Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

Account Information:

• Name and email address
• Company name and job title (optional)
• Password (encrypted and never stored in plain text)
• Billing information (processed securely through Stripe)

Support and Communications:

• Information you provide when contacting customer support
• Feedback, survey responses, and feature requests
• Communications through email, chat, or community forums

1.2 Information Collected Automatically

Trace Data (when using the cloud platform):

• AI agent execution traces, including:
• LLM prompts (user messages, system messages, context)
• LLM responses and completions
• Tool calls with arguments and results
• Retrieval queries and retrieved documents
• Agent delegation and handoff events
• Error messages and stack traces
• Timing information and performance metrics
• Token counts and cost calculations
• Model names and parameters (temperature, max_tokens, etc.)

Usage Data:

• Pages visited on our website
• Features used within the cloud platform
• Time spent on various features
• Dashboard interactions and searches
• API usage and error rates
• Browser type, device type, and operating system
• IP address and approximate geographic location

Cookies and Tracking Technologies:

• Session cookies for authentication
• Analytics cookies (Google Analytics) for website usage analysis
• Preference cookies for storing your settings
• Third-party cookies from Stripe (payment processing)

1.3 Information from Third Parties

Payment Information:

• Stripe collects and processes payment card information on our behalf
• We receive only limited information from Stripe (last 4 digits, card type, expiration date)

Authentication Services:

• If you use SSO (Enterprise only), we may receive information from your identity provider

2. How We Use Your Information

We use your information for the following purposes:

2.1 To Provide and Improve the Services

• Create and maintain your account
• Process transactions and send billing notifications
• Store and display your trace data in the cloud platform
• Provide customer support and respond to inquiries
• Monitor and analyze usage patterns to improve the Services
• Develop new features and functionality
• Ensure the security and integrity of the Services

2.2 To Communicate with You

• Send transactional emails (account creation, password resets, billing)
• Send product updates and feature announcements (you can opt out)
• Respond to your support requests
• Send security alerts and system notifications

2.3 For Analytics and Aggregated Insights

• Create aggregated, anonymized statistics about usage patterns
• Improve our machine learning models and algorithms
• Benchmark performance and identify optimization opportunities
• Generate industry insights and research (anonymized data only)

2.4 For Legal and Safety Purposes

• Comply with legal obligations and respond to lawful requests
• Enforce our Terms of Service
• Protect against fraud, abuse, and security threats
• Defend our legal rights in disputes

3. How We Share Your Information

We do not sell your personal information or trace data. We share information only in the following limited circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Stripe: Payment processing (PCI-compliant)
• Email Providers (SendGrid, Mailchimp, etc.): Transactional and marketing emails
• Google Analytics: Website analytics and usage tracking
• Cloud Infrastructure Providers: Hosting and data storage (AWS, Railway, etc.)
• Customer Support Tools (if implemented): Chat and support ticketing

These providers are contractually obligated to protect your data and use it only to provide services to us.

3.2 Business Transfers

If we are acquired by or merged with another company, or if we sell substantially all of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and provide options regarding your information.

3.3 Legal Requirements

We may disclose your information if required by law, including to:

• Comply with subpoenas, court orders, or legal process
• Respond to government requests or regulatory inquiries
• Enforce our Terms of Service
• Protect the rights, property, or safety of Prela, our users, or others
• Investigate and prevent fraud, security threats, or illegal activity

3.4 With Your Consent

We may share your information with third parties when you explicitly consent, such as:

• When you choose to share trace data publicly (via shareable replay links)
• When you integrate with third-party services
• When you participate in case studies or marketing materials

3.5 Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot be used to identify you or your organization, including:

• Industry benchmarks and statistics
• Usage trends and insights
• Research and whitepapers

4. Data Retention

We retain your information for different periods depending on your subscription tier and the type of data:

4.1 Trace Data

• Developer (Free): 7 days, then automatically deleted
• Lunch Money ($10): 30 days, then automatically deleted
• Pro ($79): 90 days, then automatically deleted
• Enterprise: Custom retention period per your agreement (1+ years)

4.2 Account Information

Retained for the duration of your account plus 30 days after termination. You may request deletion of your account information at any time.

