Legal
Privacy Policy
Last updated: March 1, 2026
Trackio ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at track-io.co and any associated services.
1. Information We Collect
Account Information
When you create an account, we collect your name, email address, company name, and role. If you subscribe to a paid plan, we collect billing information through our payment processor, Stripe.
Usage Data
We automatically collect information about how you use our platform, including pages visited, features used, actions taken, timestamps, and device information (browser type, operating system, IP address).
Social Media Data
When creators connect their social media accounts through Phyllo, we collect publicly available profile information, post data (views, likes, comments, engagement rates), audience demographics, and content metadata. This data is used to power campaign tracking and reporting features.
Payment Data
Payment processing is handled by Stripe. We do not store full credit card numbers on our servers. We retain transaction records, subscription status, and invoice history for billing purposes.
2. How We Use Your Data
We use the information we collect to:
- Provide, maintain, and improve our platform and services
- Process transactions and manage subscriptions
- Track creator content performance and calculate billing (CPM, flat rate, performance deals)
- Generate reports and analytics for your campaigns
- Send transactional emails (invoices, deal notifications, payment confirmations)
- Communicate about product updates, if you opt in
- Detect and prevent fraud or abuse
- Comply with legal obligations
3. Third-Party Services
We work with the following third-party service providers who may process your data:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database & authentication | Account data, platform data |
| Stripe | Payment processing | Billing info, transaction data |
| Phyllo | Social media data aggregation | Creator social data |
| Resend | Transactional email | Email addresses, notification content |
| Vercel | Hosting & analytics | Usage analytics, performance data |
4. Creator Data Handling
Brands and agencies using Trackio add creator information to manage campaigns. Creator data (name, handle, email, social metrics) is stored within the workspace that created it and is not shared between workspaces. Creators who create accounts on Trackio can view their own deal details, post performance, and payment history.
Social media data collected via Phyllo is refreshed periodically via automated processes and is subject to Phyllo's own data handling policies.
5. Data Retention & Deletion
We retain your data for as long as your account is active or as needed to provide our services. When you cancel your subscription, your data is retained for 90 days before permanent deletion. You may request earlier deletion by contacting us.
Your rights:
- Request a copy of your personal data
- Request correction of inaccurate data
- Request deletion of your data
- Object to processing of your data
- Request data portability
6. GDPR & CCPA Compliance
For EU/EEA Users (GDPR)
Our legal basis for processing personal data is: (a) performance of a contract when we provide our services, (b) legitimate interests for analytics and security, and (c) consent where specifically requested. You have the right to access, rectify, erase, restrict processing, data portability, and object to processing.
For California Residents (CCPA)
California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information to third parties.
7. Cookies
We use essential cookies to maintain your authentication session and remember your preferences. We use analytics cookies (Vercel Analytics) to understand how our platform is used. We do not use third-party advertising cookies.
- Essential cookies: Authentication session, workspace preferences (required)
- Analytics cookies: Page views, feature usage, performance metrics (Vercel Analytics)
8. Security
We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, role-based access controls, and regular security assessments. All data is hosted on SOC 2 compliant infrastructure through Supabase and Vercel.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on our platform. Continued use of Trackio after changes take effect constitutes acceptance of the updated policy.
10. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:
Email: privacy@track-io.co