Privacy Policy
The short version: Coretrace collects only the data necessary to run your win/loss interview program. We never sell your data. You can request deletion of your data at any time by emailing hello@coretrace.ai.
1. Who We Are
Coretrace ("Coretrace," "we," "us," or "our") operates the website at coretrace.ai and the application at app.coretrace.ai. Coretrace is a B2B SaaS platform that enables companies to conduct AI-powered win/loss interviews with their customers.
This Privacy Policy explains how we collect, use, store, and protect information when you use our services, and what choices you have regarding your data.
If you have questions about this policy, please contact us at hello@coretrace.ai.
2. Information We Collect
We collect information in three ways: information you provide to us directly, information collected automatically, and information provided on behalf of your contacts.
Account Information
When you register for a Coretrace account, we collect:
- Your name and email address
- Password (stored as a salted hash; we never store plain-text passwords)
- Organization or company name (if provided)
- Billing information (processed by our payment processor; we do not store raw card data)
Contact Lists
To conduct win/loss interviews, you upload contact information about your customers and prospects. This typically includes:
- First and last name
- Email address
- Deal outcome (won, lost)
- Any additional fields you include in your CSV upload (e.g., company name, deal size, close date)
You are responsible for ensuring you have the appropriate basis to share this contact information with us and to reach out to these individuals on your behalf.
Interview Response Data
When your contacts participate in an AI-powered interview, we collect:
- Text responses entered during the interview
- Voice recordings and transcriptions (if the respondent uses voice input)
- Metadata such as interview start time, completion status, and duration
Usage Data
We automatically collect certain data about how you interact with the Coretrace application, including pages visited, features used, and general session activity. This is used to improve the product and is collected via PostHog (see Third-Party Services).
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Coretrace platform
- Send interview invitations and follow-up reminders to your contacts on your behalf
- Process interview responses and generate AI-powered insights, themes, and summaries
- Authenticate users and manage account security
- Communicate with you about your account, new features, and product updates
- Respond to support requests and inquiries
- Analyze aggregate usage patterns to improve the product
- Comply with legal obligations
We do not use your interview data or your contacts' data to train AI models for purposes outside of your own project analysis.
4. AI Processing
Coretrace uses artificial intelligence to power several core features of the platform. Here is how AI interacts with your data:
Conversational Interviews
The AI interview agent conducts live, adaptive conversations with your contacts. Interview responses — whether entered as text or spoken aloud — are processed in real time by AI language models to generate follow-up questions and guide the conversation.
Voice Transcription
If a respondent uses voice input, their spoken audio is transcribed to text. The transcription is stored alongside the interview record. We do not retain raw audio recordings beyond what is required to complete the transcription.
Insight and Theme Generation
After interviews are collected, AI models analyze the responses to produce summaries, extract recurring themes, identify win/loss patterns, and surface notable quotes. These outputs are linked back to their source responses so you can verify every insight.
AI Providers
AI processing is performed using services from OpenAI and Anthropic. When interview content is sent to these providers for processing, it is subject to their data processing agreements in addition to this policy. We use these providers under data processing agreements that restrict them from using your data to train their general models. See Third-Party Services for more detail.
5. Third-Party Services
Coretrace relies on the following third-party service providers to operate the platform. Each provider processes data only as necessary to fulfill their function and is bound by appropriate data processing agreements.
Supabase — Database and authentication. Your account data, contact lists, and interview records are stored in Supabase. Data is hosted in the United States. Supabase Privacy Policy
Resend — Transactional email delivery. Used to send interview invitations, reminders, and account-related emails to your contacts and to you. Resend Privacy Policy
PostHog — Product analytics and session recording. Used to collect usage analytics and session recordings to help us understand how the product is used and where to improve it. Session recordings in the application are enabled for platform users (authenticated dashboard) to help us debug and improve the product. On respondent-facing pages (interview and opt-out pages), session recording is enabled with all inputs and text fully masked so that interview content is never captured. PostHog does not receive raw interview data or your contacts' personal information. PostHog Privacy Policy
OpenAI — AI language model processing. Used for conversational interview generation and insight extraction. Data sent to OpenAI is processed under a data processing agreement and is not used to train OpenAI's general models. OpenAI Privacy Policy
Anthropic — AI language model processing. Used for insight generation and theme extraction. Data sent to Anthropic is processed under a data processing agreement and is not used to train Anthropic's general models. Anthropic Privacy Policy
Google — OAuth authentication. If you sign in using Google, we receive your name, email address, and profile picture from Google to create or authenticate your account. We do not receive access to your Google account beyond what you explicitly authorize. Google Privacy Policy
Vercel — Application hosting and serverless function execution. The Coretrace application is hosted on Vercel infrastructure. Vercel processes request data (IP addresses, headers) as part of serving the application. Vercel Privacy Policy
6. Data Storage and Security
All data is stored in the United States using Supabase, which is built on AWS infrastructure. We implement the following security practices:
- All data is encrypted in transit via TLS
- Passwords are hashed using industry-standard algorithms
- Row-level security policies restrict access to your data to authorized users only
- Access to production systems is limited to authorized personnel
- Authentication sessions use secure, short-lived tokens
While we take reasonable precautions to protect your data, no method of electronic storage or transmission over the internet is 100% secure. We cannot guarantee absolute security.
