Trakyotrakyo← Back to home

Legal

Privacy Policy

Last Updated: March 30, 2026

Introduction

Trakyo ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our conversion attribution platform and related services (collectively, the "Service").

YouTube API Services: This application uses YouTube API Services. By using our Service's YouTube integration features, you are also agreeing to be bound by the YouTube Terms of Service and the Google Privacy Policy.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use our Service.

Definitions

Service
The Trakyo platform, tracking technologies, APIs, and related services
Customer
Content creators, marketers, or businesses using Trakyo to track conversions
End User
Individuals who interact with Customer content and are tracked through our Service
Personal Data
Information that can be used to identify an individual
Usage Data
Data collected automatically through the Service
Tracking Technologies
Cookies, device recognition methods, and similar technologies
Deeplinks
URLs that direct users to specific content within websites or applications

Information We Collect

Information We Do Not Collect

We do not collect or process sensitive information, including racial or ethnic origin, political opinions or religious beliefs, trade union membership, genetic data, biometric data for unique identification, health or medical data, sexual orientation data, precise geolocation (GPS coordinates), government-issued identifiers, or financial account login credentials. We only collect IP addresses for approximate geographic location (city/region level).

For Customers

When you create an account and use our Service, we collect:

  • Account Information: Name, email address, company name
  • Authentication Data: Login credentials, OAuth tokens for platform integrations, API keys and webhook secrets
  • Billing Information: Payment details processed through our payment providers
  • Platform Integration Data: OAuth connections and API credentials for integrated third-party services
  • API Credentials: Authentication keys and usage metadata

For End Users (Tracked Visitors)

When End Users interact with Customer tracking links, deeplinks, and sites, we automatically collect:

Device Recognition Data

We use proprietary device recognition technology to generate unique identifiers for attribution. This analyzes browser type and version, operating system, device type, screen resolution, browser configuration, timezone and language settings, and IP address. This creates a unique technical identifier for the sole purpose of conversion attribution.

Tracking Data

  • Cookies: First-party cookies persisting up to 90 days for visitor identification
  • Local Storage: Fallback for visitor identification when cookies are unavailable
  • URL Parameters: UTM parameters, advertising platform identifiers, and internal tracking identifiers
  • Referrer Information: The website or platform that referred the visitor
  • Domain Information: Domains visited that have our tracking technology installed
  • Application Context: Whether the visitor is in a standard browser or embedded app context (e.g., social media in-app browsers)

Conversion Data

Through platform integrations and Customer-configured endpoints, we may receive email addresses, phone numbers, names, meeting/appointment booking information, form responses, email signups, calendar bookings, payment verification data, and registration data.

Advertising Attribution Data

When End Users arrive via advertising campaigns, we may collect advertising platform click identifiers, ad and campaign identifiers, ad set and creative identifiers, and platform-specific attribution parameters. Personal information such as email addresses and phone numbers is cryptographically hashed before transmission to advertising platforms.

Intent and Engagement Data

We analyze End User interaction patterns to generate engagement metrics including visit frequency and recency, number of unique content interactions, and aggregated engagement scores. These metrics may trigger automated notifications to Customers about significant engagement activity.

How We Use Information

Customer Data

  • Provide and maintain your account
  • Process transactions and send related information
  • Send administrative communications
  • Respond to customer service requests
  • Monitor and analyze usage trends
  • Detect and prevent fraud
  • Provide API access and enforce usage limits
  • Deliver automated engagement notifications

End User Data

  • Generate unique visitor identifiers for attribution tracking
  • Track user journeys from content interaction to conversion
  • Associate conversions with specific marketing campaigns and advertising sources
  • Create aggregated analytics for our Customers
  • Deduplicate leads across multiple touchpoints
  • Enable cross-domain tracking for our Customers
  • Calculate engagement and intent metrics
  • Facilitate deep linking to appropriate content destinations
  • Transmit conversion data to advertising platforms on behalf of Customers
  • Filter automated and fraudulent traffic

