TraceProof is an enterprise tool deployed under customer-controlled policy. These documents define what the software does, who owns the data, and where responsibility lies.
"Software" means the TraceProof application, including all binaries, native helper executables, server components, administrative templates (ADMX/ADML), documentation, and updates provided by the Company.
"License" means the right to use the Software granted under this Agreement.
"Customer" means the organization or individual that has purchased or otherwise obtained the Software and is responsible for its deployment.
"End User" means any natural person who operates the Software on a device under the Customer's control.
"Enterprise Edition" means the version of the Software that includes Group Policy Object (GPO) management, offline JWT licensing, TPM-backed key storage, and the Evidence Vault server component.
"Evidence Vault" means the append-only server component that receives, stores, and makes available sealed incident packages uploaded by the Software.
"Incident Package" means the sealed forensic bundle produced by the Software consisting of a video clip, structured metadata, cryptographic hashes, and a chain-of-custody record.
"Deployment Policy" means the configuration applied to the Software by the Customer through Windows Group Policy (GPO), MDM, or direct registry settings under HKEY_LOCAL_MACHINE\SOFTWARE\TraceProof.
Subject to the terms and conditions of this Agreement, the Company grants the Customer a non-exclusive, non-transferable, limited license to:
The Customer and all End Users must not:
In an Enterprise Edition deployment, the Customer is the controlling party. The Customer determines, through Deployment Policy: which features are enabled; whether End Users may modify those features or whether settings are locked; the address and authentication of the Evidence Vault server; and data retention periods enforced at the server level.
Settings locked via HKEY_LOCAL_MACHINE (HKLM) are displayed as read-only to the End User and cannot be overridden through the application UI.
The Customer is solely responsible for ensuring that End Users are informed of monitoring in accordance with all applicable laws prior to deployment. This includes providing adequate notice that screen recording, audio detection, input logging, and/or OCR monitoring is active; obtaining any consent required by applicable law; and including monitoring disclosure in employment contracts or equivalent instruments.
When the Customer locks UploadEnabled = 1 via HKLM Deployment Policy, the Software will upload every Incident Package to the configured Evidence Vault in real time and the End User will not be able to disable this behavior through the application UI. The Customer acknowledges that:
When UploadEnabled is not locked via HKLM, End Users may enable or disable vault upload through the application UI. Changes to this setting are recorded in the Windows Application Event Log (Event ID 112/113, Source: TraceProof). In this mode the chain of custody for local-only incidents depends on the integrity of the local machine.
The Software and all copies thereof are proprietary to the Company and title thereto remains in the Company. All rights in the Software not specifically granted in this Agreement are reserved. Third-party open source components used by the Software are identified in THIRD-PARTY.txt and are governed by their respective licenses.
THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. To the maximum extent permitted by applicable law, the Company expressly disclaims all warranties, whether express, implied, statutory, or otherwise, including any implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement.
The Company does not warrant that the Software will meet the Customer's requirements or be suitable for any particular compliance or legal purpose; that the forensic integrity mechanisms will be accepted as evidence by any court or regulatory authority; or that the Software will operate without interruption, error, or data loss.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE COMPANY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, LOSS OF DATA, OR BUSINESS INTERRUPTION.
THE COMPANY'S TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED THE AMOUNTS PAID BY THE CUSTOMER FOR THE SOFTWARE LICENSE IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.
This Agreement is effective until terminated. The Company may terminate this Agreement immediately upon written notice if the Customer materially breaches any provision and fails to cure such breach within thirty (30) days. Upon termination, the Customer must cease all use of the Software and destroy all copies.
"Agent" means the TraceProof desktop application installed on an End User's device, including all background capture processes and native helper executables.
"Evidence Vault" means the append-only server component operated by the Customer on Customer-owned infrastructure. The Company has no access to any Evidence Vault instance.
"Admin" means any individual authorized by the Customer to access the Evidence Vault dashboard or review Incident Packages.
"End User" means any natural person on whose device the Agent is installed and active.
"Deployment Policy" means the configuration applied to the Agent by the Customer through Windows Group Policy, MDM, or direct registry entries.
"Enterprise Mode" means a deployment in which one or more settings are locked via HKLM and cannot be modified by the End User.
"User-Controlled Mode" means a deployment in which no settings are locked via HKLM and the End User may configure all Agent features.
