Privacy Policy

Last updated: [DATE — PLACEHOLDER]

1. Introduction

[PLACEHOLDER] Trackflowy ("we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

[PLACEHOLDER] We collect the following categories of data:

  • Account data: email address, hashed password, display name.
  • Click data: IP address (used to derive country, then discarded), referrer URL, user-agent string, timestamp.
  • Conversion data: pixel events you choose to fire on your own pages.
  • Usage data: pages visited within the dashboard, feature interactions, error logs.

3. How We Use Your Data

[PLACEHOLDER] We use collected data to:

  • Provide and operate the Service.
  • Generate analytics dashboards for your account.
  • Send transactional emails (password reset, billing receipts).
  • Monitor for abuse and security incidents.
  • Improve the product through aggregated, anonymized usage analysis.

4. Data Sharing

[PLACEHOLDER] We do not sell your personal data. We share data only with:

  • Cloudflare: infrastructure provider (Workers, D1, Pages).
  • Stripe: payment processing (billing data only).
  • Sentry: error monitoring (sanitized error data, no PII).
  • Law enforcement when required by applicable law.

5. Cookies and Tracking

[PLACEHOLDER] We use a session cookie to keep you logged in. We do not use third-party advertising or analytics cookies. Our conversion pixel is self-hosted and does not share data with any advertising network.

6. Data Retention

[PLACEHOLDER] Click and conversion data is retained for 30 days on the Trial plan and 90 days on paid plans. After account cancellation, all data is purged within 90 days. You may request earlier deletion at any time.

7. Your Rights

[PLACEHOLDER] Depending on your jurisdiction (including GDPR and CCPA), you may have the right to access, correct, export, or delete your personal data. To exercise these rights, contact us at [EMAIL — PLACEHOLDER].

8. Security

[PLACEHOLDER] We use industry-standard security practices including PBKDF2 password hashing, HTTPS everywhere, and two-factor authentication. No system is perfectly secure; we will notify you promptly in the event of a data breach.

9. Children's Privacy

[PLACEHOLDER] The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us for removal.

10. Changes to This Policy

[PLACEHOLDER] We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice at least 14 days before they take effect.

11. Contact

[PLACEHOLDER] For privacy inquiries, contact us at [EMAIL — PLACEHOLDER] or write to us at [ADDRESS — PLACEHOLDER].