Privacy Policy

1. Introduction

TrackSimple (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our competitive intelligence platform and services.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Account Information

• Email address: For account creation, authentication, and communication
• Password: Encrypted and stored securely via Supabase Auth
• Credit purchase details: Payment transactions and credit balance managed by Stripe
• Auto-purchase preferences: Settings for automatic credit replenishment

2.2 Business Profile Data

• Business description: Information you provide about your company
• Website URLs: Your own website(s) for competitive analysis context
• Company information: Optional details to improve AI insights

2.3 Tracking and Monitoring Data

• Competitor URLs: Websites you choose to monitor
• Detected changes: Information about changes on monitored sites
• AI analysis: Generated reports and insights based on your data

2.4 Usage Information

• Credit usage: AI feature usage, credit consumption patterns, remaining balances
• Service usage: Features accessed, monitoring activities, report generation
• Payment history: Credit purchase transactions, billing records
• Log data: IP addresses, browser type, access times (retained briefly for security)
• Performance data: To improve service reliability

3. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract performance (Article 6(1)(b)): To provide our competitive intelligence services
• Legitimate interests (Article 6(1)(f)): To improve our services, prevent fraud, and ensure security
• Consent (Article 6(1)(a)): For optional features or communications (where applicable)
• Legal obligation (Article 6(1)(c)): To comply with legal requirements

4. How We Use Your Information

We use your information to:

• Provide and maintain our competitive intelligence services
• Generate AI-powered insights and reports specific to your business
• Process credit purchases and manage your credit balance
• Track credit usage for AI features and billing purposes
• Send service-related communications, credit balance notifications, and updates
• Improve our platform and develop new features
• Ensure platform security and prevent abuse
• Comply with legal obligations and resolve disputes

5. Third-Party Services

We work with trusted third-party services to provide our platform:

5.1 Supabase (Database & Authentication)

• Purpose: Secure data storage and user authentication
• Data shared: Account information, business profile, tracking data
• Location: EU/US data centers with GDPR compliance

5.2 Anthropic (AI Services)

• Purpose: AI-powered competitive analysis and insights
• Data shared: Business context and competitor data for analysis
• Processing: Temporary processing only, not stored by Anthropic
• User Responsibility: Do not submit sensitive, confidential, or personal information to AI services
• Limitations: AI analysis may contain errors, biases, or inaccuracies

5.2.1 AI Data Processing Disclaimer

Important Notice: When using AI-powered features:

• Your data may be processed by third-party AI services (Anthropic)
• AI systems may have limitations, biases, or errors in processing
• Generated insights are for informational purposes only
• You should not rely solely on AI-generated analysis for critical business decisions
• We cannot guarantee the accuracy or completeness of AI-generated content

5.3 Stripe (Payment Processing)

• Purpose: Secure credit purchase transactions and payment processing
• Data shared: Payment information, credit purchase details, transaction history
• Compliance: PCI DSS compliant payment processing
• Auto-purchase: Automated credit replenishment when enabled by user

5.4 Resend (Email Communications)

• Purpose: Transactional emails and service notifications
• Data shared: Email addresses and message content
• Usage: Service-related communications only

5.5 Render (Hosting & Redis)

• Purpose: Application hosting, Redis cache for job queues, and performance optimization
• Data shared: Application data, cached data, and background job processing
• Security: Encrypted data transmission and storage

5.6 Google Analytics (Optional - Consent Required)

• Purpose: Anonymous website usage analytics for marketing pages
• Data shared: Anonymized page views, user interactions, and session data
• Processing: Google processes data according to their Privacy Policy
• Retention: 14 months (configured for GDPR compliance)
• Opt-out: You can decline or withdraw consent at any time

6. Data Retention

We retain your data for the following periods:

• Account data: Until account deletion or 3 years after last activity
• Tracking data: Based on your subscription tier (7-90 days for changes)
• AI reports: Until account deletion or as per retention settings
• Credit usage records: 7 years for financial record keeping and compliance
• Payment transactions: 7 years for tax and legal compliance
• Log data: 30 days for security and performance monitoring

7. Your Rights Under GDPR

If you are in the EU, you have the following rights regarding your personal data:

7.1 Right of Access (Article 15)

You can request a copy of all personal data we hold about you.

7.2 Right to Rectification (Article 16)

You can correct inaccurate or incomplete personal data through your account settings.