TraceProof is a tool. Data protection obligations with respect to End User data rest entirely with the Customer as data controller. Customers deploying the Software in jurisdictions subject to GDPR, CCPA, PIPL, or equivalent frameworks are responsible for conducting required data protection impact assessments, maintaining records of processing, and fulfilling data subject rights obligations.
The following categories of data may be collected, depending on Deployment Policy and End User settings.
| Category | What is captured | When persisted |
|---|---|---|
| Video | Continuous screen recording of configured monitors | Only the triggered window; rolling buffer is overwritten |
| Audio | System audio mix (WASAPI loopback); optionally microphone for PiP | Only the triggered clip segment |
| Input events | Key names (not typed text), mouse coordinates and actions | [-preSec, +postSec] window around trigger, embedded in incident.json |
| Screen text (OCR) | All text visible on screen at OCR scan time, via Windows.Media.Ocr | When a pattern match triggers an incident |
| Timestamps | System clock, Windows FILETIME, NTP (3 servers), DNS SOA serial | Every incident package |
| System metadata | Hostname, username, OS version, foreground window title, process name, PID | Every incident package |
| Windows Event Log | Structured Agent lifecycle events (see Event ID reference) | Continuously while Agent is running |
| Purpose | Description |
|---|---|
| Security monitoring | Detecting and recording security-relevant events on managed devices |
| Compliance recording | Maintaining auditable records required by regulatory obligations |
| Incident reconstruction | Providing a forensically sound record of events surrounding a detected incident |
| Chain of custody | Cryptographically binding captured evidence to a specific machine, user account, and point in time |
| Audit trail | Providing investigators and compliance officers with a tamper-evident record |
The Agent does not use collected data for advertising, commercial profiling, sale to third parties, or any purpose other than those listed above as configured by the Customer.
In Enterprise Mode, the Agent's behavior is governed by Deployment Policy set by the Customer's IT administrators, not by End User discretion. Settings locked via HKLM are applied at startup, displayed as read-only in the UI, and identified to the End User as "Managed by your organization".
Changes to the vault upload state are recorded in the Windows Event Log regardless of mode (Event ID 112: enabled, Event ID 113: disabled). In Enterprise Mode where UploadEnabled is locked, this toggle is inaccessible to the End User.
In User-Controlled Mode, the End User controls all Agent features through the UI and may enable or disable recording, OCR, audio detection, input logging, vault upload, and all other configurable features.
Regardless of deployment mode, the Agent provides the following transparency mechanisms:
The Customer owns all data collected by the Agent. The Company claims no ownership, license, or interest in any Incident Package, Evidence Vault contents, or other data generated by the Agent.
| Party | Access rights |
|---|---|
| End User | Access to locally stored Incident Packages on their own device; visibility into Agent state via UI and Event Viewer |
| Admin (Customer) | Full access to Evidence Vault contents, dashboard, and all Incident Packages from all deployed devices |
| Company | No access to any End User data, Evidence Vault, or Incident Packages at any time |
Incident Packages are stored locally in the configured save directory until deleted by the End User or by an Admin. The Agent does not automatically purge local Incident Packages.
The Evidence Vault server supports a configurable RETENTION_DAYS setting. The default is no automatic purging. The Customer is responsible for setting a retention period consistent with applicable legal and regulatory requirements.
Individual Incident Packages can be exported from the Evidence Vault as a ZIP archive via the API or dashboard. The ZIP contains the video clip, all metadata files, and the chain-of-custody record.
The Agent does not transmit any captured data to the Company. The only outbound network activity that may reach external infrastructure:
| Activity | Destination | Data transmitted |
|---|---|---|
| License validation | Gumroad API (Mortals Edition only) | License key; no personal data |
| NTP clock queries | time.windows.com, time.google.com, time.cloudflare.com | Standard UDP NTP packet; no identifying data |
| DNS SOA query | System DNS resolver | DNS query for root zone; no identifying data |
No telemetry, crash reporting, usage analytics, or behavioral data is transmitted to the Company.
To the maximum extent permitted by applicable law, the Company shall not be liable for any data breach or loss affecting the Customer's Evidence Vault resulting from the Customer's failure to implement adequate access controls; any violation of applicable privacy or employment law resulting from the Customer's deployment; any failure of Incident Packages to be accepted as evidence by any authority; or any consequences arising from the End User's ability to disable vault upload in User-Controlled Mode deployments.