4.3 Billing Information

Retained for 7 years to comply with financial recordkeeping requirements. Card details are stored by Stripe, not by us.

4.4 Backups and Logs

• System backups may retain your data for up to 90 days after the retention period
• Security logs and audit trails may be retained for up to 1 year

4.5 Aggregated Data

Aggregated, anonymized data may be retained indefinitely.

5. Data Security

We implement industry-standard security measures to protect your data:

5.1 Technical Safeguards

• Encryption in transit (TLS 1.3)
• Encryption at rest for sensitive data
• Secure password hashing (bcrypt)
• Regular security audits and penetration testing
• Automated vulnerability scanning
• DDoS protection and rate limiting

5.2 Access Controls

• Role-based access control (RBAC) for your team members
• Two-factor authentication (2FA) available for all accounts
• Principle of least privilege for our internal systems
• Regular access reviews and audit logs

5.3 Organizational Measures

• Background checks for employees with access to systems
• Confidentiality agreements with employees and contractors
• Security awareness training
• Incident response procedures

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

6.1 Access and Portability

• You can access your account information at any time through your account settings
• You can export your trace data using our export features (Lunch Money tier and above)
• You can request a copy of your personal information by contacting us

6.2 Correction and Deletion

• You can update your account information through your account settings
• You can delete your account at any time through your account settings or by contacting us
• Upon deletion, we will remove your data within 30 days (except for backups and legal retention requirements)

6.3 Opt-Out Rights

• Marketing Emails: Unsubscribe link in every marketing email, or update preferences in account settings
• Analytics Cookies: Use browser settings or Do Not Track features
• Data Processing: You may request that we stop processing your data (subject to legal obligations)

6.4 Data Minimization

• You control what data you send to our Services through the SDK
• You can configure sampling rates to reduce data collection
• You can use the SDK locally without sending data to the cloud (file exporter)

6.5 Rights for EU and UK Users (GDPR)

If you are in the European Union or United Kingdom, you have additional rights:

• Right to access your personal data
• Right to rectification (correction) of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

To exercise these rights, contact us at [email protected].

6.6 Rights for California Users (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Opt out of the "sale" of your personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

To exercise these rights, contact us at [email protected].

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website and platform:

7.1 Types of Cookies We Use

Essential Cookies (cannot be disabled):

• Session management and authentication
• Security and fraud prevention
• Load balancing and performance

Analytics Cookies (can be disabled):

• Google Analytics for website usage statistics
• Product analytics for feature usage and engagement

Preference Cookies (can be disabled):

• Theme preferences (light/dark mode)
• Language preferences
• Dashboard layout preferences

7.2 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may prevent you from using certain features of the Services.

7.3 Do Not Track

We honor Do Not Track (DNT) signals. When DNT is enabled, we will not load non-essential analytics cookies.

8. Third-Party Services

Our Services integrate with third-party services that have their own privacy policies:

• Stripe: https://stripe.com/privacy
• Google Analytics: https://policies.google.com/privacy
• SendGrid/Mailchimp: (respective privacy policies)

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

9. International Data Transfers

9.1 Data Storage Location

• All data is stored in United States data centers by default
• Enterprise customers may request EU data residency (additional fees apply)

9.2 Cross-Border Transfers

If you are located outside the United States, your information will be transferred to and processed in the United States. By using the Services, you consent to this transfer.

For EU and UK users, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Your explicit consent when required by law

10. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will delete it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Post the updated Privacy Policy on our website with a new "Last Updated" date
• Send an email notification to your registered email address
• Display a prominent notice on our platform

Your continued use of the Services after such notification constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: