Contents
Tracely ("Tracely", "we", "us", "our") operates the Tracely web application at app.tracely.uk and the Tracely Click Capture Chrome browser extension (together, the "Service").
For the purposes of the UK GDPR and EU GDPR, Tracely is the data controller responsible for the personal data described in this policy.
Contact: privacy@tracely.uk
localStorage and in the extension's chrome.storage.local| Purpose | Data used |
|---|---|
| Create and manage your account | Name, email, password hash |
| Authenticate you and maintain your session | Email, session token |
| Send account activation and password reset emails | Email, name, one-time token |
| Store and serve your captured documents and screenshots | Screenshots, page URLs, step metadata |
| Generate PDF exports of your documents | Document content, screenshots |
| Operate and improve the Service | Server logs, error reports |
| Respond to support requests | Email, account data you share with us |
We do not use your data for advertising, profiling, or any purpose unrelated to operating the Service.
Where the GDPR or UK GDPR applies, we rely on the following legal bases:
| Processing activity | Legal basis |
|---|---|
| Account creation and authentication | Contract — processing is necessary to perform the service you signed up for (Art. 6(1)(b)) |
| Storing capture sessions and documents | Contract — the core functionality of the Service (Art. 6(1)(b)) |
| Sending transactional emails (activation, password reset) | Contract — necessary to provide account access (Art. 6(1)(b)) |
| Server logging and security monitoring | Legitimate interests — operating a secure, reliable service (Art. 6(1)(f)) |
The Tracely Click Capture Chrome extension requests the following permissions. This section explains exactly what each is used for.
| Permission | Why it is needed | What it does NOT do |
|---|---|---|
activeTab |
Captures a screenshot of the current tab when you click during a capture session. | Does not access any tab you have not actively chosen to document. |
tabs |
Detects tab switches so the capture session stays in sync, and opens the Tracely web app for login/review. | Does not read tab titles, URLs, or content in the background. |
scripting |
Injects the locally-bundled capture script into the active tab to listen for your clicks during a session. | Does not execute any remote or server-provided code. All injected scripts are bundled inside the extension package. |
sidePanel |
Renders the Tracely capture interface in Chrome's built-in side panel. | No data collection occurs through this permission. |
storage |
Persists your authentication token and active session locally so you remain logged in across browser restarts. | Data stored never leaves your device unless you explicitly save a document to Tracely. |
Host permissions (<all_urls>) |
Required because you may start a capture session on any website. The extension must be able to inject the capture script on whichever site you are documenting. | The extension does not read, monitor, or transmit data from any page you have not started a capture session on. |
Screenshots are taken only when you have explicitly started a capture session and clicked an element on the page. Screenshots are uploaded to Tracely's secure cloud storage (Amazon S3, EU region) solely to populate your document. They are never used for any other purpose.
The extension does not monitor your browsing, collect data in the background, or transmit anything to Tracely's servers unless you actively save a document.
The extension does not load or execute any code from remote servers. All logic runs from scripts bundled within the published extension package.
Under the GDPR and UK GDPR, you have the following rights regarding your personal data:
| Right | What it means |
|---|---|
| Access | Request a copy of the personal data we hold about you. |
| Rectification | Ask us to correct inaccurate or incomplete data. |
| Erasure | Request deletion of your personal data ("right to be forgotten"). |
| Restriction | Ask us to restrict processing of your data in certain circumstances. |
| Portability | Receive your data in a structured, machine-readable format. |
| Objection | Object to processing based on legitimate interests. |
| Withdraw consent | Where we rely on consent, withdraw it at any time without affecting prior processing. |
To exercise any of these rights, email privacy@tracely.uk. We will respond within 30 days. We may ask you to verify your identity before acting on a request.
We implement appropriate technical and organisational measures to protect your data, including:
No method of transmission or storage is 100% secure. If you become aware of a security concern, please contact privacy@tracely.uk immediately.
Your data is primarily stored and processed within the EU (AWS eu-north-1, Stockholm). Where we use sub-processors outside the EEA (e.g. SendGrid in the USA), we ensure appropriate safeguards are in place, such as the EU Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA).
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact privacy@tracely.uk and we will delete it promptly.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top and, where appropriate, notify you by email. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
For any privacy-related questions or to exercise your rights, contact us at:
Tracely
Email: privacy@tracely.uk
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO). In the EU, contact the supervisory authority in your member state.