OpsTrails

Privacy Policy

Last updated: March 7, 2026

OpsTrails ("we", "us", "our") operates the websites at opstrails.dev, console.opstrails.dev, docs.opstrails.dev, and api.opstrails.dev (collectively, the "Service"). This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.

By using OpsTrails, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an OpsTrails account, we collect:

  • Email address
  • Name (if provided)
  • Organization name
  • Authentication credentials (OAuth tokens or hashed passwords)

1.2 Operational Event Data

OpsTrails is a deployment tracking and infrastructure event timeline service. When you or your CI/CD pipelines send events to OpsTrails, we collect and store the event data you submit, which may include:

  • Event type (e.g., deployment, rollback, data-load, incident)
  • Event source (e.g., repository identifiers, pipeline names)
  • Event subject (e.g., environment names such as "production" or "staging")
  • Timestamps
  • Version identifiers
  • Severity levels
  • Custom metadata you include in the event data payload

You control what data you send. OpsTrails does not automatically collect data from your infrastructure. Events are only recorded when you or your automated pipelines explicitly send them to our API.

1.3 Analytics Provider Data

If you connect third-party analytics providers (such as Datadog, Sentry, New Relic, Google Analytics 4, or Adobe Analytics), OpsTrails retrieves aggregated metric values (such as error rates, latency percentiles, and custom metrics) for the purpose of before/after impact analysis around your events. We do not access raw logs, traces, or personally identifiable information from these providers.

1.4 API Keys

We store API keys that you generate for authenticating with the OpsTrails API, CLI, SDK, and MCP server. API keys are stored securely and can be revoked at any time from the console.

1.5 Usage and Technical Data

We automatically collect certain technical information when you access the Service, including:

  • IP address
  • Browser type and version
  • Pages visited and features used within the console
  • Timestamps of access
  • Referring URL

We use this data to maintain security, diagnose technical issues, and improve the Service.

1.6 Cookies

We use essential cookies to maintain your authenticated session in the console. We also use cookies set by Google Analytics (see section 1.7) on our marketing and documentation sites. We do not use third-party advertising or tracking cookies.

1.7 Website Analytics

We use Google Analytics 4 (GA4) on opstrails.dev, docs.opstrails.dev, and console.opstrails.dev to understand how visitors use our sites. GA4 collects anonymized usage data including:

  • Pages visited and navigation paths
  • Session duration and engagement metrics
  • General interactions such as button clicks (e.g., CTA clicks)
  • Browser type, device category, and approximate geographic region

This data helps us improve the Service and is processed by Google in accordance with their privacy policy. No personally identifiable information is shared with Google for advertising purposes.

GA4 only loads after you grant cookie consent through the consent banner displayed on your first visit. If you decline, no analytics cookies are set and no data is collected.

To withdraw consent, clear your browser's local storage or site data for our domains. The consent banner will reappear on your next visit, allowing you to make a new choice.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate your identity and manage your account
  • Store and serve your operational event timeline
  • Perform impact analysis by correlating events with connected analytics metrics
  • Respond to your support requests and communications
  • Send transactional emails (e.g., usage alerts at 80% of your event quota, account notifications)
  • Monitor for abuse, fraud, and security threats
  • Comply with legal obligations

We do not use your operational event data to train machine learning models, sell to third parties, or serve advertisements.

3. MCP (Model Context Protocol) and AI Assistants

OpsTrails provides a Model Context Protocol (MCP) server that allows AI assistants (such as Claude, GitHub Copilot, Cursor, and others) to query your event timeline and metrics on your behalf.

  • MCP access is read-only. AI assistants cannot create, modify, or delete your data.
  • MCP queries are authenticated using your API key or OAuth token. Only users and assistants with valid credentials for your organization can access your data.
  • When you use MCP through Claude.ai, the OAuth flow creates a read-only API key managed on your behalf. You can revoke this key at any time from the console.
  • We do not control how third-party AI assistants process or display the data they retrieve from OpsTrails. Please review the privacy policies of the AI assistants you use.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information or operational event data.

We may share your information only in the following circumstances:

  • Service providers: We use third-party infrastructure providers (such as cloud hosting and email delivery services) that process data on our behalf under strict contractual obligations.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
  • With your consent: We may share information when you have given us explicit permission to do so.

5. Data Retention

Operational event data is retained according to your plan's retention period:

PlanRetention Period
Free7 days
Starter30 days
Pro90 days

After the retention period, event data is permanently deleted from our systems.

Account information is retained for as long as your account is active. If you delete your account, we will delete your personal information and all associated event data within 30 days, except where we are required to retain it for legal or compliance purposes.

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) for all data transmitted to and from the Service
  • Encryption at rest for stored data
  • Secure API key generation and storage
  • Role-based access controls (RBAC) for team accounts
  • Regular security reviews of our infrastructure

While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data and account.
  • Portability: Request your data in a structured, machine-readable format. Your operational events are accessible via the OpsTrails API in CloudEvents 1.0 JSON format at any time.
  • Objection: Object to processing of your personal data in certain circumstances.
  • Restriction: Request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at support@opstrails.dev. We will respond within 30 days.

7.1 UK and EEA Residents

If you are located in the United Kingdom or European Economic Area, we process your personal data under the following legal bases:

  • Contract performance: Processing necessary to provide the Service you have signed up for.
  • Legitimate interests: Processing for security, fraud prevention, and service improvement, where these interests are not overridden by your rights.
  • Consent: Where you have given explicit consent (e.g., connecting optional analytics providers).
  • Legal obligation: Processing required to comply with applicable law.

You have the right to lodge a complaint with your local data protection authority (in the UK, the Information Commissioner's Office at ico.org.uk).

8. International Data Transfers

Your data may be processed in countries outside your country of residence. Where we transfer data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection law.

9. Children's Privacy

OpsTrails is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email.

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: support@opstrails.dev

OpsTrails United Kingdom