Privacy Policy
Effective: 1 May 2026 · Last updated: 13 May 2026
If you have a Trackflowy account
You are a Customer. This policy covers your account data, dashboard activity, and subscription.
If you clicked a Trackflowy link
You are an End-Visitor. We collect anonymized, non-identifiable click data only — no personally identifiable information (PII) is ever stored about you.
What we never do
- Sell your personal data
- Share data for advertising or cross-context behavioural tracking
- Store raw End-Visitor IP addresses or any PII about End-Visitors
- Store payment card data
- Track visitors across third-party sites
1. Introduction
Trackflowy ("we", "us", "our") operates the Trackflowy link tracking platform at trackflowy.com and app.trackflowy.com. This Privacy Policy explains what data we collect about Customers (people who hold a Trackflowy account) and End-Visitors (people who click a Trackflowy tracking link or visit a website where a Customer has embedded our conversion pixel), how we use it, and your rights.
2. Data We Collect
We collect the following categories of data:
- Account data (Customers): name, email address, hashed password (PBKDF2), and (if you enable two-factor authentication) your TOTP secret and backup recovery codes.
- Business content (Customers): destinations, tracking links, posts, templates, conversion goals, and custom domains you create.
- Session and security data (Customers): session token, login IP and User-Agent, activity and audit logs of dashboard actions.
- Click data (End-Visitors): no PII is ever collected or stored. We receive only anonymized, non-identifiable signals — we never store raw IP addresses or any information that could identify an individual. What we do record:
- IPv4 address with last octet zeroed (e.g.
1.2.3.0) - IPv6 address truncated to first 48 bits
- HMAC-SHA256 IP hash (keyed with a server-side secret) for bot detection — computationally irreversible without the key
- Country, User-Agent, referrer, and timestamp
- IPv4 address with last octet zeroed (e.g.
- Conversion data (End-Visitors): when a Customer embeds our pixel, we receive the most recent tracking ID from the visitor's localStorage (key
trackflowy_click_id, capped at 10 IDs), the conversion URL, optional event name, optional value and currency, the page referrer, and the User-Agent. The pixel uses localStorage, not cookies. - YouTube data (optional, Customers): if you connect your YouTube channel via Google OAuth (read-only scope), we store channel metadata and video metadata so we can display them inside the dashboard. OAuth access and refresh tokens are encrypted at the application layer with AES-256-GCM before database storage; the encryption key is a server-side secret so a database read alone cannot yield usable tokens.
- Error and performance data: Sentry session replays with text and input masking enabled (10% of sessions, 100% of error sessions).
3. How We Use Your Data
- Operate the Service: authenticate you, redirect tracking-link clicks, attribute conversions, and enforce plan limits.
- Send transactional emails (verification, password reset, 2FA notices, plan usage nudges, trial and grace-period notices), and occasionally product updates or offers. You can unsubscribe from non-transactional emails at any time via the link in the email.
- Detect bots and abuse, rate-limit sensitive endpoints, and maintain audit logs.
- Diagnose bugs and monitor performance via Sentry.
- Display your YouTube channel and video metadata inside your Trackflowy dashboard, if you connect a YouTube channel. We do not use your YouTube OAuth tokens for any purpose other than fetching your channel data on your behalf, and we do not use your YouTube data to build advertising profiles or to train machine learning models.
- Comply with legal obligations and enforce our Terms of Service.
4. Legal Basis (GDPR / UK GDPR)
We rely on the following legal bases:
- Performance of a contract: to provide the Service to you.
- Legitimate interests: for security, fraud prevention, audit logs, error monitoring, and product communications where you would reasonably expect them.
- Consent: for optional product updates and offers — you can withdraw consent at any time by unsubscribing.
- Legal obligation: where required by applicable law.
For data collected via tracking links and the conversion pixel, Trackflowy acts as a data processor on behalf of our Customers, who are the data controllers. A Data Processing Agreement is available to Customers on request.
5. Data Sharing & Subprocessors
We do not sell your personal data, and we do not share it for cross-context behavioural advertising. We share data only with the following subprocessors:
| Provider | Purpose | Region | Privacy policy |
|---|---|---|---|
| Cloudflare | Infrastructure — Workers, Pages, D1 database, custom domain SSL, DDoS protection | Global | cloudflare.com |
| Sentry | Error tracking and session replay (text & input masking on) | US | sentry.io |
| Resend | Transactional email delivery | US | resend.com |
| Google / YouTube | OAuth tokens + channel/video metadata (only if you connect a YouTube channel) | Global | google.com |
We share data with law enforcement or governmental authorities only when required by applicable law.
