How Traceflow protects archive access data

Scope

This policy applies to Traceflow Archive, a service for corporate customers that provides access to closed AI datasets and files for their employees and contractors. Traceflow acts as a service provider for customers who control the archived data.

Data we collect

• Account data: name, work email, role, and authentication settings.
• Audit data: access events, file identifiers, timestamps, and approvals.
• Security data: IP address, device identifiers, and MFA signals.
• Support data: requests and communications with Traceflow.

How we use data

We use this data to authenticate users, enforce access policies, maintain audit trails, respond to support requests, and meet legal and compliance obligations. We do not sell personal data.

Sharing

Data may be shared with approved subprocessors for hosting, monitoring, and security. Access records are visible to authorized customer administrators. We may disclose data when required by law.

Retention

Access logs and security records are retained per contract and compliance requirements, typically 5-7 years. Customer data is deleted or returned upon contract termination unless retention is legally required.

Security

Traceflow uses encryption in transit and at rest, role-based access controls, and continuous monitoring aligned with ISO 27001 and SOC 2 practices.

Rights and requests

Authorized users should route access or deletion requests through their employer. For additional questions, contact hello@traceflow.io.