trAIce
Template. This is a draft document provided as a starting point. Review with counsel before relying on it.

Privacy Policy

Effective: 2026-05-26

1. What this policy covers

This Privacy Policy describes how trAIce ("trAIce", "we") collects, uses, and shares information when you use the hosted dashboard and APIs backing the open-source llm-cost-meter package.

2. Information we collect

From you, when you sign in:

  • GitHub profile (name, email, avatar) — via OAuth, the minimum needed to authenticate
  • Workspace and API-key metadata you create

From your application, when you stream events:

  • Event payloads you choose to send: provider, model, feature, user ID, tenant ID, agent IDs, token counts, cost, latency, status, custom metadata
  • If you enable the optional eval-sampling feature: prompt and output text for a sampled fraction of events. Captured samples are deleted after 14 days.

We do not collect raw LLM prompt/output text unless you explicitly opt in.

3. How we use it

  • To operate the dashboard, alerts, and analytics you signed up for
  • To meter usage against your plan's monthly event quota
  • To fix bugs and prevent abuse (via error tracking and rate limiting)
  • To communicate about your account (welcome, alerts, billing receipts)

We do not sell your data, train models on it, or share it for advertising.

4. Subprocessors

We rely on these services to operate trAIce:

  • Vercel — application hosting
  • Supabase — Postgres database and authentication infrastructure
  • Sentry — error monitoring
  • Upstash — Redis-based rate limiting
  • Resend — transactional email
  • GitHub — OAuth identity provider for sign-in

5. Retention

Event records: retained for the period associated with your plan (Free 7 days, Starter 14 days, Pro 30 days, Team 90 days). Sampled prompts/outputs (if you opted in): 14 days. Audit logs: 12 months. Account records: deleted within 30 days of account deletion.

6. Your rights (GDPR / CCPA)

You can export all of your workspace data via Settings → Account → Export. You can delete your account and all associated data via Settings → Account → Delete. For other requests (correction, restriction, portability), contact us.

7. Security

API keys are stored as SHA-256 hashes — the raw key is never persisted. Data is encrypted at rest by Supabase and in transit via TLS. We follow the principle of least privilege for subprocessor access. We are not yet SOC 2 certified.

8. International transfers

Data is processed in the regions where our subprocessors operate (primarily the United States and the EU, depending on the provider).

9. Changes

We'll post material updates here and update the effective date. Continued use after changes constitutes acceptance.

10. Contact

Privacy questions: privacy@runtraice.com (placeholder — replace with your real address before launch).