The Software is intended solely for enterprise workforce monitoring under a disclosed and lawful Deployment Policy; forensic incident capture and reconstruction for compliance, legal hold, or internal investigation purposes; security event recording on devices owned or managed by the deploying organization; and personal productivity recording where the End User is the sole operator and data subject.
You may not use the Software to:
The application user interface is a faithful reflection of the active Deployment Policy. When a setting is controlled by the Customer's IT administrator via Group Policy (HKLM registry), the corresponding UI control is displayed as disabled with an indication that the setting is managed by the organization.
The UI does not present options that are unavailable under the active policy. What the End User sees in the UI is what the End User can do.
The Software does not have capabilities that are active but not reflected in the UI or accessible to the End User. All configurable features are either visible and operable (User-Controlled Mode), visible and labelled as policy-managed (Enterprise Mode), or absent from the build (feature not included in the purchased edition). There are no undisclosed recording modes, no remote configuration channels outside the documented GPO/registry mechanism, and no Company-controlled backdoors.
In Enterprise Mode, settings locked via HKLM are enforced at the application level. The Software will not accept configuration changes to locked keys through the UI, through direct modification of the application configuration file, or through any other mechanism accessible to the End User without administrative privileges.
set-store IPC handler checks isPolicyLocked() before applying any value. Locked keys are rejected.The Software enforces Deployment Policy within its own process boundary. It does not and cannot prevent an End User with local administrator privileges from terminating the application, modifying HKCU registry values, deleting locally stored Incident Packages, or blocking network access to the Evidence Vault server.
The chain-of-custody design makes circumvention attempts visible: application termination creates a recording gap; disabling vault upload generates Event ID 113; deleting local Incident Packages creates a sequence number gap detectable by verify.js --chain; clock manipulation at capture time is recorded as a signed timestamp conflict in the Incident Package.
Provided free of charge with the following limitations: maximum clip duration 15 seconds; watermark burned into all exported clips; online license validation required; no offline mode; GPO management and Evidence Vault not included; TPM key binding not available. Fully functional within these limits and not time-limited.
Available by arrangement. Trial keys are time-limited offline JWT licenses with the full Enterprise feature set. At expiry, the application reverts to Mortals Edition behavior. Incident Packages created during the trial remain valid and verifiable after expiry.
Trial and demonstration deployments may not be used to monitor individuals without appropriate disclosure and consent as required by applicable law, and may not be used to generate Incident Packages intended for submission in legal or regulatory proceedings without a valid full license.
Customers and End Users must not:
Presenting an Incident Package as forensic evidence while knowing that the chain of custody has been broken — by local file tampering, vault upload suppression, or other means — to any court, regulator, employer, or third party is a misuse of the Software and may constitute fraud or obstruction under applicable law.
Deployment for workforce monitoring must comply with all applicable employment law, labor relations law, works council requirements, and collective bargaining agreements. Requirements vary significantly by jurisdiction and include works council consultation (e.g. Germany, France, Netherlands); written employment policy disclosure; consent requirements for audio capture (two-party consent jurisdictions); and data minimization requirements under GDPR and equivalent frameworks. The Company does not provide legal compliance verification.
The Software is provided on an "as is" and "as available" basis. To the fullest extent permitted by applicable law, the Company disclaims all warranties, including any warranty that the Software will produce forensic evidence admissible in any legal proceeding; that the Software will capture all incidents of interest; or that the chain of custody will be accepted as legally sufficient proof of integrity by any authority.
The Company's aggregate liability under or in connection with these Terms shall not exceed the amounts paid by the Customer for the Software License in the twelve (12) months immediately preceding the event giving rise to the claim. In no event shall the Company be liable for indirect, incidental, special, consequential, or punitive damages.
The Customer agrees to indemnify, defend, and hold harmless the Company from and against any claims arising from the Customer's deployment of the Software in violation of applicable law; failure to provide required notice or obtain required consent from End Users; or any claim by an End User or third party arising from the Customer's monitoring practices.
These documents (EULA, Privacy Policy, Terms of Use) are provided as a starting point appropriate to the technical design of the Software. They do not constitute legal advice and have not been reviewed by a qualified attorney. Before deploying TraceProof in a regulated environment, for workforce monitoring, or in any jurisdiction with specific employee monitoring or data protection requirements, the Customer should have these documents reviewed and adapted by qualified legal counsel in the relevant jurisdiction.