6. International Data Transfers
We are based outside the EU, and our infrastructure is globally distributed. For transfers of EU/UK personal data to providers in the United States, we rely on our subprocessors' own transfer mechanisms (including Standard Contractual Clauses where applicable), supplemented by encryption in transit and at rest.
7. Cookies and Browser Storage
We do not use third-party advertising or analytics cookies. The tables below list every key we set, what it stores, and how long it lasts.
Session cookie (strictly necessary)
| Key | Details | Lifetime |
|---|---|---|
trackflowy.session_token | Keeps you logged in. Encrypted, httpOnly, secure, SameSite=Lax. | 7 days (sliding) |
localStorage (functional, dashboard only)
| Key | Purpose | Lifetime |
|---|---|---|
trackflowy-theme | Saves your dark/light mode preference | Until cleared |
trackflowy-tour-welcomed | Records whether you dismissed the welcome dialog | Until cleared |
trackflowy-tour-completed | Records whether you completed the guided product tour | Until cleared |
sessionStorage (functional, dashboard only)
| Key | Purpose | Lifetime |
|---|---|---|
chunkErrorReloaded | One-time flag that prevents infinite reload loops on chunk-load failures | Tab session |
localStorage (analytics/conversion tracking, Customer websites)
| Key | Purpose | Lifetime |
|---|---|---|
trackflowy_click_id | Stores up to 10 tracking IDs set by Trackflowy links, used by our pixel for conversion attribution on Customer websites | Until cleared |
Customers who embed the pixel on EU/UK-facing websites are responsible for obtaining the appropriate consent from their visitors before the pixel activates.
8. Data Retention
We retain account data, click and conversion records, YouTube records, and audit logs for the life of your account. When you delete your account from the dashboard, deletion is immediate and permanent. We delete your profile, business content, click and conversion records, YouTube data, sessions, and logs from our database, and we revoke any active YouTube OAuth tokens with Google. Residual copies may persist temporarily in encrypted backups maintained by our infrastructure provider and in Sentry / Resend logs until they roll off per each provider's schedule.
End-Visitor data: anonymized click and conversion records are retained for the life of the Customer account that generated them and deleted when that Customer deletes their account. Because the data is anonymized and contains no PII, it cannot be linked back to an individual and is not subject to individual deletion requests.
9. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, export, delete, restrict, or object to the processing of your personal data, and the right to lodge a complaint with your local data-protection authority.
You can exercise most rights directly inside the dashboard — no need to email us first:
Export your data
Download everything as JSON — links, destinations, posts, click data, and account details. Rate-limited to once per 24 hours. You can also export per-post analytics as CSV.
Go to Data settingsDelete your account
Deletion is immediate and permanent — your profile, links, click data, and all associated records are removed from our database right away.
Go to Data settingsYou can also access and correct your profile data directly in account settings. To restrict processing, withdraw YouTube OAuth access, or make any other request, contact us at [email protected]. We will respond to verified requests within 30 days (or sooner as required by law).
End-Visitors: requests about data collected via tracking links or the pixel should be directed to the Customer whose link or pixel collected your data. If you cannot identify or reach that Customer, contact us and we will try to help.
California residents: we do not sell personal information and we do not share it for cross-context behavioural advertising.
10. Security
We hash passwords with PBKDF2, support TOTP-based two-factor authentication with backup codes, and anonymize End-Visitor IP addresses. Click IP addresses are additionally hashed with HMAC-SHA256 keyed to a server-side secret — the hash is computationally irreversible without that key. YouTube OAuth tokens are encrypted at the application layer with AES-256-GCM before being written to the database, meaning a database read alone cannot yield usable tokens. All data is encrypted in transit (HTTPS/TLS) and at rest (Cloudflare D1). Sensitive endpoints are rate-limited and audit logs are maintained for administrative actions. No system is perfectly secure; we will notify affected users and the relevant supervisory authority of a data breach in accordance with applicable law (within 72 hours where required by GDPR Art. 33).
11. Children's Privacy
The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us for removal.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and notify registered Customers via email at least 30 days before the changes take effect.
13. Contact
For privacy questions or to exercise your rights, contact us at [email protected]. We will respond to verified requests within 30 days (or sooner as required by law).