7. Cookies and Tracking
Coretrace uses a minimal set of cookies and similar technologies.
Authentication Cookies
When you sign in to the application at app.coretrace.ai, we set a session cookie to keep you authenticated. This cookie is essential for the application to function and cannot be disabled. It expires when your session ends or after a fixed period of inactivity.
Analytics and Session Recording Cookies
On coretrace.ai and in the application, we use PostHog to collect usage analytics and session recordings. PostHog may set first-party cookies to track sessions. On respondent-facing pages (interview and opt-out pages), session recording runs with all inputs and visible text fully masked to protect the privacy of interview participants. No interview content is captured in session recordings. You may opt out of analytics tracking by using a browser extension that blocks JavaScript-based analytics.
We do not use advertising cookies, cross-site tracking cookies, or any cookies set by ad networks.
8. Data Retention
We retain your data for as long as your account is active and as required to provide the service.
- Account data (name, email, settings) is retained for the lifetime of your account.
- Contact lists and interview data are retained per the settings of the project they belong to. When a project is deleted, associated contact and interview data is deleted as well.
- Voice transcription data is retained as part of the interview record. Raw audio is not retained beyond the transcription step.
- Billing records may be retained for longer periods as required by law.
When you delete your account, we will delete your personal data and your organization's data within 30 days, except where retention is required by law or for legitimate business purposes such as dispute resolution.
9. Data Sharing and Sales
We do not sell your personal data or your contacts' personal data to any third party. Ever.
We share data only in the following limited circumstances:
- Service providers: We share data with the third-party providers listed in Section 5 solely to operate the platform.
- Legal requirements: We may disclose data if required to do so by law, regulation, legal process, or governmental request.
- Protection of rights: We may disclose data when we believe disclosure is necessary to protect the rights, property, or safety of Coretrace, our users, or others.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
10. Your Rights
You have the following rights with respect to your personal data:
- Access: You can request a copy of the personal data we hold about you.
- Correction: You can update your account information at any time within the application, or request corrections by contacting us.
- Deletion: You can request deletion of your account and associated data by emailing hello@coretrace.ai.
- Portability: You can export your interview data and transcripts from the application at any time.
- Objection: You can object to certain types of processing of your data, subject to applicable law.
To exercise any of these rights, email us at hello@coretrace.ai. We will respond to verified requests within 30 days.
If you are a contact who has received an interview invitation from a Coretrace customer, your data is held on behalf of that customer. To request deletion or access, you may contact us at the same address and we will coordinate with the relevant customer.
11. GDPR and CCPA
General Data Protection Regulation (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following applies:
- Our legal basis for processing your personal data is typically contractual necessity (to provide the service you signed up for) or legitimate interests (such as improving the product).
- You have the right to lodge a complaint with your local supervisory authority.
- Data transfers to the United States are conducted in accordance with applicable data transfer mechanisms.
- To exercise your GDPR rights, contact us at hello@coretrace.ai.
California Consumer Privacy Act (CCPA)
If you are a California resident, you have additional rights under the CCPA:
- Right to Know: You may request disclosure of the categories and specific pieces of personal data we collect, the sources, our purposes for collecting it, and the categories of third parties with whom we share it.
- Right to Delete: You may request deletion of personal data we have collected from you, subject to certain exceptions.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
- Do Not Sell: We do not sell personal information as defined under the CCPA.
To submit a CCPA request, email us at hello@coretrace.ai.
12. Children's Privacy
Coretrace is a B2B product designed for business use. We do not knowingly collect personal information from anyone under the age of 16. If you believe we have inadvertently collected such information, please contact us immediately at hello@coretrace.ai and we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or by posting a prominent notice in the application prior to the changes taking effect.
The "Last updated" date at the top of this page indicates when the policy was most recently revised. Your continued use of Coretrace after changes are posted constitutes your acceptance of the updated policy.
14. Contact Us
If you have any questions, concerns, or requests related to this Privacy Policy or how we handle your data, please contact us:
Coretrace
Email: hello@coretrace.ai
Website: coretrace.ai
We aim to respond to all privacy-related inquiries within 5 business days.