Data Retention

  • Customer Account Data: Retained while your account is active, plus 180 days following termination
  • End User Tracking Data: Cookies persist up to 90 days; event data retained for 12 months by default
  • YouTube API Data: Retained while your YouTube integration is active; deleted within 30 days after disconnection
  • Advertising Attribution Data: Retained for the same period as End User tracking data
  • API Usage Data: Retained for 12 months for rate limiting and abuse prevention
  • Aggregated Analytics: Retained indefinitely in anonymized form

Data Sharing and Disclosure

We do not sell, trade, or rent Personal Data. We may share information in the following circumstances:

With Customer Organizations

End User interaction and conversion data is shared with the Customer whose content or links were interacted with, including attribution data linking conversions to specific content pieces and engagement metrics.

With Advertising Platforms

At Customer direction, we transmit conversion event data to advertising platforms for campaign optimization. Personal information is cryptographically hashed before transmission. This sharing occurs only when Customers have configured advertising platform integrations.

With Service Providers

We share data with third-party service providers including cloud infrastructure and database providers, content delivery and edge computing providers, email delivery service providers, payment processors, error monitoring providers, and domain and certificate management providers.

We require all service providers to agree to confidentiality obligations and to process personal information only as instructed by us. We limit the personal information provided to service providers to only what is reasonably necessary for them to perform their functions.

For Legal Requirements

We may disclose information if required to comply with legal obligations, protect our rights and property, prevent fraud or abuse, or protect the safety of any person.

Third-Party Integrations

Our Service integrates with various third-party platforms at the Customer's direction, including:

Content Platforms
YouTube and similar video/content hosting platforms
Booking Platforms
Calendly, GoHighLevel, and similar scheduling services
Form Platforms
Typeform, Tally, ClickFunnels, Framer
Email Marketing
Kit (ConvertKit) and similar email service providers
Payment Platforms
Stripe, Teachable, Whop, Fanbasis
CRM Platforms
Close, HubSpot, and similar CRM tools
Advertising Platforms
Meta (Facebook/Instagram) and similar networks
Webinar Platforms
WebinarJam, AEvent, and similar services
Automation Platforms
Zapier, Make, n8n, and similar tools
Custom Integrations
Any platform supporting webhooks or API connections

Each integration is subject to that platform's own privacy policy. We only access data necessary for attribution tracking and the delivery of our Service.

YouTube API Services

Trakyo uses YouTube API Services to enable attribution tracking for YouTube content. When you connect your YouTube account, we access video metadata (titles, IDs, publication dates, view counts) to associate conversions with specific videos. YouTube API usage is subject to daily quota limitations imposed by Google, shared across all Customers.

We do not use YouTube data for any purpose other than providing our Service. We do not share YouTube data with third parties except as necessary to provide our Service to you.

Cookies and Tracking Technologies

First-Party Cookies

We use first-party cookies exclusively (no third-party cookies). Our Visitor Identification Cookie is a persistent cookie (up to 90 days) used for visitor identification and attribution.

Device Recognition Technology

We use proprietary device recognition technology to generate technical identifiers for conversion attribution. This technology analyzes publicly available browser and device configuration data. It does not access personal files or private data on your device, does not install any software, relies solely on standard browser-exposed configuration data, and is used exclusively for marketing attribution on behalf of our Customers.

Local Storage

Used as a fallback mechanism when cookies are not available, storing the same visitor identifier.

Deep Linking

Our Service may redirect End Users through intermediate URLs that route to specific content within websites or native applications. This technology detects the End User's device and application environment, routes to the most appropriate destination, and preserves attribution parameters through the redirect.

Data Processing and Location

Your data is processed and stored through globally distributed infrastructure:

  • Global Processing: Data is processed through a global edge network for optimal performance
  • Primary Storage: Core data is stored in US-based data centers
  • Edge Locations: Your data may be temporarily processed in multiple geographic regions for performance optimization

By using our Service, you consent to the processing of your information in these locations.

