Terms of Service
These terms govern your use of tracehold.com, the free Tracehold browser extension, and our paid Insight and Governance plans. Please read them carefully — by using Tracehold you agree to them.
1. Acceptance of these terms
These Terms of Service ("Terms") are a legal agreement between you and Tracehold B.V. ("Tracehold", "we", "us"), formerly Verifia, established in the European Union at Werfkade 25, 1033 TA Amsterdam, Netherlands. They govern your access to and use of the Tracehold browser extension, desktop and developer/terminal agents, the Outlook add-in, this website, and any related services (together, the "Service").
By installing, accessing or using the Service, you confirm that you have read and agree to be bound by these Terms and by our Privacy Policy. If you do not agree, do not use the Service.
If you use Tracehold on behalf of an organisation, you confirm that you are authorised to accept these Terms for that organisation, and "you" includes that organisation. Where a separately signed master agreement or Data Processing Agreement exists between us and your organisation, that agreement governs to the extent it conflicts with these Terms.
2. The Service and plans
Tracehold is an AI-native data loss prevention (AI DLP) tool. It detects sensitive data — such as passwords, API keys, source code, personal data and confidential documents — on your device, before it is sent to AI tools, and can warn, redact or block according to the active policy. The Service spans a browser extension, desktop and developer/terminal agents, and an Outlook add-in, covering 2,200+ AI tools and sites using 3,400+ detection patterns.
Free plan
The free plan runs entirely on your device. It requires no account and uses no backend: by default, the content of your prompts never leaves your browser. It is provided at no charge and on an "as is" basis (see §8).
Paid plans
Our paid plans add centralised management, audit and compliance reporting for organisations:
- Insight — EUR 40 per user / month.
- Governance — EUR 60 per user / month.
In managed deployments, detection still runs on the device and the prompt itself does not leave the browser by default; only metadata about a finding (its type, severity and timestamp) reaches the backend. The compliance reports map your AI use to GDPR, the EU AI Act, NIS2 and DORA. Pricing, current plan features and any limits are described on the pricing page, which forms part of these Terms for paid plans. We may change plans, features and prices on reasonable notice; changes do not affect a paid term already in progress.
3. Accounts & eligibility (business use)
The Service is a workplace security tool intended for organisations and professionals. It is not directed to consumers or to children, and you must be capable of entering into a binding contract to use it.
The free extension does not require an account. Paid plans require an account, which an organisation typically provisions and manages — including sign-in through its own identity provider (such as Microsoft Entra ID or Okta). You are responsible for keeping account credentials confidential, for activity under your account, and for ensuring that the people you grant access are authorised. Notify us promptly of any suspected unauthorised use.
4. The free extension licence
Subject to these Terms, we grant you a limited, revocable, non-exclusive, non-transferable and non-sublicensable licence to install and use the free Tracehold browser extension on devices you control, for your own internal data-loss-prevention purposes.
This licence does not transfer any ownership in the Service. You may not:
- copy, modify, translate or create derivative works of the extension, except as permitted by applicable mandatory law;
- reverse engineer, decompile or disassemble it, except to the limited extent such restriction is prohibited by law;
- rent, lease, sell, sublicense or redistribute it, or make it available to third parties as a service;
- remove or alter any proprietary notices, or circumvent any technical limitations or signature/verification mechanisms.
We may update, change or discontinue the free extension at any time, and we may revoke this licence if you breach these Terms. The free plan is provided without a paid subscription and without any service-level commitment.
5. Acceptable use
You agree to use the Service lawfully and only for its intended purpose. You must not:
- use the Service in violation of any applicable law or third-party right;
- interfere with, disrupt, overload or attempt to gain unauthorised access to the Service, its infrastructure, or other users' data;
- probe, scan or test the vulnerability of the Service except under a permission we have given in writing;
- use the Service to build a competing product, or to scrape, harvest or replicate its detection patterns or content;
- misrepresent the Service's behaviour, or rely on it as a sole or complete safeguard against data loss (it is one layer among the controls your organisation should maintain).
We may suspend or limit access to protect the Service, its users, or to comply with the law.
6. Intellectual property
The Service — including the extension, agents, add-in, website, detection patterns, software, designs, text, graphics and the Tracehold and Verifia names and logos — is owned by Tracehold B.V. or its licensors and is protected by intellectual-property laws. Except for the limited licence in §4, no rights are granted to you, whether by implication, estoppel or otherwise.
