TRACED PRIVACY POLICY

Privacy Policy

Last updated April 21, 2026

No Accounts, Cookies, or Analytics

TRACED is a static public breach archive. It does not create user accounts, set tracking cookies, run analytics, or store behavioral profiles. Pages are served by Cloudflare Pages as static assets.

Password Checks

Password checks use the Have I Been Pwned k-anonymity model. Your browser hashes the password locally, sends only the first five characters of the hash prefix, receives possible matches, and completes the final comparison on your device. The full password is not sent to TRACED.

Data Sources

Breach case files are built from public Have I Been Pwned breach data. TRACED is not affiliated with Have I Been Pwned or Troy Hunt.

Network Requests

Normal page visits request static assets, fonts, breach metadata, and security headers from Cloudflare Pages. Password checks also call the Pwned Passwords range endpoint with a short hash prefix. TRACED does not add marketing pixels, session replay tools, advertising tags, or custom analytics scripts to those requests.

Public Archive Limits

The case files describe public breach records, not private account status. A record can help you understand what categories of data were exposed, when the incident happened, and whether passwords were included. It cannot verify whether a specific email address or account belongs to you.

Browser Storage and Exports

TRACED does not ask visitors to create saved breach searches or account profiles. If your browser keeps local history, autofill entries, downloaded files, or cached pages, those records are controlled by your browser and device settings rather than by the TRACED application.

Contact

For questions about this site, contact Jonathan R. Reed through jonathanrreed.com/contact/.