Privacy Policy

‍

Last Updated: November 7, 2025

‍

Introduction

‍

Trakyo ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our conversion attribution platform and related services (collectively, the "Service").

YouTube API Services: This application uses YouTube API Services. By using our Service's YouTube integration features, you are also agreeing to be bound by the YouTube Terms of Service (https://www.youtube.com/t/terms) and the Google Privacy Policy (http://www.google.com/policies/privacy).

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use our Service.

‍

Definitions

‍

1. Service: The Trakyo platform, tracking scripts, APIs, and related services
2. Customer: Content creators, marketers, or businesses using Trakyo to track conversions
3. End User: Individuals who interact with Customer content and are tracked through our Service
4. Personal Data: Information that can be used to identify an individual
5. Usage Data: Data collected automatically through the Service
6. Tracking Technologies: Cookies, browser fingerprinting, and similar technologies

‍

Information We Collect

‍

Information We Do Not Collect

‍

We do not collect or process sensitive information, including:

‍

1. Racial or ethnic origin
2. Political opinions or religious beliefs
3. Trade union membership
4. Genetic data
5. Biometric data for the purpose of unique identification
6. Health information or medical data
7. Sexual orientation data
8. Precise geolocation data (GPS coordinates)
9. Government-issued identifiers (Social Security numbers, driver's license numbers, passport numbers)
10. Financial account login credentials (we use third-party payment processors)

We only collect IP addresses for approximate geographic location (city/region level), which is not considered precise geolocation under applicable privacy laws.

‍

For Customers

‍

When you create an account and use our Service, we collect:

‍

1. Account Information: Name, email address, company name
2. Authentication Data: Login credentials, OAuth tokens for platform integrations (YouTube, Calendly), API keys and webhook secrets for service connections
3. Billing Information: Payment details processed through our payment providers
4. Platform Integration Data: OAuth connections to YouTube, Calendly, and other integrated services

‍

For End Users (Tracked Visitors)

‍

When End Users interact with Customer tracking links and sites, we automatically collect:

‍

Browser Fingerprinting Data

‍

1. Browser fingerprint ID via browser fingerprinting technology
2. Browser type and version
3. Operating system
4. Device type (desktop, mobile, tablet)
5. Screen resolution and color depth
6. Installed browser plugins
7. Timezone and language settings
8. IP address (for geographic location and fraud prevention)

‍

Tracking Data

‍

1. Cookies: We set a first-party cookie (trakyo_id) that persists for 90 days
2. Local Storage: Used as a fallback for visitor ID storage
3. UTM Parameters: Campaign source, medium, campaign name, and other attribution data
4. Referrer Information: The website or platform that referred the visitor
5. Domain Information: The domains visited that have our tracking script installed

‍

Conversion Data

‍

Through our platform integrations, we may receive:

‍

1. Email addresses (from form submissions)
2. Phone numbers (from form submissions)
3. Names (from form submissions)
4. Meeting booking information (Calendly)
5. Form responses (Typeform, ClickFunnels)
6. Email signup data (Kit/ConvertKit)
7. Calendar bookings and opt-ins (GoHighLevel)
8. Payment verification data (without storing payment details)

‍

How We Use Information

‍

Customer Data

‍

We use Customer data to:

‍

1. Provide and maintain your account
2. Process transactions and send related information
3. Send administrative communications
4. Respond to customer service requests
5. Monitor and analyze usage trends
6. Detect and prevent fraud

‍

End User Data

‍

We use End User tracking data to:

‍

1. Generate unique visitor identifiers for attribution tracking
2. Track user journeys from content interaction to conversion
3. Associate conversions with specific marketing campaigns
4. Create aggregated analytics for our Customers
5. Deduplicate leads across multiple touchpoints
6. Enable cross-domain tracking for our Customers

‍

Data Retention

‍

1. Customer Account Data: Retained for as long as your account is active
2. End User Tracking Data:
3. Cookies persist for 90 days
4. Event data retained for 12 months by default
5. Customers may configure shorter retention periods
6. YouTube API Data:
7. Video metadata and analytics: Retained while your YouTube integration is active
8. Deleted within 30 days after you disconnect your YouTube account or revoke access
9. OAuth tokens: Automatically revoked upon disconnection
10. Aggregated Analytics: Retained indefinitely in anonymized form

‍

Data Sharing and Disclosure

‍

We do not sell, trade, or rent Personal Data. We may share information:

