Trayntrayn.ai
Home

Privacy Policy

This Privacy Policy describes how Trayn collects, uses, stores, and protects your personal information.

Effective Date: February 22, 2026

This Privacy Policy describes how trayn ("we", "us", "our") collects, uses, stores, and protects your personal information when you use our website (trayn.ai), application (app.trayn.ai), documentation site (docs.trayn.ai), browser extension, SDK, and related services (collectively, the "Services").

By using our Services, you consent to the practices described in this Privacy Policy.

We do not use your data to train AI models. Your recordings, sandbox content, and agent training data are processed solely to provide the Services. See Section 5 for details on data sharing with third-party AI providers.

1. Information We Collect

1.1 Account Information

When you register for an account, we collect:

  • Email address — Your primary identifier across all Services. Used for authentication, communication, and associating your data (recordings, training runs, memories) with your account.
  • Name — As provided through your authentication provider.
  • Authentication data — Managed by Clerk, our authentication provider, including OAuth tokens if you sign in via Google.

1.2 Recording Data

When you use our browser extension to record workflows:

  • Screen states — Visual snapshots of web pages during your recorded workflow.
  • User interactions — Clicks, inputs, scrolls, and navigation events.
  • Page structure — DOM content and accessibility tree data.
  • URLs visited — The addresses of pages included in your recording.

Anonymization: Before storage, our anonymization pipeline processes recordings to detect and replace personal data including names, email addresses, avatars, locations, dates, currencies, and application-specific patterns. Anonymization mappings are stored per-session and can be reviewed and edited by you.

1.3 Agent Training Data

When you use our SDK or web application to train AI agents:

  • Training memories — Records of agent actions, outcomes, and corrective feedback stored per session and run.
  • Embeddings — Vector representations of agent states used for memory retrieval.
  • Grading results — Multimodal AI evaluations of agent performance, including step-by-step grades and corrections.
  • Episode logs — Detailed records of agent training runs including actions taken, observations, and screenshots.
  • Run metadata — Session IDs, run IDs, timestamps, step counts, and completion status.

1.4 Usage Data

We automatically collect:

  • Log data — IP address, browser type and version, pages visited, time and date of visits, time spent on pages.
  • Device information — Operating system, screen resolution, and device type.
  • Error data — Technical details about errors encountered while using the Services.

1.5 Browser Extension Data

Our browser extension collects data only when you actively initiate a recording session. It does not passively monitor or log your browsing activity. When a recording is active, the extension captures:

  • DOM snapshots and mutations — Page structure and changes during the workflow.
  • User interaction events — Clicks, inputs, scrolls, and navigation actions.
  • Page URLs — Addresses of pages visited during the recording session.

This data is processed through our anonymization pipeline before being stored on our servers. The extension does not collect data outside of active recording sessions and does not transmit data to third parties for advertising or analytics.

1.6 Payment Information

If you purchase a subscription, payment processing is handled by Stripe. We do not store your credit card numbers or bank account details directly. Stripe may collect and process payment information in accordance with their privacy policy.

2. How We Use Your Information

We use collected information to:

  1. Provide the Services — Process recordings, generate sandboxes, run agent training, store memories, and grade agent performance.
  2. Authenticate users — Verify your identity and manage account access via Clerk.
  3. Improve the Services — Analyze aggregated, anonymized usage patterns to improve platform reliability and features.
  4. Communicate with you — Send service-related notifications, respond to support requests, and provide updates about the Services.
  5. Ensure security — Detect and prevent fraud, unauthorized access, and abuse.
  6. Comply with legal obligations — Meet applicable legal, regulatory, and compliance requirements.

We adhere to the principle of data minimization: we collect only the personal data reasonably necessary to provide the Services and do not retain data longer than required for its stated purpose.

3. Data Storage and Infrastructure

Your data is stored and processed using the following infrastructure:

ServiceProviderPurposeData Stored
Application hostingAmazon Web Services (US)Runs the main applicationRequest processing, session management
Data storageAmazon Web Services (US)Persistent data storageAnonymized recordings, agent memories, embeddings, screenshots, grading results
AuthenticationClerkUser identity and accessEmail, name, OAuth tokens, session cookies
Website hostingVercel (US)Landing page and documentationServer logs, analytics
Payment processingStripeSubscription billingPayment method details (managed by Stripe)
AI inferenceGoogle AI, OpenAI, AnthropicEmbeddings, agent models, gradingProcessed text and images sent for inference (not retained by providers per their data policies)

All data is stored in the United States.

4. Anonymization Guarantees

Our anonymization pipeline processes recordings before any data is stored on our servers:

  1. Deterministic detection — Dates, currencies, locations, and application-specific patterns are detected and replaced using rule-based systems.
  2. Image anonymization — Avatar images and profile pictures are detected and replaced.
  3. AI-based text detection — Machine learning models identify names, organizations, and other personal identifiers in text content.
  4. Mapping persistence — Anonymization mappings are stored per session, ensuring consistent replacement across replays.

Limitations: No automated anonymization system is 100% accurate. You are responsible for reviewing anonymization results before sharing sandboxes publicly. You may edit anonymization mappings through our interface.