Lawful Basis for Processing

For Customer Data

  • Contract: To provide the Service you've requested
  • Consent: For marketing communications (where applicable)
  • Legitimate Interests: For service improvements and fraud prevention

For End User Data

We process End User data based on Legitimate Interests — our Customers have a legitimate interest in understanding their marketing effectiveness and attribution. Device recognition technology and visitor identification are necessary for the provision of attribution services. The processing is proportionate to the purpose, minimally intrusive, and End Users can reasonably expect such processing when interacting with marketing content.

Customer Responsibility: Customers are the data controllers for End User data collected through their use of our Service. Customers must establish their own lawful basis for collecting End User data and ensure appropriate notice and consent mechanisms are in place.

GDPR Legal Basis by Data Category

Category of Personal InformationLegal Basis
Customer account information (name, email, company)Performance of a contract; Legitimate interests (account administration)
Customer payment informationPerformance of a contract; Legal obligation (tax/financial recordkeeping)
Customer authentication data (passwords, API keys)Performance of a contract; Legitimate interests (security)
Platform integration tokens (OAuth)Performance of a contract; Consent (when connecting platforms)
End User device recognition identifiers and cookiesLegitimate interests (attribution tracking on behalf of Customers)
End User IP addressesLegitimate interests (fraud prevention, approximate geolocation)
End User attribution parameters and referrer dataLegitimate interests (marketing attribution)
End User conversion data (email, phone from forms)Customer's legal basis as data controller; Processed on behalf of Customer
End User engagement and intent metricsLegitimate interests (attribution analytics on behalf of Customers)
Advertising platform identifiers and conversion eventsLegitimate interests (advertising attribution); Customer's legal basis as data controller
Usage data and analyticsLegitimate interests (service improvement, security)

Data Minimization

We follow data minimization principles:

  • We only collect information necessary for attribution tracking and service provision
  • We do not collect sensitive personal information beyond what's required
  • We regularly review our data collection practices to ensure they remain necessary
  • Device recognition relies on standard browser-exposed data and does not access private device information

Customer Responsibilities

Customers who implement our tracking technology on their websites and in their marketing materials are solely responsible for:

  • Obtaining appropriate consent from End Users for cookie usage and tracking technologies in accordance with applicable laws (GDPR, ePrivacy Directive, CCPA, and other regional regulations)
  • Providing their own privacy policy that discloses the use of third-party attribution tracking, including device recognition technology
  • Managing cookie consent banners, consent management platforms, and compliance mechanisms
  • Ensuring lawful basis for data collection in their jurisdiction
  • Complying with advertising platform terms when using advertising attribution features
  • Obtaining appropriate consent or providing notice for server-side conversion data transmission to advertising platforms
Trakyo provides the tracking technology as a data processor, but Customers as data controllers must ensure they have proper legal basis and consent mechanisms for tracking their website visitors. Trakyo shall not be liable for any Customer's failure to comply with applicable privacy laws or to obtain required consents.

Data Breach Notification

In the event of a data breach that affects Personal Data:

  • We will notify affected Customers promptly after becoming aware of the breach
  • Our notification will include the nature of the breach, categories of data affected, and measures taken
  • Customers are responsible for any required End User notifications per applicable law
  • We will cooperate with Customers to meet their regulatory obligations

Data Security

We implement appropriate technical and organizational measures to protect Personal Data, including:

  • Encryption of data in transit and at rest
  • Multi-tenant data isolation with schema-level separation
  • Secure authentication systems
  • Access controls and monitoring
  • Regular security assessments
  • Automated traffic filtering to detect and block malicious or fraudulent activity
  • Edge-level security measures for distributed infrastructure

International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country. We ensure appropriate safeguards are in place for such transfers, including the use of Standard Contractual Clauses where required.