‍

With Customer Organizations

‍

1. End User interaction and conversion data is shared with the Customer whose content or links were interacted with
2. This includes attribution data linking conversions to specific content pieces

‍

With Service Providers

‍

We share data with third-party service providers who assist us in operating our Service:

‍

1. Browser fingerprinting service providers
2. Content delivery and edge computing providers
3. Cloud database infrastructure providers
4. Transactional email service providers
5. Payment processors for billing

‍

Third-Party Data Processing: We require all service providers to agree to confidentiality obligations and to process personal information only as instructed by us. However, if a service provider processes your personal information in a manner inconsistent with our instructions, we will not be liable unless we are responsible for the event giving rise to the unauthorized processing.

We limit the personal information provided to service providers to only what is reasonably necessary for them to perform their functions.

‍

For Legal Requirements

‍

We may disclose information if required to:

‍

1. Comply with legal obligations
2. Protect our rights and property
3. Prevent fraud or abuse
4. Protect the safety of any person

‍

Third-Party Integrations

‍

Our Service integrates with various third-party platforms at the Customer's direction:

‍

1. Content Platforms: YouTube
2. Booking Platforms: Calendly, GoHighLevel
3. Form Platforms: Typeform, ClickFunnels
4. Email Marketing: Kit (ConvertKit)
5. Payment Platforms: Stripe, Teachable, Whop, Fanbasis

Each integration is subject to that platform's own privacy policy. We only access data necessary for attribution tracking.

‍

YouTube API Services

‍

Trakyo uses YouTube API Services to enable attribution tracking for YouTube content. When you connect your YouTube account to Trakyo:

‍

1. We access video metadata (titles, IDs, publication dates, view counts) to associate conversions with specific videos
2. We may access channel information and basic video analytics data to provide attribution insights
3. We use this data solely for the purpose of providing conversion attribution features to our Customers
4. Your use of YouTube integration features is governed by the YouTube Terms of Service (https://www.youtube.com/t/terms)
5. Google's privacy practices are described in the Google Privacy Policy (http://www.google.com/policies/privacy)

We do not use YouTube data for any purpose other than providing our Service. We do not share YouTube data with third parties except as necessary to provide our Service to you.

‍

Cookies and Tracking

Technologies

‍

First-Party Cookies

‍

We use first-party cookies exclusively (no third-party cookies):

‍

1. trakyo_id: Persistent cookie (90 days) for visitor identification

‍

Browser Fingerprinting

‍

We use browser fingerprinting technology to generate browser fingerprints, which creates a unique identifier based on:

‍

1. Browser configuration
2. Device characteristics
3. System settings

This technology creates a unique identifier while respecting privacy by not accessing personal files or data.

Browser fingerprinting technology may enable identification across different browsers or devices belonging to the same user.

‍

Local Storage

‍

Used as a fallback mechanism when cookies are not available, storing the same visitor identifier.

‍

Data Processing and Location

‍

Your data is processed and stored through the following infrastructure:

‍

1. Global Processing: Data is processed through a global edge network for optimal performance
2. Primary Storage: Core data is stored in US-East region data centers
3. Edge Locations: Your data may be temporarily processed in multiple geographic regions for performance optimization

By using our Service, you consent to the processing of your information in these locations.

‍

Lawful Basis for Processing

‍

For Customer Data

‍

We process Customer data based on:

‍

1. Contract: To provide the Service you've requested
2. Consent: For marketing communications (where applicable)
3. Legitimate Interests: For service improvements and fraud prevention

‍

For End User Data

‍

We process End User data based on:

‍

1. Legitimate Interests: Our Customers have a legitimate interest in understanding their marketing effectiveness and attribution
2. Customer Responsibility: Customers must establish their own lawful basis for collecting End User data and ensure appropriate consent where required

Trakyo acts as a data processor on behalf of our Customers for End User data.

