tx()TraceX

Legal

Privacy Policy

Effective date: April 27, 2026

At a glance

  • We collect your email to deliver your free license, the setup guide, and operational updates.
  • We don't collect payment data, your name or address, or your raw hardware identifiers.
  • We never sell or rent your email. Affiliate partners get clicks only — never your address.
  • You control your data. Email [email protected] to access, correct, or delete it.

This Privacy Policy explains how the operator of TraceX HWID Spoofer (“we”, “us”, “our”) collects, uses, shares, and protects information when you visit the TraceX Spoofer website, submit your email to receive a license, or otherwise use the Service. By using the Service you consent to the practices described below. If you do not agree with this policy, do not use the Service.

You can browse the TraceX HWID Spoofer website without submitting any personal information. We collect personal data only when you choose to engage — for example, by submitting your email to receive a license, by submitting a community ban report, or by contacting us for support.

01 · What we collect

We collect only what we need to deliver and operate the Service.

Information you give us

  • Email address.Required to deliver your free license key, the setup guide, and operational announcements (e.g. detection-status changes, new builds).
  • Ban report submissions. If you submit a ban report on our community ban tracker, we record the reported game and report type, plus a salted hash of your IP address and a non-reversible browser-fingerprint hash. Used solely to de-duplicate reports and prevent spam.
  • Support correspondence. If you email us, we retain the message contents and your reply-to address while we handle your request.

Information collected automatically

  • Server logs. Standard web-server logs (IP address, user agent, request path, timestamps, response status) kept short-term for security, debugging, and abuse prevention.
  • License activation events. When the TraceX Spoofer software contacts our servers to validate a license, we record the activation timestamp and a one-way SHA-256 digest that binds the license to the device. The digest is computed on your machine before transmission; the underlying motherboard, disk, MAC, registry, and other hardware values themselves never leave your device. The digest is used only to verify the license, prevent unauthorised duplication, and stop unauthorised analysis of the software.
  • Bot-protection signals. We use a third-party bot-protection challenge to limit abuse of our email-capture and ban-report endpoints (see Section 04).

02 · What we don't collect

  • Payment information — the Service is free, so there is nothing to collect.
  • Your name, postal address, phone number, or government identifiers.
  • Your original hardware serial numbers, MAC addresses, or other raw HWID values. Spoofing happens locally on your machine; we only see a non-reversible binding hash.
  • Persistent telemetry from your machine after setup. The TraceX Spoofer binary is designed to be run once and deleted.
  • We do not sell or rent your email address. Ever.
  • We do not use behavioural advertising, cross-site retargeting pixels, or third-party analytics that profile you across the web.

03 · How we use it

  • Service delivery. Sending the welcome email with your license key, the setup guide, transactional updates tied to your license, and ad-hoc operational notices (e.g. a detected anti-cheat surface and the corresponding new build).
  • Affiliate-funded sustainability. Because the Service is free, we partially fund operations through referral relationships with third-party services we recommend in transactional emails (for example, virtual private network providers). Your email address is never shared with those partners; we only forward referral clicks via partner-supplied tracking URLs.
  • Abuse prevention. Salted IP hashes and fingerprint hashes are used to de-duplicate ban reports, rate-limit endpoints, and prevent automated abuse.
  • Service improvement. Aggregated, non-identifying usage signals help us prioritise updates and surface popular content. We do not build individual user profiles for advertising.
  • Legal compliance. We may use or disclose information when we have a good-faith belief it is necessary to comply with a legal obligation, respond to lawful process, or protect our rights, property, or the safety of users or third parties.

04 · Third parties

We share information only with the third parties needed to operate the Service. Each is bound by its own privacy policy and, where applicable, by data-processing terms that restrict their use of your information to providing services to us.

  • Email delivery provider. Used to send your license, setup guide, and transactional notices. Processes your email address on our behalf.
  • Database and authentication infrastructure (Supabase). Hosts the email-subscriber list, license records, and ban-report aggregates.
  • CDN and bot protection (Cloudflare). Routes traffic to our origin, mitigates DDoS, and challenges abusive requests on our email-capture and report endpoints.
  • Affiliate networks. When you click a referral link in one of our emails, the partner may set its own cookies on its own domain to attribute the referral. We do not pass your email address or any other identifier to the partner.

05 · Cookies

We use a small number of strictly necessary cookies. None are used for advertising or cross-site tracking.

  • Session cookie (tracex-session) for authenticating to the customer panel after you submit your license key. HttpOnly, Secure, and short-lived.
  • Bot-protection cookie set by Cloudflare or our challenge provider on form-submission pages.

We do not use third-party analytics cookies. If we add privacy-friendly analytics in the future, this section will be updated and you will retain the right to opt out.

06 · International transfers

Our infrastructure providers may process data in countries other than your own, including the United States and the European Union. Where required, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) to lawfully transfer personal data internationally.

07 · Data retention

  • Email subscriber and license records:retained for as long as the license is active and you continue to engage with the Service. You may request deletion at any time (Section 09).
  • Ban reports: aggregate counts are retained indefinitely; the salted IP hash and fingerprint hash used for de-duplication are deleted no later than 90 days after submission.
  • Server logs: retained for up to 30 days for security, debugging, and abuse prevention.
  • Support correspondence: retained for up to 12 months from the last message in the thread.

08 · Security

We implement reasonable technical and organisational measures designed to protect personal information against unauthorised access, disclosure, alteration, and destruction. This includes encryption in transit (HTTPS), access controls, principle-of-least-privilege provisioning of secrets, and regular dependency reviews. No system is perfectly secure, however, and we cannot guarantee absolute security.

09 · Your rights

Depending on where you reside, you may have the right to:

  • access the personal information we hold about you;
  • request correction of inaccurate or incomplete information;
  • request deletion of your personal information (the “right to be forgotten”);
  • request a copy of your personal information in a portable format;
  • object to or restrict certain processing, including direct marketing;
  • withdraw consent for processing where consent is the legal basis (this does not affect the lawfulness of prior processing);
  • lodge a complaint with a supervisory authority.

To exercise any of these rights, email [email protected] from the address associated with your license. We respond to valid requests within 30 days. If we cannot verify your identity from the information provided, we may ask for additional verification before acting.

10 · Children's privacy

The Service is not directed to children under 13 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal information from a child below this age. If you believe a child has provided us with personal information in breach of this section, please contact [email protected] and we will delete the information.

11 · Do Not Track

Because we do not engage in cross-site behavioural tracking, we do not respond to browser “Do Not Track” signals.

12 · California, EEA & UK

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to deletion, the right to correct inaccurate information, and the right not to be discriminated against for exercising your rights. We do not sell or share personal information for cross-context behavioural advertising as those terms are defined under the CCPA.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing are: (i) performance of a contract (delivering the Service to you), (ii) our legitimate interests in operating, securing, and improving the Service, and (iii) compliance with legal obligations. Where we rely on consent (for example, for optional product announcements beyond transactional service messages), you may withdraw consent at any time.

13 · Changes to this policy

We may update this policy from time to time. The current version will always be available at this URL with the effective date shown above. If a change materially affects how we use your information, we will make reasonable efforts to notify you, for example by email or by a banner on the website.

14 · Contact

For privacy-related questions, requests, or complaints, contact [email protected].

See also: Terms of Service