Privacy Policy
How Trace handles your data with complete transparency and privacy-first principles.
Effective Date: January 14, 2026
App Name: Trace
Developer/Controller: Justin
Contact: epa6643@gmail.com
This Privacy Policy explains how Trace ("the App") handles information when you use the App on iOS.
1. Summary
- We do not collect, transmit, sell, or share your personal data with us or any third parties.
- The App processes and stores network traffic data on your device only, for your debugging and inspection purposes.
- Data may leave your device only if you choose to export/share it using features provided by iOS (e.g., Share Sheet).
2. Definitions
"Capture Data"
Means any network traffic content and metadata the App displays or stores, including HTTP(S) requests and responses, WebSocket frames, Server-Sent Events (SSE) messages, headers, bodies, URLs, query parameters, cookies, tokens, timing, and TLS details.
"On-Device"
Means stored locally on your iPhone/iPad in the App's sandbox and/or App Group container shared with the App's extensions.
3. Information the App Handles
3.1 Capture Data (On-Device)
The App can capture and store network traffic that passes through a system proxy configured by the App's Network Extension (proxy-only mode). Depending on your device and usage, Capture Data may include highly sensitive information, such as:
- authentication tokens, API keys, session cookies
- personal messages or form inputs
- images, files, and other content in request/response bodies
- hostnames, URLs, and query strings that may reveal personal data
Important:
Capture Data is created by your network activity and by apps/services you use. The App does not create this data; it enables you to view and manage it for debugging.
3.2 TLS Decryption and Certificates (On-Device)
The App supports on-device TLS interception ("TLS MITM") for debugging. To do this, the App may generate a local root Certificate Authority (CA) and require you to install and trust it.
If you enable TLS interception:
- encrypted HTTPS content may be decrypted and displayed on-device
- certificate material may be stored using iOS secure storage mechanisms (e.g., Keychain)
You can disable TLS interception and remove the certificate by following the App's instructions and/or removing the certificate from iOS settings.
3.3 App Data (On-Device)
The App stores configuration and operational data on-device, which may include:
- capture sessions and their organization
- filtering/search settings
- rewrite rules, scripts, breakpoints, request maps, host overrides, and presets
- import/export artifacts (e.g., HAR files) that you create or import
- UI preferences and other local settings
The App uses an iOS App Group container to share data between the main app and its extensions (e.g., network extension, widgets) where applicable.
3.4 No Analytics, No Accounts, No Server-Side Processing
We do not:
- operate servers that receive your Capture Data or personal information
- collect analytics or telemetry
- use advertising SDKs
- use crash reporting services that transmit data to us or third parties
- require accounts or logins
4. How Information Is Used
The App handles information solely to provide its functionality, including:
- capturing and displaying network traffic for inspection and debugging
- enabling modification, replay, and export of traffic data
- storing your sessions and configuration locally so you can use the App
5. Data Sharing and Disclosure
5.1 No Sale or Sharing by Us
We do not sell, rent, share, or disclose your information to third parties because we do not collect it on our systems.
5.2 User-Initiated Exports/Sharing
If you use export or sharing features (e.g., exporting HAR, copying cURL, saving files, sharing via iOS Share Sheet), you are directing data to a destination you choose (e.g., Files, AirDrop, email, messaging apps, third-party storage). That destination's privacy practices apply.
6. Tracking
The App does not track you across apps or websites, and does not use advertising identifiers for tracking purposes.
7. Data Retention
All data is stored on your device and retained until you delete it, which you can do by:
- deleting individual sessions or data within the App (where available)
- uninstalling the App (which removes local app storage)
- removing certificates you installed for TLS interception via iOS settings (if applicable)
8. Security
We use reasonable safeguards consistent with an on-device iOS app, including relying on iOS security features such as app sandboxing and device encryption. However, no method of storage is 100% secure.
You are responsible for:
- securing access to your device (passcode/biometrics)
- exercising caution when capturing, viewing, or exporting sensitive data
- ensuring you only intercept traffic you are authorized to inspect
9. Your Choices and Controls
You can control the App's handling of information by:
- starting/stopping capture at any time
- disabling TLS interception (if enabled)
- deleting sessions and local data
- choosing whether to export/share and what to export/share
10. Legal Compliance and Authorized Use
The App is intended for debugging and inspection of traffic that you are authorized to access and analyze. You agree not to use the App to intercept or monitor communications without proper authorization. You are solely responsible for compliance with applicable laws, regulations, and third-party terms.
11. Children's Privacy
The App is not directed to children. We do not knowingly collect personal information from children. Because the App does not transmit data to us, we have no practical means to identify users' ages.
12. International Users
The App processes data on-device. If you export/share data, it may be transmitted to services or recipients you choose, which may be located outside your country. You are responsible for your sharing choices.
13. Changes to This Policy
We may update this Privacy Policy from time to time. If we make changes, we will update the Effective Date above and publish the revised policy where it is made available (e.g., in the App listing or repository page).