Privacy Policy for Trace - PostHog User Activity Viewer

Last Updated: February 6, 2025

Overview

Trace is a Chrome extension that allows users to view PostHog user activity and session replays for email senders directly within Gmail. This privacy policy explains what data the extension accesses, how it is used, and how it is stored.

Data Collection and Usage

Data the Extension Accesses

1. Email Addresses: The extension reads the sender's email address and recipient ("To") addresses from the currently open email in Gmail. These addresses are used solely to look up corresponding user activity in your PostHog instance.
2. PostHog API Key and Project ID: You provide your own PostHog API credentials through the extension's options page. These are used to authenticate requests to your PostHog instance.
3. PostHog User Activity Data: The extension fetches event timelines, session replay links, and user properties from your PostHog instance for the identified email sender.

How Data Is Used

• Email addresses are sent only to your own PostHog instance to query user activity.
• PostHog credentials are used only to authenticate API requests to your PostHog instance.
• Fetched activity data is displayed in the extension's side panel and is not transmitted elsewhere.

Data Storage

• PostHog API credentials and configuration settings are stored locally in your browser using Chrome's storage.sync API.
• Analysis results are temporarily stored in your browser using Chrome's storage.local API and are overwritten with each new lookup.
• No data is stored on external servers owned or operated by us.

Data Sharing

• We do not sell or transfer user data to third parties.
• We do not use or transfer user data for purposes unrelated to the extension's single purpose.
• We do not use or transfer user data to determine creditworthiness or for lending purposes.
• The extension communicates only with your self-configured PostHog instance. No data is sent to any other third-party service or to our own servers.

Permissions

The extension requests the following permissions, each necessary for its core functionality:

• activeTab: To detect the active Gmail tab and extract the email sender's address.
• storage: To save your PostHog configuration and temporarily store analysis results.
• sidePanel: To display user activity data alongside Gmail.
• scripting: To inject a script into Gmail that reads the sender's email address from the page.
• Host permissions (mail.google.com): To run the content script on Gmail pages.
• Host permissions (posthog.com): To make API requests to your PostHog instance.

Data Security

All data is stored locally in your browser. PostHog API credentials are stored using Chrome's built-in storage APIs, which are sandboxed to the extension. All API communication with PostHog is conducted over HTTPS.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be reflected in the "Last Updated" date above.

Contact

If you have questions about this privacy policy, please contact us at:

Lascade
Email: connect@lascade.com