‍

GDPR Legal Basis by Data Category

‍

For users in the European Union, UK, or Switzerland, the following table describes our legal basis for processing each category of personal information:

‍

Category of Personal Information Legal Basis for Processing

Customer account information (name, email, company)

Performance of a contract; Legitimate interests (account administration)

Customer payment information

Performance of a contract; Legal obligation (tax/financial recordkeeping)

Customer authentication data (passwords, API keys)

Performance of a contract; Legitimate interests (security)

Platform integration tokens (OAuth)

Performance of a contract; Consent (when connecting platforms)

End User browser fingerprints and cookies

Legitimate interests (attribution tracking on behalf of Customers); Customer's legal basis

End User IP addresses

Legitimate interests (fraud prevention, approximate geolocation)

End User UTM parameters and referrer data

Legitimate interests (marketing attribution)

End User conversion data (email, phone from forms)

Customer's legal basis; Processed on behalf of Customer

Usage data and analytics

Legitimate interests (service improvement, security)

Legitimate Interests: Where we rely on legitimate interests, our interests include: providing attribution services to Customers, preventing fraud and abuse, improving our Service, and ensuring security. We have assessed that these interests are not overridden by your data protection rights.

‍

Data Minimization

‍

We follow data minimization principles:

‍

1. We only collect information necessary for attribution tracking and service provision
2. We do not collect sensitive personal information beyond what's required
3. We regularly review our data collection practices to ensure they remain necessary

‍

Customer Responsibilities

‍

Customers who implement our tracking script on their websites are responsible for:

‍

1. Obtaining appropriate consent from End Users for cookie usage and fingerprinting in accordance with applicable laws
2. Providing their own privacy policy that discloses the use of Trakyo tracking
3. Managing cookie consent banners and compliance with GDPR, CCPA, and other privacy regulations
4. Ensuring lawful basis for data collection in their jurisdiction

Trakyo provides the tracking technology, but Customers must ensure they have proper legal basis and consent mechanisms for tracking their website visitors.

‍

Data Breach Notification

‍

In the event of a data breach that affects Personal Data:

‍

1. We will notify affected Customers promptly after becoming aware of the breach
2. Our notification will include the nature of the breach, categories of data affected, and measures taken
3. Customers are responsible for any required End User notifications per applicable law
4. We will cooperate with Customers to meet their regulatory obligations

‍

Data Security

‍

We implement appropriate technical and organizational measures to protect Personal Data:

‍

We implement appropriate technical and organizational measures to protect Personal Data, including:

‍

1. Encryption of data in transit and at rest
2. Multi-tenant data isolation
3. Secure authentication systems
4. Access controls and monitoring
5. Regular security assessments

‍

International Data Transfers

‍

Your information may be transferred to and maintained on servers located outside of your country. We ensure appropriate safeguards are in place for such transfers.

‍

Your Privacy Rights

‍

For Customers

‍

You have the right to:

‍

1. Access your account information
2. Update or correct your information
3. Delete your account
4. Export your data
5. Opt-out of marketing communications

‍

For End Users

‍

Depending on your location, you may have certain rights regarding your data:

‍

GDPR Rights (European Union)

‍

1. Access: Request a copy of your data
2. Rectification: Correct inaccurate data
3. Erasure: Request deletion of your data
4. Portability: Receive your data in a machine-readable format
5. Object: Object to certain processing activities
6. Restrict: Request restricted processing

‍

CCPA Rights (California)

‍

1. Know: What personal information we collect and how it's used
2. Delete: Request deletion of your personal information
3. Opt-Out: We do not sell personal information
4. Non-Discrimination: Equal service regardless of privacy choices

‍

Exercising Your Rights

‍

To exercise these rights, contact us at privacy@trakyo.io with:

‍

1. Your specific request
2. Information to verify your identity
3. Any relevant tracking IDs or domains

We will respond to verified requests within 30 days.

‍

Revoking YouTube Data Access

‍

If you have connected your YouTube account to Trakyo and wish to revoke our access to your YouTube data, you have several options:

‍

Option 1: Revoke Access Through Trakyo

1. Log in to your Trakyo account
2. Navigate to Settings > Integrations
3. Click "Disconnect" or "Revoke Access" next to the YouTube integration
4. Confirm the disconnection

Option 2: Revoke Access Through Google

1. Visit the Google security settings page: https://myaccount.google.com/connections?filters=3,4&hl=en
2. Find "Trakyo" in the list of connected apps
3. Click on Trakyo and select "Remove Access"

Option 3: Request Deletion via Email

1. Contact us at privacy@trakyo.io
2. Include "YouTube Data Deletion Request" in the subject line
3. Provide your account email and YouTube channel information
4. We will process your request within 30 days

What Happens When You Revoke Access:

1. We will immediately stop accessing new YouTube data from your account
2. Existing YouTube data in our system will be deleted within 30 days of revocation
3. All OAuth credentials will be cleared from our database
4. Attribution data that references your YouTube videos will be anonymized
5. You can reconnect your YouTube account at any time

Important Note About Disconnection Detection:

1. If you disconnect through Trakyo (Options 1 or 3 above), we immediately revoke access and begin data deletion
2. If you disconnect directly through Google (Option 2), we cannot detect the disconnection immediately
3. For Google-initiated disconnections, our system will detect the revoked access within 30 days when token refresh attempts fail
4. Data deletion will begin automatically once the disconnection is detected
5. We run automated SQL scripts to completely wipe all Google/YouTube-related data upon disconnection

For Immediate Data Deletion: We strongly recommend disconnecting through Trakyo (Option 1) rather than directly through Google to ensure immediate data deletion.

