Source Trace
Sign In

Privacy Policy

Your code stays yours. We believe in local-first architecture and transparent data practices.

Last updated: February 21, 2026

This policy explains how Source Trace collects, uses, and protects your information. Our guiding principle: collect only what we need, never your source code.

Privacy Policy

This privacy policy applies to the Source Trace desktop application and web service (hereby referred to as "Application") that was created by Twin Pine Labs Ltd, registered in the UK (hereby referred to as "Service Provider") as a Freemium service. This service is intended for use "AS IS".

Information Collection and Use

The Application collects information to provide AI code attribution and development analytics services, including authentication data (email for users who chose to create account), device information (device identifiers, OS, CPU architecture, VS Code version), repository data (repo path hashes, file paths, commit metadata hashed), code activity (lines added/removed/survived, timestamps, file-level metrics), AI detection (assistant/model detection for attribution), system monitoring (local inspection of running processes to identify AI assistants and extensions), web service data (IP, user-agent, referer, interaction events for dashboard/contact forms), and authentication tokens (JWT stored securely with 90-day expiration).

Code Activity Monitoring

The Application monitors your coding activity to provide AI attribution and development analytics. This includes tracking which lines of code were written by humans versus AI assistants, measuring code survival rates, and analyzing development patterns. All repository data is hashed using SHA256 to protect sensitive information while enabling deduplication and analytics.

AI Agent Detection and Attribution

The Application detects and tracks interactions with supported AI coding assistants and models. This helps provide accurate attribution of code changes to the correct source (human or specific AI model). Detection is performed locally on your device. Within VS Code, the application monitors editing activity and AI agent interactions for attribution purposes.

System Monitoring and Process Inspection

The Application performs local inspection of running processes to identify AI coding assistants and models. This includes monitoring agent task lifecycle events, extension inventory scanning, and real-time agent activity tracking. Processing is based on legitimate interests for providing AI attribution services. All system monitoring is performed locally on your device.

Local Data Storage and Processing

The Application stores state locally on your machine for accurate code tracking and supports optional git notes storage in your repository. Anonymized metadata, like model names or number of lines of code, is periodically synchronized with our servers. If you choose to stop using the Application, you must uninstall the extension/app; this stops collection and you can request deletion of stored data at any time (see Data Retention and Your Rights).

Third Party Access

Attribution metadata (including hashed identifiers and coding statistics, but never source code) is transmitted to our services to power personal and community model rankings. The Service Provider may share your information with third parties in the ways that are described in this privacy statement.

Please note that the Application utilizes third-party services that have their own Privacy Policy about handling data. Below are the links to the Privacy Policy of the third-party service providers used by the Application:

  • Google OAuth - Used for user authentication
  • Resend - Used for email delivery from contact forms

The Service Provider may disclose User Provided and Automatically Collected Information:

  • as required by law, such as to comply with a subpoena, or similar legal process;
  • when they believe in good faith that disclosure is necessary to protect their rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
  • with their trusted services providers who work on their behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement.

Opt-Out Rights

You can stop all collection of information by uninstalling the Application/extension using your operating system or VS Code's extension management. If you uninstall, you may also request deletion of stored data (see Data Retention and Your Rights).

Data Retention Policy and Your Rights

The Service Provider retains user data for as long as your account is active and for a reasonable period thereafter. Code activity data is partitioned monthly in our database for efficient storage and analytics. Authentication tokens expire after 90 days.

You can request access, correction, or deletion of your data from your account portal or by contacting support@srctrace.com. We will respond within a reasonable time period. You may also uninstall the Application/extension to stop further collection; you can then request deletion of stored data.

Children

The Service Provider does not use the Application to knowingly solicit data from or market to children under the age of 13.

The Application does not address anyone under the age of 13. The Service Provider does not knowingly collect personally identifiable information from children under 13 years of age. In the case the Service Provider discover that a child under 13 has provided personal information, the Service Provider will immediately delete this from their servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact the Service Provider (support@srctrace.com) so that they will be able to take the necessary actions.

Security

The Service Provider is concerned about safeguarding the confidentiality of your information. The Service Provider provides physical, electronic, and procedural safeguards to protect information the Service Provider processes and maintains. Repository data is hashed using SHA256, and JWT authentication tokens are encrypted and stored securely.

Legal Basis for Processing

Our processing of coding activity data is based on legitimate interests for providing AI attribution and development analytics services.

GDPR and Data Protection Rights

For users in the European Union, you may have rights under GDPR, including access, rectification, deletion, restriction, and objection. If you have concerns about how we process your data, please contact us at support@srctrace.com. We will respond to your request within 30 days.

International Data Transfers

Your data may be processed in the UK and other countries. Where data is transferred outside the UK/EEA, we rely on appropriate safeguards (such as adequacy decisions or standard contractual clauses) and take reasonable steps to protect your information. You can contact us at support@srctrace.com for more details.

Changes

This Privacy Policy may be updated from time to time for any reason. The Service Provider will notify you of any material changes to the Privacy Policy by updating this page with the new Privacy Policy and updating the effective date. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes.

This privacy policy is effective as of 2026-02-21

Your Consent

By using the Application, you are consenting to the processing of your information as set forth in this Privacy Policy now and as amended by us.

Contact Us

If you have any questions regarding privacy while using the Application, or have questions about the practices, please contact the Service Provider via email at support@srctrace.com.