Privacy Policy (Public Beta)
1. Who We Are
Trailstep is operated by an individual based in Barcelona, Spain
Contact: contact.trailstep@gmail.com
2. What We Collect
Account Data:
- Email address
- Password (hashed)
- User ID (via Supabase)
- Session tokens
Usage Data:
- Projects, tasks, and feedback you submit
- Completely anonymized session data via PostHog (stored in memory only)
- Device/browser metadata
3. How We Use Data
- To provide and secure your account
- To send transactional emails via Supabase
- To track playbook/task progress
- To improve the Service with anonymized usage insights
- To debug issues using Vercel logs
4. Legal Basis for Processing (GDPR)
- Contract: to provide the Service
- Legitimate Interest: to operate and improve the Service
- Legal Obligation: if required by law
5. Data Processors
- Supabase: Auth, database, email delivery
- PostHog (EU): Memory-only anonymous session analytics
- Vercel: Hosting and request logging
6. Cookies & Tracking
- Session cookies (via Supabase)
- Anonymous usage analytics (PostHog in memory-only mode, no cookies)
- Future UI preferences or feature flags
We do not use advertising or third-party marketing cookies. Our analytics are completely anonymized and do not store any data on your device.
7. Your Rights (under GDPR)
- Access your data
- Correct or update your data
- Request data deletion (right to be forgotten)
- Request data portability
Email contact.trailstep@gmail.com to exercise your rights. We will respond within 30 days.
8. Data Retention
- Account data is kept until deleted
- Project/task data is retained unless removed by you
- Anonymized analytics data is stored only in memory during your session
- During beta, data may be purged as needed
9. Changes to This Policy
We may update this policy over time. We will notify you of significant changes by email or in-app notice at least 7 days in advance.
10. Contact
If you have questions, contact us at contact.trailstep@gmail.com