Last updated: March 8, 2026 · Effective immediately
HalluTrace AI ("we", "our", "us", or "the Company") operates the hallutraceai.com website and the HalluTrace AI platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, process, store, disclose, and protect your information when you access or use our Service.
By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with any part of this policy, you should discontinue use of the Service immediately. This Privacy Policy should be read in conjunction with our Terms of Service.
When you create an account, we collect: your name, email address, hashed password (for email-based registration), or OAuth tokens and profile data (for Google sign-in). Organization details (name, slug) are collected if you create an organization.
When you use the Service, you submit trace data including: LLM inputs (prompts, questions), LLM outputs (responses), system prompts, RAG context, model names, session identifiers, message identifiers, and associated metadata. This data is processed to provide hallucination evaluation services. You are solely responsible for ensuring that the data you submit does not contain sensitive personal information (PII), protected health information (PHI), financial data, or any data that you are not authorized to share.
We generate and store evaluation results including: hallucination scores (0-100), evaluation reasons, feedback text, alert triggers, and aggregated analytics derived from your trace data.
We automatically collect: IP addresses, browser type and version, operating system, device information, referring URLs, pages visited, session duration, clickstream data, feature usage patterns, API call logs (endpoint, timestamp, response codes), and error logs.
Payment and billing information (credit card numbers, bank details) is collected and processed by our third-party payment processor, Stripe, Inc. We do not store your full payment card details on our servers. We store: transaction amounts, dates, Stripe customer IDs, subscription status, and billing account metadata.
We collect information from communications with us, including: support requests, feedback, bug reports, and any other correspondence sent via email or through the Service.
If you participate in our referral program, we collect: referral codes, referral link clicks, cookie data (7-day expiry), referred user associations, and commission earnings data.
We use the information we collect for the following purposes:
To perform hallucination evaluations, we transmit relevant portions of your trace data (inputs, outputs, system prompts) to third-party LLM providers through automated workflows. This processing is necessary to deliver the core functionality of the Service. We select providers based on their data handling practices, but we cannot guarantee the privacy practices of third-party providers.
We may share your information with trusted third-party service providers who assist us in operating the Service, including:
These providers are contractually obligated to use your information only to perform services on our behalf and in compliance with applicable data protection laws.
We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to: (a) comply with applicable law or legal process, (b) protect the rights, property, or safety of HalluTrace AI, our users, or the public, (c) detect, prevent, or address fraud, security, or technical issues, or (d) enforce our Terms of Service.
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your information.
We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We do not use your trace data to train AI models that are sold or licensed to third parties.
We retain your data for the following periods based on your plan:
Account information is retained for as long as your account is active and for a reasonable period thereafter to fulfill legal, accounting, and reporting obligations. Aggregated and anonymized data may be retained indefinitely. You may request deletion of your data at any time by contacting us; we will process such requests within 30 days, subject to legal retention requirements.
We implement commercially reasonable technical and organizational security measures to protect your data, including:
However, no method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You acknowledge and accept the inherent risks of transmitting data over the internet. In the event of a data breach, we will notify affected users in accordance with applicable laws.
We use the following types of cookies and similar technologies:
You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.
Depending on your jurisdiction, you may have the following rights regarding your personal data:
To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.
Your data may be processed and stored in jurisdictions other than your own. By using the Service, you consent to the transfer of your data to other countries, which may have different data protection laws than your jurisdiction. We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information promptly. If you believe we have collected data from a child, please contact us immediately.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
To exercise these rights, contact us at [email protected].
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:
You have all the rights listed in Section 8 above. You also have the right to lodge a complaint with your local data protection authority.
In the event of a data breach that affects your personal data, we will notify you via email within 72 hours of becoming aware of the breach, or as required by applicable law. The notification will include: a description of the breach, the types of data affected, steps we are taking to address the breach, and recommendations for steps you can take to protect yourself.
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices, content, or security of third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page with a revised "Last updated" date. We will make reasonable efforts to notify you of material changes via email or through the Service. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.
For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:
HalluTrace AI — Privacy Team
Email: [email protected]
General: [email protected]
Website: hallutraceai.com