Now accepting organizations into the beta. Request access

Privacy Policy

Effective date: April 2, 2026

This Privacy Policy explains how TraceReach LLC ("TraceReach," "we," "us," or "our") collects, uses, and shares information when you use tracereach.org, TraceReach Studio, and TraceReach Drop.

If you have questions about this Privacy Policy or our data practices, contact us at privacy@tracereach.org.

1. Who we are

TraceReach is operated by TraceReach LLC, located at 8 The Green STE B, Dover, DE 19901, United States.

2. Information we collect

We may collect:

  • Account and contact information, such as name, email address, organization name, and role
  • Organization and campaign information you provide through TraceReach Studio
  • QR code, link, and scan activity connected to campaigns and materials
  • Field data submitted through TraceReach Drop, including GPS location, timestamps, and photos tied to drops
  • Device, browser, and app usage information used to operate, secure, and improve the service
  • Support communications and attachments you send us

3. How we use information

We use information to:

  • Provide and operate TraceReach
  • Link scans, drops, campaigns, materials, and locations
  • Display reporting and performance insights
  • Coordinate users, pins, and access within organizations
  • Respond to support requests
  • Secure the service, prevent misuse, and troubleshoot issues
  • Improve the product

4. How we share information

We may share information:

  • Within your organization, based on account permissions
  • With service providers that help us host, secure, support, and operate TraceReach
  • When required by law or to protect rights, safety, or the service
  • In connection with a merger, acquisition, financing, or sale of assets

5. Data retention

We retain information for as long as needed to provide the service, comply with legal obligations, resolve disputes, enforce agreements, and maintain security and operational records. Retention periods may vary depending on the type of data and the customer relationship.

6. Account deletion and data deletion

If you request deletion of an account, we will delete or de-identify personal data associated with that account, subject to any legal, security, fraud-prevention, backup, or operational retention needs. To request account or data deletion, visit https://tracereach.org/delete-account or email privacy@tracereach.org.

7. Security

We use reasonable administrative, technical, and organizational measures to protect information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Data sovereignty

Your campaign data does not flow to Google, Amazon, Microsoft, Apple, or Meta. We do not use cloud or managed services from any of those companies to store, process, or transmit your data. The pieces a platform usually rents from them, the database, sign-ins, file storage, maps, and URL redirects, all run on a server we operate ourselves. The list below names each one so you can check it.

Specifically:

  • Hosting: Your campaign data is stored on a dedicated server hosted by Hetzner in Germany, a European infrastructure provider subject to EU data protection law. Not AWS, not Google Cloud, not Azure.
  • Database: Self-hosted PostgreSQL. Not a managed cloud database.
  • Authentication: Self-hosted authentication system. Not Firebase, Cognito, Auth0, or any third-party identity platform.
  • Analytics: We do measure how the site and product get used. We run our own analytics on our own server, under our own domain, and that usage data stays there. It is never sent to Google Analytics or any other third-party analytics, advertising, or data-broker company.
  • Maps: OpenStreetMap for map data and rendering, not Google Maps or Apple Maps. Device location comes from your own phone.
  • File storage: Photos stored on our own server filesystem. Not S3, Google Cloud Storage, Azure Blob, or any cloud storage bucket.
  • URL redirects: Our own redirect server on our own hardware. Not Bitly or any third-party redirect service.
  • Fonts and assets: The fonts and images on this site are served from our own domain, not Google Fonts or a big tech CDN. You can confirm it: open your browser's network tab and watch where this page loads from.
  • No ad or data-broker networks: We do not load any third-party advertising, tracking, or data-brokering services. The only usage measurement is our own, described above.

Most software platforms, including most privacy-focused ones, still depend on AWS, Google Cloud, or Azure for hosting, storage, or managed services. TraceReach does not. When you upload a photo, record a drop, or view a dashboard, that data goes to hardware we control in a known location. It does not pass through infrastructure owned by a company that also operates an advertising network or consumer data marketplace.

We built it this way on purpose. The organizations that use TraceReach run field operations in sensitive contexts. Their data should stay where they expect it to stay.

9. Your choices and rights

Depending on where you are located, you may have rights to access, correct, delete, or restrict certain personal information. To make a request, contact privacy@tracereach.org.

10. Children's privacy

TraceReach is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version on this page and update the effective date above.

12. Contact

Privacy questions, data requests, and account deletion:

TraceReach LLC
8 The Green STE B
Dover, DE 19901
United States
privacy@tracereach.org
+1 (339) 221-7920

Account deletion: /delete-account