TrackOfferz
Legal

Privacy policy

Last updated: 2026-06-06

Start free trial Contact us
14-day free trial No credit card required Cancel any time Self-host or managed

This Privacy Policy describes how TrackOfferz, a product of S. P. Techno Solution Private Limited ("TrackOfferz", "we", "us"), collects, uses, and shares personal data when you visit our website (trackofferz.com), use the TrackOfferz platform, or interact with the affiliate tracking infrastructure we operate on behalf of network operators.

Our role: controller vs. processor

TrackOfferz plays two distinct roles under the EU/UK General Data Protection Regulation (GDPR):

  • As a data controller — for our own account holders (network operators, their team members, and prospects). We decide how and why this data is processed: signing you up, billing, support, and product communication.
  • As a data processor — for the click and conversion data flowing through the tracking edge. Here the network operator is the controller: they decide which campaigns run, what data their tracking links carry, and the lawful basis for processing the visitors they send us. We process that data only on their documented instructions, under the Data Processing Agreement below.

What we collect

Account data (we are the controller)

When you sign up, we collect your email, name (if provided), and a hashed copy of your password (Argon2id, memory-hard). We store this in a secure relational database tenanted by your organization.

Click + conversion data (the network is the controller)

The TrackOfferz edge processes clicks generated by publisher tracking links. For each click we may capture: IP address, user agent, referer, click/transaction id, campaign id, publisher id, device/OS/browser, country/region/city (derived from IP), and any sub-ID parameters the publisher passes. Networks can reduce this footprint — see Data minimisation below.

Conversion PII

Where conversions include directly identifying information (e.g. email, phone), that data is hashed with SHA-256 and a per-tenant pepper before storage or forwarding to third-party destinations (e.g. Meta CAPI, TikTok Events API). We do not store conversion PII in plaintext.

Lawful basis (GDPR Art. 6)

  • Contract — to create and operate your account and provide the service you signed up for.
  • Legitimate interests — fraud and bot detection, security, attribution integrity, and aggregated product analytics, balanced against the rights of data subjects.
  • Consent — where a network operator chooses a consent-gated tracking flow, click data is only stored when consent has been signalled. We provide the tooling (consent signals and IP anonymisation) so networks can honour the lawful basis they have established with their visitors.
  • Legal obligation — to comply with tax, accounting, and lawful requests from authorities.

How we use it

  • To operate the affiliate tracking platform on behalf of network operators
  • To detect fraud, bot traffic, and abuse via our Fraud Guard system
  • To send transactional emails (account verification, password resets, payout notifications)
  • To improve the product via aggregated, de-identified analytics

Data minimisation & retention

Network operators control how much personal data is retained and for how long:

  • IP anonymisation — when enabled by the network, the edge stores only the truncated network prefix (the final octet of an IPv4 address is zeroed) instead of the full IP.
  • Retention — by default, raw click events are retained for 13 months and conversion events for 36 months, after which they are automatically deleted from our analytics store. Networks may configure a shorter retention window, after which a daily job purges their older rows.
  • Consent gating — where a network passes a "no consent" signal on a tracking link, the edge still forwards the visitor to the destination but does not persist their IP, user agent, fingerprint, or sub-IDs.

How we share it

We do not sell personal data. We share data only with: (a) the network operator that owns the tenant where your data resides; (b) the sub-processors required to operate the platform, listed on our Sub-processors page; and (c) authorities when legally required by valid court order or subpoena.

International transfers

TrackOfferz is operated from India by S. P. Techno Solution Private Limited. Where we process personal data originating in the European Economic Area, the United Kingdom, or Switzerland, that data may be transferred to and processed in India and other jurisdictions. India is not the subject of an EU adequacy decision, so we rely on the European Commission's Standard Contractual Clauses (2021/914) (and the UK International Data Transfer Addendum where applicable) as the transfer mechanism, supplemented by the technical measures described in this policy. A copy of the clauses is available on request.

Your rights

Subject to GDPR, UK GDPR, and similar laws (including CCPA/CPRA), you have the right to:

  • Access — obtain a copy of the personal data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion ("right to be forgotten").
  • Portability — receive your data in a portable, machine-readable format.
  • Restriction & objection — limit or object to certain processing, including profiling for fraud scoring.
  • Withdraw consent — at any time, where processing is based on consent.

Because click/conversion data is controlled by the network operator, requests about that data are fulfilled by — or through — that network, who can look up, export, and erase the relevant records directly from their dashboard. For account data, or if you do not know which network holds your data, email privacy@trackofferz.com. We respond within 30 days and will route controller-side requests to the relevant network operator. You also have the right to lodge a complaint with your local supervisory authority.

Cookies

TrackOfferz uses essential session cookies for authentication on the platform. We do not use third-party advertising or cross-site tracking cookies on our marketing site, and we ask for opt-in consent before setting any non-essential cookie. The affiliate tracking edge may set an attribution identifier tied to a click when a publisher's tracking link is used — this is configured per network operator and serves the attribution function only.

Security

We apply memory-hard password hashing, encryption in transit (TLS), per-tenant isolation, server-side sessions with instant revocation, optional multi-factor authentication, and least-privilege access controls. See our Security page for detail.

Data Processing Agreement

Network operators acting as controllers are covered by our Data Processing Agreement, which forms part of the Terms of Service and incorporates the Standard Contractual Clauses for international transfers.

Changes

We'll notify you of material changes by email and update the "Last updated" date above. Continued use of TrackOfferz after a change constitutes acceptance.

Contact

Data controller: S. P. Techno Solution Private Limited (India).
Privacy questions and data-subject requests: privacy@trackofferz.com