DRAFT — beta period only. This document will be reviewed and replaced by counsel-drafted text before paid access launches (target: August 9, 2026). Current text reflects actual practices but is not a substitute for legal review.

Privacy Policy

Last updated: May 22, 2026

1. Who we are

AuditTrail is operated by James Heap, sole proprietor, Qualicum Beach, British Columbia, Canada. We are not incorporated; there is no corporate entity separate from the sole proprietorship at this stage.

Contact: james@audittrail.ca

2. What data we collect

We collect only the following. Nothing else.

Email address — submitted via the beta-cohort waitlist or intake form.
Survey responses — profession, AI tools used, jurisdiction, and current documentation method, submitted via the beta-cohort intake form.
Captured AI conversation records — prompt, response, timestamp, provider, and cryptographic hash, collected by the browser extension once an account exists. Note: the browser extension is not available in the current public beta. This category of data is described here for transparency about the full product.
Standard server logs — IP address, user agent, timestamp of request, and page accessed. These are collected automatically by our hosting providers (Vercel, Render) and are not processed by AuditTrail for any purpose beyond operational diagnostics.

3. What we do not collect

We do not use tracking pixels, third-party analytics (no Google Analytics, Mixpanel, Amplitude, or equivalent), advertising cookies, browser fingerprinting, or cross-site tracking of any kind. There is no advertising on AuditTrail and there never will be.

4. How we use your data

We use your data to: operate and improve the service, communicate with you about the beta, respond to support requests, and diagnose technical issues.

We do not sell, share, rent, or transfer personal data to any third party for any purpose, including marketing.

5. Where your data lives

AuditTrail uses the following hosting infrastructure (per ADR-0011):

Vercel (landing site and dashboard) — globally distributed edge network; customer data is not persisted on edge nodes.
Render (API and Postgres database) — us-east-1 (Virginia, United States) for beta. Canadian customers should be aware their data is processed in the United States.
Vercel KV (waitlist emails) — powered by Cloudflare, globally distributed.

Captured AI conversation records (when the extension is active) are encrypted at rest using AES-256-GCM envelope encryption with per-firm data encryption keys managed by a cloud key management service, per ADR-0009. All data is transmitted over TLS 1.2 or higher.

6. How long we keep your data

Waitlist emails and survey responses: kept until you request deletion.
Captured AI records: default 7-year retention from capture date, with per-account override, per ADR-0010. Per-firm retention controls are a Phase 2 deliverable and not yet active.
Server logs: purged after 30 days by hosting-provider default.

7. Your rights

Under PIPEDA (Personal Information Protection and Electronic Documents Act) and applicable provincial/territorial law, you have the right to:

Know what personal information we hold about you.
Correct inaccurate information.
Request deletion of your information (subject to legal retention obligations).

To exercise any of these rights, email james@audittrail.ca. We will acknowledge your request within 5 business days and respond substantively within 30 days.

Note: deletion of captured AI records removes content but preserves the hash-chain skeleton (hash values only) so that the tamper-evidence of the remaining chain is not broken. This is disclosed here because it is a consequence of the product’s core tamper-evidence guarantee.

8. Children

AuditTrail is a professional tool for regulated practitioners. We do not knowingly collect personal information from anyone under the age of 19 (the age of majority in British Columbia). If you believe we have inadvertently collected data from a minor, contact us immediately at james@audittrail.ca.

9. Changes to this policy

The date at the top of this page reflects the most recent update. For material changes — meaning changes to what data we collect, how long we keep it, or who we share it with — we will email active beta participants before the change takes effect. Non-material changes (formatting, clarifications that do not change substantive meaning) will be updated without notice.