Deleting Stored YouTube Data: If you want us to delete all YouTube-related data we have stored about you, contact privacy@trakyo.io with your request. We will delete all stored YouTube data within 30 days, including:

1. Video metadata and analytics
2. Channel information
3. OAuth tokens and access credentials
4. Attribution data linked to your YouTube content

‍

Privacy Controls and Opt-Out Options

‍

Global Privacy Control (GPC)

‍

We honor the Global Privacy Control (GPC) signal. When we detect a valid GPC signal from your browser or device, we will treat it as a request to opt out of the sale or sharing of personal information for targeted advertising purposes, as required by applicable law.

To enable GPC, you may need to use a supporting browser or install a browser extension. Learn more at https://globalprivacycontrol.org/

‍

Do Not Track (DNT)

‍

While our Service does not respond to traditional Do Not Track (DNT) browser signals, you can control tracking through:

‍

1. Clearing cookies to reset your visitor ID
2. Using private/incognito browsing to avoid persistent tracking
3. Blocking JavaScript to prevent tracking script execution
4. Enabling Global Privacy Control (GPC) as described above

‍

Children's Privacy

‍

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect Personal Data from children under 16. If we become aware of such collection, we will delete the information immediately.

‍

Changes to This Privacy Policy

‍

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the Service after changes constitutes acceptance of the revised Privacy Policy.

‍

For material changes, we will provide notice through:

‍

1. Email to registered Customers
2. Prominent notice on our Service

‍

Dispute Resolution

‍

Informal Resolution

‍

If you have a privacy-related complaint or dispute, please first contact us at privacy@trakyo.io. We will attempt to resolve the issue informally within 30 days.

‍

Binding Arbitration

‍

Any dispute or claim arising out of or relating to this Privacy Policy or our processing of your personal information that cannot be resolved informally shall be settled by binding arbitration in accordance with the commercial arbitration rules of the American Arbitration Association.

‍

1. Arbitration will be conducted in the State of Delaware, United States, or remotely
2. The arbitrator's decision will be final and binding
3. Each party will bear its own costs and fees unless otherwise awarded by the arbitrator
4. Class action arbitrations are not permitted

Notice: By using our Service, you agree to resolve privacy disputes through binding arbitration and waive your right to a jury trial or to participate in a class action lawsuit.

‍

Exceptions

‍

Either party may seek equitable relief in court for:

1. Intellectual property disputes
2. Violations of confidentiality obligations
3. Enforcement of arbitration awards

This arbitration provision does not affect your statutory rights under GDPR, CCPA, or other applicable privacy laws to lodge complaints with supervisory authorities.

‍

Contact Information

‍

For questions about this Privacy Policy or our privacy practices, contact us at:

Email: privacy@trakyo.io Website: https://trakyo.io Legal Entity: Trakyo (United States)

‍

Data Protection Officer

‍

For privacy-related concerns or to exercise your rights: Email: dpo@trakyo.io

‍

Privacy Disputes

‍

For privacy disputes, please see our Dispute Resolution section above, or contact privacy@trakyo.io to initiate informal resolution.

‍

Additional Information for Specific Jurisdictions

‍

California Residents

‍

Under the California Consumer Privacy Act (CCPA), California residents have additional rights. We do not sell personal information. For more details about categories of information collected and purposes, contact privacy@trakyo.io.

‍

European Union Residents

‍

Under the General Data Protection Regulation (GDPR), EU residents have enhanced rights. Our legal basis for processing includes:

‍

1. Consent (for marketing communications)
2. Legitimate interests (for analytics and fraud prevention)
3. Contract fulfillment (for Customer services)

‍

You may lodge a complaint with your local supervisory authority if you believe your rights have been violated.

‍

This Privacy Policy is effective as of the date stated at the top and supersedes all previous versions.