10.6 kB gzipped · iOS 14 + AdBlock safe
Traqly
LEGAL

Privacy Policy

Last updated: 2026-05-16

Draft notice: This policy is a working draft for the pre-launch beta. Before commercial rollout, the operating entity will review and re-publish a binding version. Inspect this page before relying on it for production.

1. What we are

Traqly is a server-side tracking and ad-intelligence platform. We process two distinct data flows: (a) visitor signals sent by our pixel running on customer websites, and (b) workspace data created by the operators of those websites (account owners, team members, billing).

2. Visitor signals (pixel data)

Our pixel is loaded by our customers on their own websites. The data captured by the pixel is governed by their privacy policy, not ours. Traqly acts as a data processor in the meaning of GDPR Art. 28 on behalf of the customer.

Categories of visitor data processed on behalf of customers:

  • IP address (truncated to /24 for fingerprinting, full IP only when needed for fraud and stored ≤ 7 days)
  • Click IDs from ad platforms (fbclid, gclid, ttclid, msclkid, wbraid, gbraid)
  • First-party cookie identifier set by Traqly
  • Browser fingerprint hash (canvas + audio + WebGL signals, SHA-256 hashed)
  • Email and phone, if explicitly provided by the visitor and hashed (SHA-256) before transmission

Default consent state of the pixel is denied. No marketing identifiers leave the browser until the customer's consent management platform confirms a granted state via the traqly('consent', 'granted') call.

3. Workspace data (account holders)

For users who register a Traqly workspace, we process: name, work email (verification), hashed password (bcrypt cost 12), workspace metadata, billing details via Stripe, and usage logs (timestamps, IP, user-agent for audit purposes).

4. Subprocessors

  • Stripe — billing
  • Anthropic — Claude AI agents (prompted with anonymized event aggregates only)
  • Meta / Google / TikTok / YouTube — CAPI forwarders on behalf of the customer's connected accounts
  • Hetzner / IONOS — hosting (German data centers)

5. Your rights (GDPR Art. 15-22)

You can request access, correction, deletion, restriction, portability, and objection regarding your workspace data at any time. Visitor data is governed by the customer's privacy policy — reach out to them or to us at [email protected] and we will forward as a processor.

6. Retention

Workspace data is retained until you delete the workspace plus 30 days for billing reconciliation. Anonymized aggregate metrics are retained for 24 months. Audit logs are retained for 12 months. Full-IP records are purged after 7 days.

7. Contact

Privacy questions: [email protected]. A formal Data Protection Officer will be appointed when staff size or processing volume crosses the statutory threshold (§ 38 BDSG).