Privacy Policy

Last updated: May 21, 2026

1. Introduction

Tractn ("we," "us," or "our") operates the Tractn AI Marketing OS platform accessible at app.tractn.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

We are committed to protecting your privacy and handling your data with transparency. By using Tractn, you agree to the collection and use of information in accordance with this policy.

2. Our Role: Controller and Processor

Tractn operates in two data protection roles:

  • Data Controller: For data we collect about you as a Tractn user (your account, company profile, platform usage). We decide why and how this data is processed.
  • Data Processor: For data you collect about your customers through Tractn tools (Tractn Pixel, email automation, CRM). You are the Data Controller for this data, and we process it only on your instructions.

Our obligations as a Data Processor are detailed in our Data Processing Agreement.

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Name and email address (via Google Sign-In or email registration)
  • Profile photo (if provided by your Google account)
  • Company name, industry, website URL, and business description
  • User type (founder, freelancer, or agency) and experience level
  • Competitors and target market information
  • Marketing budget range and active channels

3.2 Connected Platform Data

When you connect third-party marketing platforms via OAuth 2.0, we access data from those services on your behalf. This includes:

  • Google Analytics: Website sessions, users, page views, bounce rate, conversions (read-only)
  • Google Search Console: Search queries, impressions, clicks, CTR, average position (read-only)
  • Google Ads: Campaign impressions, clicks, spend, CPC, CTR, conversions (read-only)
  • Meta (Facebook/Instagram): Page insights, post engagement, follower counts, ad metrics
  • LinkedIn: Company page analytics, post performance, follower growth
  • X (Twitter): Tweet impressions, engagement rate, follower count
  • TikTok: Video views, engagement metrics, follower data
  • YouTube: Channel analytics, watch time, subscriber metrics

OAuth tokens are encrypted at rest using AES-256-GCM encryption before being stored in our database. You can revoke access at any time through the Connections settings page or directly from the third-party platform.

3.3 Data We Process on Your Behalf

When you use Tractn's marketing tools, you may collect the following data about your customers and website visitors. You are the Data Controller for this data:

  • Lead data: Email address, name, phone number, segment (via Tractn Pixel or manual entry)
  • Conversion events: Event type, value, timestamp, UTM attribution (via Tractn Pixel)
  • Technical data: Device type, anonymous session ID, referrer URL, landing page
  • Email engagement: Open timestamps, click-through data, delivery/bounce status

3.4 Usage Data

We automatically collect standard usage data including:

  • Browser type and version
  • Pages visited and time spent
  • IP address (for security and fraud prevention)
  • Device information

4. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Tractn platform
  • Display your marketing analytics in a unified dashboard
  • Run AI agents to generate marketing strategies, content, and insights
  • Send emails on your behalf through email automation sequences
  • Track conversion events on your website via the Tractn Pixel
  • Authenticate your identity and secure your account
  • Process subscription payments
  • Communicate with you about service updates
  • Detect and prevent fraud or abuse

We do not sell your data. We do not share your analytics data with third parties for advertising or marketing purposes.

5. AI Processing

Tractn uses AI (powered by Anthropic's Claude) to generate marketing strategies, content, research, and analytics insights. Here's what you need to know:

  • What we send to AI: Company-level data only — your company name, industry, brand voice profile, campaign objectives, and marketing plan content
  • What we DO NOT send to AI: Personal data of your leads or customers (emails, names, phone numbers) is never sent to AI models
  • Training: Under Anthropic's API terms, data sent through the API is not used to train their models
  • Outputs: AI-generated content (strategies, posts, copy) is stored with your campaign data and is fully under your control

6. Data Storage & Security

  • Database: Your data is stored in PostgreSQL databases hosted by Supabase with row-level security (RLS) enabled.
  • Token Encryption: All OAuth access tokens and refresh tokens are encrypted using AES-256-GCM before storage.
  • Transport Security: All data in transit is encrypted using TLS 1.3.
  • Access Control: Each user can only access data from their own connected accounts.
  • Hosting: The application is hosted on Vercel with enterprise-grade security.
  • Rate Limiting: The Tractn Pixel is rate-limited to 500 events per company per minute to prevent abuse.

7. Data Sharing & Sub-Processors

We share your information only with the following categories of service providers:

  • Infrastructure: Supabase (database), Vercel (hosting), Stripe (payments)
  • AI & Intelligence: Anthropic (AI agents), Tavily (web search), DataForSEO (keyword research)
  • Communication: Resend (email delivery)
  • Legal Requirements: We may disclose data if required by law, court order, or governmental authority.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity.

A complete list of our sub-processors is maintained at tractn.io/sub-processors.

8. International Data Transfers

Tractn's infrastructure is primarily located in the United States. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your data will be transferred to the US.

We protect these transfers through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with each sub-processor
  • Technical safeguards (encryption at rest and in transit)

9. Google API Services — Limited Use Disclosure

Tractn's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only use Google user data to provide and improve Tractn's analytics features.
  • We do not transfer Google user data to third parties except as necessary to provide the service, comply with laws, or as part of a merger/acquisition.
  • We do not use Google user data for serving advertisements.
  • We do not allow humans to read Google user data unless required for security purposes, legal compliance, or with the user's explicit consent.

10. Data Retention

  • Account data: Retained while your account is active, plus 30 days after deletion
  • Lead and conversion data: Retained until you delete it — you control the retention period
  • AI outputs: Retained with your campaign data, deletable at any time
  • OAuth tokens: Revoked and deleted immediately when you disconnect a platform
  • Analytics snapshots: Retained for historical trending purposes while your account is active

If you delete your account, we will delete your personal data within 30 days. Some anonymized, aggregated analytics may be retained for service improvement.

11. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct any inaccurate information.
  • Deletion: Request that we delete your account and associated data.
  • Portability: Request an export of your data in a machine-readable format.
  • Restriction: Request that we restrict certain processing activities.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw your consent for data processing at any time.
  • Disconnect: Revoke access to any connected platform at any time through the Connections settings page.

To exercise any of these rights, contact us at privacy@tractn.io.

12. GDPR Compliance (EEA Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • The right to data portability
  • The right to restrict processing
  • The right to object to processing
  • The right to lodge a complaint with a supervisory authority

Our legal basis for processing personal data includes: performance of a contract (providing the service), legitimate interests (improving our platform and preventing fraud), and consent (connecting third-party accounts).

13. Cookies & Tracking

Tractn uses essential cookies for authentication and session management. We do not use third-party advertising cookies or cross-site tracking cookies on the Tractn application.

For full details, see our Cookie Policy.

14. Children's Privacy

Tractn is not intended for users under the age of 16. We do not knowingly collect personal information from children.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

16. Contact Us

If you have any questions about this Privacy Policy, please contact us: