Privacy & security

Local-first architecture

NetTrace AI is built on a fundamental principle: your debugging data stays on your machine. Network request payloads, response bodies, headers, cookies, tokens, and internal URLs are never uploaded to our cloud servers by default.

What we store in the cloud

• Your email address and account name
• Subscription and billing status (via Stripe)
• Device token metadata (hashed tokens, names, timestamps)
• Extension install metadata (browser type, version)

What stays local

• All captured network requests and responses
• Request/response headers and bodies
• Cookies and authentication tokens
• User action recordings
• Failure clusters and debug sessions
• Console error captures

Data flow (premium IDE path)

The IDE companion runs entirely on your machine. The browser extension may send redacted session payloads to a localhost receiver managed by the companion; language-model tools and MCP integrations read from that local store. Raw debugging data is not uploaded to NetTrace cloud servers as part of that path.

Automatic redaction

NetTrace applies multi-layer redaction of sensitive data including Authorization headers, Bearer tokens, API keys, cookies, passwords, and secrets — in the browser extension before storage, and again inside the IDE companion before tools surface context to agents.

No telemetry

NetTrace AI does not collect telemetry, analytics, or usage tracking data by default. We do not inject tracking scripts, beacons, or fingerprinting code.