Privacy Policy

This policy distinguishes two groups: (a) account holders — the people and businesses who sign up for and use Trackyr; and (b) contacts — the individuals whose public, business, or professional contact information appears in the Trackyr graph. Different rights and processing apply to each, described below.

When you create an account we collect your name, email address, authentication identifiers, workspace details, and billing information processed by our payment provider (Stripe). We also collect product-usage data — hunts you run, credits you spend, and exports you generate — to operate, secure, and improve the service.

Trackyr aggregates business and creator contact information. Creator-platform data is collected from publicly accessible, logged-out profiles only. Business-contact data is sourced from an aggregated third-party people database. A contact record may include name, public handles, email, phone number, job title, company, firmographics, and a coarse geographic indicator.

For every contact we retain provenance— the source, the time of collection, and whether the data was public at that time — so the record’s origin is always auditable.

Account-holder data is used to provide the service, process payments, provide support, and send service communications. Contact data is made available to account holders for lawful business outreach and partnership prospecting, and is continuously re-verified to keep it accurate. We do not sell account-holder personal data.

Trackyr data may be used for business and partnership outreach only. It may notbe used to make decisions about a person’s eligibility for credit, insurance, employment, housing, or any other purpose governed by the Fair Credit Reporting Act (FCRA) or analogous laws, nor for harassment, stalking, or any unlawful purpose.

We maintain a global suppression list. Any opt-out, hard bounce, do-not-contact signal, or deletion request is propagated across the entire graph within minutes, and suppressed records are excluded from all queries and exports.

Depending on your jurisdiction (including under GDPR and CCPA/CPRA), you may have the right to access, correct, or delete personal data we hold about you, and to opt out of its processing. To exercise these rights, submit a request through our data-request (DSAR) page. We verify requests and action verified deletions across the graph within the timeframe required by applicable law.

We retain account data for as long as your account is active and as needed to meet legal obligations. Contact records are retained while accurate and re-verifiable, and removed when every contact method goes dead or upon a verified deletion request. We use industry- standard administrative and technical safeguards, including row-level access controls and encryption in transit.

We share data with infrastructure and processing vendors strictly to operate the service — including hosting, our database and authentication provider, our payment processor, and the validation and data-enrichment providers used in the pipeline. These vendors process data on our instructions.

We may update this policy from time to time; material changes will be reflected by the “last updated” date above. Questions or privacy requests can be sent through the data-request page or to our privacy contact.