5. Data Sharing

We do not sell your personal information. We share data only in the following circumstances:

5.1 Service Providers

We share data with third-party service providers who assist in operating our Services:

  • AWS — Infrastructure hosting and data storage
  • Clerk — Authentication and identity management
  • Stripe — Payment processing
  • Vercel — Website hosting and analytics
  • Google AI — Embedding generation and AI model inference
  • OpenAI — AI model inference
  • Anthropic — AI model inference

These providers process data on our behalf and are contractually bound to protect your information.

AI model providers: When we send data to Google AI, OpenAI, or Anthropic for inference (embedding generation, agent grading), the data is processed under their business/API terms, which prohibit using customer inputs for model training. We do not use consumer-facing AI tiers that may train on inputs.

Sub-processor notifications: We maintain a list of sub-processors on this page. We will update this list and notify users by email at least 30 days before engaging a new sub-processor that handles personal data. If you object to a new sub-processor, you may terminate your account before the change takes effect.

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to:

  • comply with a legal obligation;
  • protect our rights, property, or safety;
  • prevent fraud or abuse of the Services; or
  • protect the rights, property, or safety of our users or the public.

5.3 Business Transfers

If we are acquired, merged, or sell substantially all our assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

6. Data Retention

  • Account data — Retained for the duration of your account. Deleted within 30 days of account deletion.
  • Recording data — Anonymized recordings and derived sandboxes are retained until you delete them or your account is terminated.
  • Agent training data — Memories, embeddings, and grading results are retained per session until you delete them.
  • Run metadata — Run records are retained for the lifetime of your account.
  • Log data — Server logs are retained for up to 90 days.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

7.1 Access and Portability

You may request a copy of the personal information we hold about you.

7.2 Correction

You may request correction of inaccurate or incomplete personal information.

7.3 Deletion

You may request deletion of your personal information. Upon request, we will delete your data from our active systems. Some data may be retained in backups for a limited period.

7.4 Restriction and Objection

You may request that we restrict processing of your personal information or object to processing based on our legitimate interests.

Where processing is based on your consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

To exercise any of these rights, contact us at privacy@trayn.ai.

8. Children's Privacy

Our Services are not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will delete it promptly.

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Authentication — Session cookies set by Clerk to maintain your login state.
  • Analytics — Vercel Analytics to understand website usage patterns.
  • Preferences — To remember your settings and preferences.

We do not use cookies for third-party advertising or behavioral targeting.

Cookie categories:

CategoryProviderPurposeRequired
AuthenticationClerkMaintains login state via secure session cookiesYes (functional)
AnalyticsVercel AnalyticsAnonymized page view and performance metricsNo (can be disabled)
PreferencestraynRemembers UI settings (theme, sidebar state)No

We do not set third-party tracking cookies. Essential authentication cookies are set only after you sign in and cannot be disabled while using the authenticated application.

10. International Data Transfers

Our Services are hosted in the United States. If you access the Services from outside the United States, your information will be transferred to and processed in the United States. We ensure appropriate safeguards for international transfers in compliance with applicable law, including:

  • Standard Contractual Clauses (SCCs) for transfers from the EU/EEA;
  • reliance on the adequacy of the receiving country's data protection framework where applicable.

11. GDPR Compliance (EU/EEA)

If you are located in the European Economic Area:

We process your personal information on the following legal bases:

  • Contract performance — Processing necessary to provide the Services you requested (account management, recording processing, sandbox generation).
  • Legitimate interests — Processing necessary for our legitimate business interests (service improvement, security, fraud prevention), balanced against your rights.
  • Consent — Where you have given specific consent (marketing communications).
  • Legal obligation — Where we must process data to comply with applicable law.

Data Controller

trayn is the data controller for your personal information. For GDPR-related inquiries, contact us at privacy@trayn.ai.

Data Protection Officer

For data protection inquiries, contact dpo@trayn.ai.

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority.

12. CCPA Compliance (California)

If you are a California resident:

Categories of Information Collected

In the past 12 months, we have collected:

  • Identifiers — Name, email address, IP address, account ID.
  • Internet activity — Browsing history within our Services, interaction data, search queries.
  • Professional information — Organization name (if provided).

Your Rights Under CCPA

  • Right to know — You may request the categories and specific pieces of personal information we have collected about you.
  • Right to delete — You may request deletion of your personal information.
  • Right to correct — You may request correction of inaccurate personal information.
  • Right to opt out — We do not sell or share personal information for cross-context behavioral advertising.
  • Right to limit use of sensitive information — We do not use or disclose sensitive personal information for purposes other than providing the Services.
  • Right to non-discrimination — We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at privacy@trayn.ai.

Do Not Track

We do not respond to browser "Do Not Track" signals at this time.

13. Security

We implement commercially reasonable security measures to protect your personal information, including:

  • encryption in transit (TLS/HTTPS) and at rest;
  • access controls and authentication via Clerk;
  • infrastructure security through cloud provider controls (network isolation, access management, encryption); and
  • regular security reviews.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

14. Changes to This Policy

We may update this Privacy Policy at any time. Changes will be posted on this page with an updated effective date. For significant changes, we will notify you via email or a prominent notice on our website.

15. Contact

For privacy-related questions or requests, contact us at: