • Infrastructure providers — cloud hosting, object storage, and database services used to run the platform. These providers process data on our behalf under data processing agreements.
  • Azure DevOps — if you configure ADO integration, test case data is fetched from Microsoft's API using a Personal Access Token you supply. We transmit only what is necessary for that sync and do not store your PAT in plain text.
  • Legal requirements — if required by law, court order, or to protect the rights and safety of Tracely or its users.

Data Retention

Session recordings and associated telemetry are automatically deleted after the retention period defined by your plan:

free7 days
pro30 days
team90 days

Account data is retained for as long as your account is active. Upon account deletion, all associated data is permanently removed within 30 days. You may request earlier deletion at any time (see Your Rights below).

Security

We take reasonable technical and organisational measures to protect your data:

  • All data in transit is encrypted using TLS 1.2 or higher.
  • Passwords are hashed using bcrypt before storage — we never store or transmit plain-text passwords.
  • Access to production data is restricted to authorised personnel only.
  • JWTs used for authentication are signed with HS256 and expire after the period configured in your environment.

No system is completely immune to breaches. If we become aware of a security incident affecting your data, we will notify you as required by applicable law.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — request deletion of your account and all associated data.
  • Restriction — ask us to limit how we process your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing where we rely on legitimate interests.

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

Cookies & Local Storage

The Tracely web application stores your session token in an httpOnly, Secure, SameSite=Lax cookie that is inaccessible to JavaScript. Non-sensitive profile data (name, email, role) and your active workspace selection are persisted in browser localStorage for convenience. No cross-site tracking cookies are set. The Extension uses chrome.storage.local for its own authentication — this data is local to your browser and is not accessible to websites you visit.

Children's Privacy

Tracely is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice in the application at least 14 days before they take effect. The "Last updated" date at the top of this page will always reflect the most recent revision. Continued use of Tracely after the effective date constitutes acceptance of the revised policy.

Contact

If you have questions, concerns, or requests relating to this Privacy Policy, please contact us at:

privacy@tracely.io

We aim to respond to all enquiries within 5 business days.