Trackdit

Legal

Privacy Policy

Privacy Policy

Last updated: November 14, 2025

Mink OÜ (Estonia) operates Trackdit and acts as the data controller for personal information we collect through our website, marketing page, and application. This Privacy Policy explains what we collect, how we use it, and the rights available to you.

1. Data We Collect

  • Account & Authentication Data – name (optional), email address, password hash, organization info, and verification status supplied during signup/login via Better Auth.
  • Billing Data – subscription status, plan tier, and billing identifiers handled through Stripe. Card details are processed directly by Stripe and never touch Trackdit servers.
  • Keyword & Notification Data – saved keywords, subreddit filters, notification frequency, seen markers, and actions taken within the dashboard.
  • Usage & Analytics Data – event metadata such as button clicks, feature adoption, and session lengths collected via Amplitude to improve product performance (no advertising profiles).
  • Technical Data – IP address, browser version, device type, approximate region, and logs required for security, rate limiting, and diagnostics.
  • Support Communications – messages you send to support@trackdit.com or via in-app chat, plus any attachments you provide.

We do not intentionally collect information from children under 16, and Trackdit is designed for business/professional users.

2. How We Use Data

We process personal data to:

1. Provide and maintain Trackdit’s core functionality (search, alerts, notifications).

2. Authenticate users, secure the platform, and prevent abuse.

3. Handle billing, invoicing, and account changes.

4. Respond to support requests and communicate product updates.

5. Improve reliability and user experience through aggregated analytics.

6. Comply with legal obligations and enforce our Terms of Service.

We never sell personal information or use it for third-party advertising.

3. Legal Bases (GDPR/EU)

For users located in the European Economic Area or UK, we rely on the following legal bases:

  • Performance of a contract – operating your Trackdit account and processing saved keywords.
  • Legitimate interests – maintaining security, preventing fraud, and improving the product in ways that do not override your privacy rights.
  • Legal obligation – complying with tax, accounting, and regulatory requirements.
  • Consent – where you choose to receive optional communications or analytics cookies (if applicable).

4. Processors & Sharing

We share data with trusted processors that help us run Trackdit:

  • Hosting & Infrastructure – Cloudflare Pages/Workers, Vercel, or equivalent providers that host our application and APIs.
  • Database & Storage – MongoDB Atlas for persisted data.
  • Authentication & Email – Better Auth, SMTP/Nodemailer providers for transactional email.
  • Analytics – Amplitude for product analytics (aggregated, non-advertising).
  • Payments – Stripe for subscription management and invoicing.

Each processor is bound by contracts to protect your data and use it only for the services we request. We may disclose information if required by law, to protect our rights, or to investigate misuse.

5. Cookies & Tracking

Trackdit uses essential cookies for session management and CSRF protection. We may also use first-party analytics cookies to understand feature usage; no third-party advertising cookies are used. You can control non-essential cookies through your browser settings.

6. Data Retention

  • Account, billing, and authentication data are stored while your account is active and for up to 36 months afterward to meet legal requirements.
  • Saved keywords, matches, and notification history are retained while the keyword exists. Posts older than 30 days or tied to deleted keywords are routinely purged.
  • Support correspondence is retained for as long as needed to resolve your request and maintain audit trails.
  • You can delete your account at any time via the `/app/account` page, which will immediately and permanently remove all your personal data from our systems. Alternatively, you may request deletion by contacting support@trackdit.com; we will comply unless we must retain specific data for legal reasons.

7. Security

We use encryption in transit (HTTPS), role-based access controls, secret rotation, and monitoring to protect your information. While no system is perfectly secure, we regularly review our safeguards and limit access to personnel who need the data to perform their jobs.

8. International Transfers

Trackdit’s infrastructure and processors may be located outside the European Economic Area. When data leaves the EU, we rely on adequacy decisions, Standard Contractual Clauses, or other safeguards recognized by the European Commission to protect your information.

9. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete information.
  • Request deletion or restriction of processing. You can delete your account directly via the `/app/account` page.
  • Object to certain processing (e.g., analytics) or withdraw consent.
  • Receive a copy of your data in a portable format.

Submit requests by emailing support@trackdit.com from the address associated with your account. We will verify your identity before fulfilling a request and respond within applicable legal timelines.

10. Children

Trackdit is not directed to individuals under 16. If we learn that we have collected personal data from a child without verifiable parental consent, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy to reflect product changes or legal requirements. Material changes will be announced via email or in-app notice and become effective on the date posted. Continued use of Trackdit after the effective date constitutes acceptance.

12. Contact

For privacy questions, requests, or complaints, email support@trackdit.com. You may also contact the Estonian Data Protection Inspectorate if you believe your rights have been violated.