Privacy Policy
Effective: 1 May 2026 · Last updated: 1 May 2026
1. Introduction
Trackflowy ("we", "us", "our") operates the Trackflowy link tracking platform at trackflowy.com and app.trackflowy.com. This Privacy Policy explains what data we collect about Customers (people who hold a Trackflowy account) and End-Visitors (people who click a Trackflowy tracking link or visit a website where a Customer has embedded our conversion pixel), how we use it, and your rights.
2. Data We Collect
We collect the following categories of data:
- Account data (Customers): name, email address, hashed password (PBKDF2), and (if you enable two-factor authentication) your TOTP secret and backup recovery codes.
- Business content (Customers): destinations, tracking links, posts, templates, conversion goals, and custom domains you create.
- Session and security data (Customers): session token, login IP and User-Agent, activity and audit logs of dashboard actions.
- Click data (End-Visitors): anonymized IP (last octet zeroed for IPv4; first 48 bits only for IPv6), a short non-reversible hash of the IP for fraud/bot detection, User-Agent, referrer, country, a tracking ID, a bot flag, and a timestamp. We never store raw, unanonymized End-Visitor IP addresses.
- Conversion data (End-Visitors): when a Customer embeds our pixel, we receive the most recent tracking ID from the visitor's localStorage (key
sf_tracking_ids, capped at 10 IDs), the conversion URL, optional event name, optional value and currency, the page referrer, and the User-Agent. The pixel uses localStorage, not cookies. - YouTube data (optional, Customers): if you connect your YouTube channel via Google OAuth (read-only scope), we store the OAuth tokens, channel metadata, and video metadata so we can display them inside the dashboard.
- Error and performance data: Sentry session replays with text and input masking enabled (10% of sessions, 100% of error sessions).
3. How We Use Your Data
- Operate the Service: authenticate you, redirect tracking-link clicks, attribute conversions, and enforce plan limits.
- Send transactional emails (verification, password reset, 2FA notices, plan usage nudges, trial and grace-period notices). We do not send marketing emails.
- Detect bots and abuse, rate-limit sensitive endpoints, and maintain audit logs.
- Diagnose bugs and monitor performance via Sentry.
- Display your YouTube channel and video metadata inside your Trackflowy dashboard, if you connect a YouTube channel. We do not use your YouTube OAuth tokens for any purpose other than fetching your channel data on your behalf, and we do not use your YouTube data to build advertising profiles or to train machine learning models.
- Comply with legal obligations and enforce our Terms of Service.
4. Legal Basis (GDPR / UK GDPR)
We rely on the following legal bases:
- Performance of a contract: to provide the Service to you.
- Legitimate interests: for security, fraud prevention, audit logs, and error monitoring.
- Legal obligation: where required by applicable law.
For data collected via tracking links and the conversion pixel, Trackflowy acts as a data processor on behalf of our Customers, who are the data controllers. A Data Processing Agreement is available to Customers on request.
5. Data Sharing
We do not sell your personal data, and we do not share it for cross-context behavioural advertising. We share data only with:
- Cloudflare: infrastructure (Workers, Pages, D1 database, custom domain SSL).
- Sentry: error tracking and session replay (with text and input masking on).
- Resend: transactional email delivery.
- Google / YouTube: if you connect a YouTube channel, we exchange OAuth tokens with Google's API to fetch your channel and video metadata. We do not share your Google user data with any other third party, and we do not use it for advertising purposes.
- Law enforcement or governmental authorities when required by applicable law.
6. International Data Transfers
We are based outside the EU, and our infrastructure is globally distributed. For transfers of EU/UK personal data to providers in the United States, we rely on the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, supplemented by encryption in transit and at rest.
7. Cookies and Browser Storage
We do not use third-party advertising or analytics cookies. The table below lists every key we set.
Session cookie (strictly necessary)
| Key | Details |
|---|---|
trackflowy.session_token | Keeps you logged in. Encrypted, httpOnly, secure, SameSite=Lax. |
localStorage (functional, dashboard only)
| Key | Purpose |
|---|---|
link-tracker-theme | Saves your dark/light mode preference |
trackflowy-tour-welcomed | Records whether you dismissed the welcome dialog |
rigidui-tour-completed | Records whether you completed the guided product tour |
sessionStorage (functional, dashboard only)
| Key | Purpose |
|---|---|
chunkErrorReloaded | One-time flag that prevents infinite reload loops on chunk-load failures |
localStorage (analytics/conversion tracking, Customer websites)
| Key | Purpose |
|---|---|
sf_tracking_ids | Stores up to 10 tracking IDs set by Trackflowy links, used by our pixel for conversion attribution on Customer websites |
Customers who embed the pixel on EU/UK-facing websites are responsible for obtaining the appropriate consent from their visitors before the pixel activates.
8. Data Retention
We retain account data, click and conversion records, YouTube records, and audit logs for the life of your account. When you delete your account from the dashboard, deletion is immediate and permanent. We delete your profile, business content, click and conversion records, YouTube data, sessions, and logs from our database, and we revoke any active YouTube OAuth tokens with Google. Residual copies may persist temporarily in encrypted backups maintained by our infrastructure provider and in Sentry / Resend logs until they roll off per each provider's schedule.
9. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, export, delete, restrict, or object to the processing of your personal data, and the right to lodge a complaint with your local data-protection authority. Within Trackflowy you can:
- Access and correct your data in account settings.
- Export your data as JSON via the "Export My Data" feature in account settings (rate-limited to once per 24 hours), and download per-post analytics as CSV.
- Delete your account from account settings (deletion is immediate and permanent).
For any other request, contact us at [email protected].
End-Visitors: requests about data collected via tracking links or the pixel should be directed to the Customer whose link or pixel collected your data. If you cannot identify or reach that Customer, contact us and we will try to help.
California residents: we do not sell personal information and we do not share it for cross-context behavioural advertising.
10. Security
We hash passwords with PBKDF2, support TOTP-based two-factor authentication with backup codes, anonymize End-Visitor IP addresses, encrypt data in transit (HTTPS/TLS) and at rest (Cloudflare D1), rate-limit sensitive endpoints, and maintain audit logs. No system is perfectly secure; we will notify affected users and the relevant supervisory authority of a data breach in accordance with applicable law (within 72 hours where required by GDPR Art. 33).
11. Children's Privacy
The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us for removal.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and notify registered Customers via email at least 30 days before the changes take effect.
13. Contact
For privacy questions or to exercise your rights, contact us at [email protected]. We will respond to verified requests within 30 days (or sooner as required by law).