Privacy Policy
TRAXE helps creators, brands, and platforms verify the origin of their content in an age where AI-generated and human-made are increasingly hard to tell apart. This policy explains what data we collect, how we use it, and what rights you have.
01 What Data We Collect
We collect only what is necessary to provide and improve the TRAXE platform.
| Data Type | What We Collect | Why |
|---|---|---|
| Account data | Email address, hashed password, account creation date | To create and manage your account |
| Usage data | Scan count, registration count, subscription plan, credit balance | To enforce plan limits and track usage |
| Content metadata | File hash (SHA-256), declared origin, title, tool used, file type, file size, submission timestamp | To issue TRAXE certificates and support public verification |
| Uploaded files | The file submitted for registration | To generate the certificate and display it on the verification page |
| Scan images | Images or URLs submitted for AI detection | Processed in real time for detection — not stored |
| Payment data | Transaction ID, amount, plan purchased | Billing and subscription management. Card details are handled by Stripe — we never see or store them. |
| Technical data | IP address, browser type, device type | Security, rate limiting, and abuse prevention |
02 How We Use Your Data
- Running the platform and all its features
- Issuing and maintaining TRAXE verification certificates
- Processing payments and managing subscriptions
- Enforcing plan limits and credit balances
- Sending transactional emails: registration confirmations, payment receipts, plan changes
- Preventing fraud, abuse, and unauthorised access
- Fixing bugs and improving performance
- Meeting legal obligations under the EU AI Act and GDPR
We do not use your data for advertising, profiling, or selling to third parties.
03 Legal Basis for Processing (GDPR)
- Contract performance. Processing needed to deliver the service you signed up for.
- Legitimate interests. Security monitoring, fraud prevention, platform improvement.
- Legal obligation. Compliance with EU law including the EU AI Act and financial regulations.
- Consent. Where explicitly provided, such as optional communications.
04 Ownership & Intellectual Property
Everything you submit stays yours. Uploading content to TRAXE for verification does not transfer ownership or intellectual property rights to us in any way.
We process your files only to generate the certificate, run the AI scan, and display the verification page. That is it.
05 Data Retention
Verification uploads are retained only for as long as reasonably necessary to provide the service, meet legal obligations, prevent abuse, resolve disputes, and maintain audit integrity. Where possible, unnecessary data is deleted or anonymised.
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 2 years after deletion |
| TRAXE certificates & metadata | Indefinitely — to support public certificate verification |
| Uploaded files | Duration of account. Deleted within 30 days of account deletion upon request. |
| Scan results | 12 months |
| Scan images | Not stored — processed in real time and discarded immediately |
| Payment records | 7 years (Dutch financial record-keeping requirement) |
| Technical / IP logs | 90 days |
06 Third-Party Services
TRAXE uses third-party infrastructure providers for hosting, authentication, payments, email delivery, and AI content detection. All providers are bound by data processing agreements where required. Payment processing is handled by Stripe — we never see or store card details. A full list of sub-processors is available on request at legal@traxe.co.
07 Public Verification Pages
When you register content with TRAXE, a public verification page is created at api.traxe.co/verify/TRX-XXXXXXXX. This page displays the TRAXE ID, declared origin, badge type, creator name as submitted, submission date, and a file preview where applicable.
This information is publicly accessible to anyone with the TRAXE ID. By registering content, you consent to this information being publicly displayed. Certificate removal requests can be submitted to legal@traxe.co.
08 Browser Extension
The TRAXE Scanner browser extension does not collect or store personal data from websites you visit. When you scan an image, only the image data is transmitted to the TRAXE API for detection. The extension does not track browsing activity, read third-party cookies, or transmit any data beyond what is strictly required for the scan request.
09 Cookies
TRAXE uses only strictly necessary cookies and similar technologies required for login sessions, security, fraud prevention, and core platform functionality. TRAXE does not use advertising cookies or third-party behavioural tracking cookies.
You can clear cookies at any time through your browser settings. This will end your active session and log you out.
10 Security
We use HTTPS across the platform, hash all passwords, apply access controls, and work with infrastructure providers that maintain their own security standards. No system is completely secure, and we do not claim otherwise. If a breach occurs that affects your data, we will notify you and the relevant authority within 72 hours.
11 Your Rights (GDPR)
You can request access to your data, ask us to correct or delete it, restrict how we use it, or export it. You can also object to certain processing or withdraw consent at any time.
Email legal@traxe.co and we will respond within 30 days. One note: deleting your account does not remove publicly issued TRAXE certificates. Those exist to support content provenance and remain accessible.
12 International Transfers
TRAXE is based in the Netherlands and processes most data within the EEA. Where data moves outside the EEA, we ensure appropriate safeguards are in place through Standard Contractual Clauses or adequacy decisions.
13 Children's Privacy
TRAXE is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data to TRAXE, contact legal@traxe.co and we will delete it promptly.
If you need a Data Processing Agreement, security questionnaire, or sub-processor list, contact legal@traxe.co.
14 Changes to This Policy
We will update this policy when needed. For material changes, registered users will be notified by email at least 14 days before the change takes effect. The date at the top of this page always reflects the current version.
15 Contact & Complaints
For privacy questions, data requests, or complaints: legal@traxe.co
You also have the right to contact the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl) if you have concerns we have not resolved.