Your Privacy Rights

For Customers

  • Access your account information
  • Update or correct your information
  • Delete your account
  • Export your data
  • Opt-out of marketing communications

GDPR Rights (European Union)

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a machine-readable format
  • Object: Object to certain processing activities, including processing based on legitimate interests
  • Restrict: Request restricted processing

CCPA Rights (California)

  • Know: What personal information we collect and how it's used
  • Delete: Request deletion of your personal information
  • Opt-Out: We do not sell personal information
  • Non-Discrimination: Equal service regardless of privacy choices

Exercising Your Rights

To exercise these rights, contact us at [email protected] with your specific request, information to verify your identity, and any relevant tracking IDs or domains. We will respond to verified requests within 30 days.

Revoking YouTube Data Access

If you have connected your YouTube account to Trakyo and wish to revoke access, you have three options:

Option 1: Revoke Through Trakyo (Recommended)
Log in → Settings → Integrations → Disconnect YouTube. This ensures immediate data deletion.
Option 2: Revoke Through Google
Visit https://myaccount.google.com/connections, find Trakyo, and select Remove Access. Note: we cannot detect this disconnection immediately.
Option 3: Request via Email
Email [email protected] with subject "YouTube Data Deletion Request" including your account email and YouTube channel information.

When you revoke access, we will immediately stop accessing new YouTube data, delete existing YouTube data within 30 days, clear all OAuth credentials, and anonymize attribution data that references your YouTube videos.

Privacy Controls and Opt-Out Options

Global Privacy Control (GPC)

We honor the Global Privacy Control (GPC) signal. When we detect a valid GPC signal from your browser or device, we will treat it as a request to opt out of the sale or sharing of personal information. Learn more at globalprivacycontrol.org.

Do Not Track (DNT)

We respect Do Not Track (DNT) browser signals. To opt out of tracking through our Service, submit a request to [email protected]. You can also control tracking by clearing cookies to reset your visitor ID, using private/incognito browsing, blocking JavaScript, or enabling Global Privacy Control.

Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect Personal Data from children under 16. If we become aware of such collection, we will delete the information immediately.

Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the Service after changes constitutes acceptance of the revised Privacy Policy.

For material changes, we will provide notice through email to registered Customers and a prominent notice on our Service.

Dispute Resolution

Informal Resolution

If you have a privacy-related complaint or dispute, please first contact us at [email protected]. We will attempt to resolve the issue informally within 30 days.

Binding Arbitration

Any dispute or claim arising out of or relating to this Privacy Policy or our processing of your personal information that cannot be resolved informally shall be settled by binding arbitration in accordance with the commercial arbitration rules of the American Arbitration Association.

  • Arbitration will be conducted in the State of Delaware, United States, or remotely
  • The arbitrator's decision will be final and binding
  • Each party will bear its own costs and fees unless otherwise awarded by the arbitrator
  • Class action arbitrations are not permitted
  • The arbitrator shall have no authority to award punitive, consequential, or exemplary damages
Notice: By using our Service, you agree to resolve privacy disputes through binding arbitration and waive your right to a jury trial or to participate in a class action lawsuit.

Exceptions

Either party may seek equitable relief in court for intellectual property disputes, violations of confidentiality obligations, or enforcement of arbitration awards. This arbitration provision does not affect your statutory rights under GDPR, CCPA, or other applicable privacy laws to lodge complaints with supervisory authorities.

Contact Information

For questions about this Privacy Policy or our privacy practices:

Websitetrakyo.io
Legal EntityTrakyo (United States)

Data Protection Officer

For privacy-related concerns or to exercise your rights: [email protected]

Additional Information for Specific Jurisdictions

California Residents

Under the California Consumer Privacy Act (CCPA), California residents have additional rights. We do not sell personal information. For more details about categories of information collected and purposes, contact [email protected].

European Union Residents

Under the General Data Protection Regulation (GDPR), EU residents have enhanced rights. Our legal basis for processing includes consent (for marketing communications), legitimate interests (for analytics, attribution, and fraud prevention), and contract fulfillment (for Customer services). You may lodge a complaint with your local supervisory authority if you believe your rights have been violated.

This Privacy Policy is effective as of the date stated at the top and supersedes all previous versions.