7.3 Right to Erasure (Article 17)

You can request deletion of your personal data when it's no longer necessary for our services.

7.4 Right to Data Portability (Article 20)

You can request your data in a structured, machine-readable format to transfer to another service.

7.5 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing.

7.6 Right to Restrict Processing (Article 18)

You can request limitation of processing in certain circumstances.

8. Data Security and User Responsibilities

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit and at rest
• Regular security assessments and updates
• Access controls and authentication requirements
• Monitoring for unauthorized access or breaches
• Employee training on data protection principles

8.1 Your Data Security Responsibilities

Important: While we implement strong security measures, you play a crucial role in protecting your data:

• Sensitive Data Warning: Do not input highly sensitive, confidential, classified, or personal information (SSN, financial details, health records, etc.) into our platform
• Account Security: Use strong, unique passwords and enable two-factor authentication when available
• Access Management: Regularly review and update user access permissions for your account
• Data Classification: Properly classify your business data and only share information appropriate for our service
• Compliance Obligations: Ensure your use complies with applicable regulations (GDPR, CCPA, HIPAA, etc.)
• Regular Monitoring: Monitor your account for suspicious activity and report concerns immediately

8.2 Data Security Limitations

Disclaimer: While we strive to protect your data, you acknowledge that:

• No system is 100% secure, and we cannot guarantee absolute security
• Internet transmission of data carries inherent risks
• You are responsible for evaluating the security risks of using our service
• We are not liable for security breaches caused by your failure to follow security best practices
• We recommend maintaining your own backups of critical business data

9. International Data Transfers

Your data may be processed in countries outside the EU/EEA. When this occurs, we ensure adequate protection through:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• Service providers' certifications (e.g., Privacy Shield successors)

10. Cookies and Tracking

TrackSimple uses minimal cookies necessary for core functionality:

10.1 Essential Cookies (No Consent Required)

• Authentication cookies: To maintain your login session
• Security cookies: For CSRF protection and security
• Preference cookies: To remember your settings (theme, etc.)

10.2 Optional Analytics Cookies (Consent Required)

With your explicit consent, we use Google Analytics to understand how visitors interact with our marketing pages:

• Google Analytics (GA4): Anonymous usage analytics for marketing pages
• Purpose: Improve user experience and marketing effectiveness
• Data collected: Page views, scroll depth, click events, session duration
• Data sharing: Anonymous usage patterns only, IP addresses are anonymized
• Retention: 14 months (GDPR-compliant setting)
• Opt-out: You can withdraw consent anytime via our cookie banner

10.3 Your Cookie Choices

You have full control over analytics cookies:

• Consent banner: Choose to accept or decline analytics cookies
• Persistent choice: Your decision is remembered for 1 year
• Easy withdrawal: Change your choice anytime
• No impact: Declining analytics cookies doesn't affect core functionality

Note: We do not use tracking cookies for advertising, behavioral targeting, or any third-party marketing purposes.

11. Children's Privacy

TrackSimple is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16.

12. Data Breach Notification and Response

In the event of a data breach that may affect your personal information:

• We will investigate and assess the breach within 72 hours
• We will notify affected users via email within 72 hours of discovery
• We will provide clear information about what data was affected and our response measures
• We will cooperate with relevant authorities as required by law
• We will implement additional security measures to prevent future breaches

12.1 Your Responsibilities in Case of a Breach

If you become aware of a potential security breach:

• Notify us immediately at support@tracksimple.dev
• Change your account password immediately
• Review your account for any unauthorized activity
• Monitor your business systems for any related security issues

12.2 Limitation of Liability for Data Breaches

Important: While we will respond promptly to any data breach, our liability is limited to the measures outlined in our Terms of Service. We are not responsible for breaches caused by your failure to follow security best practices or the submission of inappropriate data.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. Material changes will be communicated via:

• Email notification to registered users
• Prominent notice on our website
• In-app notifications for significant changes

14. Contact Information

For any privacy-related questions, requests to exercise your rights, or concerns, please contact us:

• Email: support@tracksimple.dev
• Data Protection Officer: support@tracksimple.dev
• Security Issues: support@tracksimple.dev
• Website: tracksimple.dev

14.1 EU Representative

If you are in the EU and have concerns about our data processing, you can also contact your local data protection authority.