‹› Legal
Privacy & cookie policy.
Last updated · 13 July 2026
LeoTrace (“we,” “our,” “us”) respects your privacy and is committed to protecting it. This policy explains how we collect, use, store, and safeguard personal data when you use our products — LeoPrevent, LeoBench, and LeoReveal — and when you visit this website, including our use of cookies.
Who we are
LeoTrace provides AI code-security products that help engineering teams find and fix insecure code produced by AI coding agents. We are the data controller for personal data described in this policy. For any privacy question, contact us at info@leotrace.io.
Information we collect
- Account & contact data: name, work email, company, and role — for example when you request a demo or correspond with us.
- Service data: code, configuration, agent output, and related technical data your developers or agents submit to LeoPrevent, LeoBench, or LeoReveal for analysis, plus the findings we generate.
- Website data: log data, approximate location, device and browser information, and analytics collected via cookies (see clause 04).
- Communication data: emails, support requests, and related correspondence.
We limit collection to what is needed to provide and improve our products.
How we use it & our lawful bases
We process personal data under the UK GDPR and Data Protection Act 2018 to:
- Deliver, secure, and improve our products and website — contractual necessity and legitimate interests.
- Respond to enquiries, provide support, and send service messages — contractual necessity and legitimate interests.
- Analyse website usage and send marketing where you have opted in — consent.
- Meet legal, tax, and regulatory obligations, and prevent fraud or misuse — legal obligation and legitimate interests.
Cookies
Cookies are small files stored on your device when you visit a site. The only cookies we use are analytics cookies from Google Analytics, which help us understand how visitors use the site so we can improve it. Google acts as our processor, and data may be transferred outside the UK under the safeguards in clause 06.
- _ga: distinguishes visitors — Google Analytics — 2 years.
- _ga_<id>: keeps session state for a property — Google Analytics — 2 years.
- __Secure-ENID: Google security and preferences cookie, set on google.com when Analytics loads — Google — ~13 months.
Analytics cookies are set only if you accept them in our cookie banner. You can at any time, block or delete cookies in your browser settings, or opt out of Google Analytics across all sites using Google’s browser add-on. Declining will not affect how the site works.
Sharing & processors
We do not sell your data. We share it only with:
- Trusted service providers (e.g. cloud hosting, form handling, and Google Analytics) acting as our processors under contract.
- Authorised representatives of your organisation, as part of service delivery.
- Authorities or advisers where required by law or to protect our legal rights.
International data transfers
Where we transfer personal data outside the UK, we rely on appropriate safeguards, such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision.
Retention & security
We keep personal data only as long as needed for the purposes above or as required by law, then delete or anonymise it. We protect it with encryption in transit and at rest, strict access controls, and logging and monitoring.
Processing on behalf of customers
When we process data our customers submit through our products, the customer is the data controller and we act as their data processor. In that role we process the data only on the customer’s documented instructions and for the agreed services, maintain appropriate safeguards, and return or delete the data on request or at the end of the contract. We will enter into a data processing agreement (DPA) where required.
Your rights
Under UK data protection law you may access, correct, delete, or port your data, restrict or object to processing, and withdraw consent. To exercise any right, email info@leotrace.io. You may also complain to the Information Commissioner’s Office (ICO) at ico.org.uk.
Children, changes & contact
Our products and website are not directed to anyone under 18, and we do not knowingly collect their data. We may update this policy from time to time; changes are posted here with a revised “last updated” date. Questions? Contact info@leotrace.io.