You retain all rights in your own data and content. You grant us only the limited rights needed to provide the Service to you — for example, processing detection metadata in a managed deployment as described in our Privacy Policy. If you send us feedback or suggestions, you grant us a non-exclusive, perpetual, royalty-free licence to use them to improve the Service, without obligation to you.
7. Third-party and AI tools — disclaimer
The Service helps you manage what is sent to AI tools and other third-party services (such as ChatGPT, Claude, Gemini and Copilot), and it can integrate with third-party systems — for example identity providers (Microsoft Entra ID, Okta), SIEM (Splunk, Microsoft Sentinel), alerting (Slack, Microsoft Teams), the Outlook add-in, and deployment via Microsoft Intune or standard MDM.
Those third-party tools and services are operated by others under their own terms and policies, over which we have no control and for which we are not responsible. We do not endorse them, and your use of them is at your own risk and subject to their terms. AI tools can change behaviour, interfaces and outputs without notice; we cannot guarantee that the Service will detect every possible disclosure across every tool, or that a given integration will remain available. You are responsible for verifying outputs of any AI tool and for your own compliance obligations.
8. Disclaimer of warranties
To the maximum extent permitted by law, the Service is provided "as is" and "as available", without warranties of any kind, whether express, implied or statutory, including any implied warranties of merchantability, fitness for a particular purpose, accuracy, or non-infringement.
We do not warrant that the Service will be uninterrupted, error-free or secure, that it will detect or prevent all sensitive-data disclosures, or that defects will be corrected. The Service is one safeguard among the controls you should maintain; it does not replace your own security, governance and compliance measures. Regarding certifications: ISO 27001 certification is in progress (not yet certified); our practices are aligned with / mapped to ENS, PCI-DSS and SOC 2, but we are not certified under those frameworks. Nothing on this site states that Tracehold "is certified". Nothing in these Terms excludes liability or warranties that cannot lawfully be excluded, including under mandatory EU consumer or other protective law.
9. Limitation of liability
To the maximum extent permitted by law:
- we are not liable for any indirect, incidental, special, consequential or punitive damages, or for loss of profits, revenue, data, goodwill or business, arising out of or relating to the Service, even if advised of the possibility;
- for the free plan, which is provided at no charge, our total aggregate liability is limited to the fullest extent the law allows; and
- for paid plans, our total aggregate liability arising out of or relating to the Service in any 12-month period is limited to the fees you paid us for the Service in that period.
Nothing in these Terms limits or excludes liability that cannot be limited or excluded by law — including liability for death or personal injury caused by negligence, for fraud, or under mandatory provisions of applicable EU law. These allocations of risk reflect the basis on which we make the Service available.
10. Term & termination
These Terms apply for as long as you use the Service. You may stop using it at any time — for the free extension, by uninstalling it. Paid subscriptions run for the term agreed at purchase and may be cancelled in line with that arrangement.
We may suspend or terminate your access if you breach these Terms, if required by law, or to protect the Service or its users. On termination, the licence in §4 ends and you must stop using the Service. Provisions that by their nature should survive — including intellectual property (§6), disclaimers (§7–§8), limitation of liability (§9), governing law (§11) and this sentence — survive termination.
11. Governing law & jurisdiction
These Terms are governed by the laws of the Netherlands (an EU member state), without regard to conflict-of-laws rules, and subject to any mandatory consumer-protection or other protective laws of your place of residence within the European Union that cannot be derogated from by agreement.
The courts of the Netherlands have jurisdiction over any dispute arising out of or relating to these Terms or the Service, without prejudice to any non-waivable right you may have to bring proceedings, or have proceedings brought against you, in the courts of your EU place of residence.
12. Changes to these terms
We may update these Terms as the Service and the law evolve. When we do, we will revise the "Last updated" date above, and for material changes we will provide a more prominent notice (for example, on this page or within the Service). Your continued use of the Service after changes take effect means you accept the updated Terms; if you do not agree, you should stop using the Service.
13. Contact
Questions about these Terms?
- General & legal: hello@tracehold.com
- Privacy enquiries: privacy@tracehold.com
- Data Protection Officer: dpo@tracehold.com
- Post: Tracehold B.V., Werfkade 25, 1033 TA Amsterdam, Netherlands
Tracehold is built and hosted in the European Union, in France, on Contabo and OVH infrastructure, with EU data residency and an optional full self-host. See our Security and Privacy Terms DPA Subprocessors pages for more.