Privacy Policy

Trakos ("we", "our", or "the Platform") is a SaaS attribution and tracking platform that helps e-commerce businesses measure marketing performance, manage customer relationships, and communicate with customers via WhatsApp Business API.

This Privacy Policy describes how we collect, use, store, share, and protect personal information when you use our platform, access our website, or interact with our services. We are committed to protecting your privacy in compliance with the Brazilian General Data Protection Law (LGPD - Lei 13.709/2018), the European General Data Protection Regulation (GDPR), and other applicable data protection laws.

2.1 Data provided directly by you:

• Account information: name, email address, phone number, company name
• Payment information: billing details (processed securely by third-party payment processors)
• Communication data: messages sent through our support channels, WhatsApp conversations managed through the platform
• Integration credentials: API tokens and keys for Meta, Google Ads, WhatsApp Business, and other connected services

2.2 Data collected automatically:

• Browsing data: pages visited, actions taken, time spent, clicks, and interactions
• Technical data: IP address, browser type, operating system, device information, screen resolution
• Traffic source data: UTM parameters, referrer URLs, click IDs (fbclid, gclid), campaign attribution data
• Cookies and identifiers: unique visitor identifiers, session preferences, tracking pixels
• Location data: approximate country, state, and city based on IP address

2.3 Data from third-party integrations:

• Meta (Facebook/Instagram): ad campaign data, conversion events, audience insights via Meta Marketing API and Conversions API (CAPI)
• Google Ads: campaign performance data, conversion tracking
• WhatsApp Business API: message delivery status, contact information, conversation metadata
• E-commerce platforms (Shopify, Yampi): order data, customer information, product details for attribution purposes

3.1 Platform operation and service delivery:

• Provide multi-touch attribution and conversion tracking
• Process and display marketing analytics and campaign performance
• Enable WhatsApp Business messaging (sending and receiving messages via Cloud API)
• Manage customer relationships through the built-in CRM
• Send conversion events to Meta CAPI and Google Ads for optimization
• Provide customer support and technical assistance

3.2 Analytics and improvement:

• Analyze usage patterns to improve our platform
• Monitor system performance and prevent errors
• Develop new features and services
• Generate aggregated, anonymized insights

3.3 Communication:

• Send platform notifications and service updates
• Respond to support requests
• Send product updates and announcements (with your consent)

Trakos integrates with the WhatsApp Business Cloud API to enable businesses to communicate with their customers. In this context:

• We act as a data processor on behalf of our clients (the data controllers)
• Messages sent and received through WhatsApp are stored securely to provide conversation history and CRM functionality
• We do not read, share, or use the content of WhatsApp conversations for advertising or any purpose unrelated to providing our service
• WhatsApp message data is isolated per company (multi-tenant architecture) and is not shared between clients
• Contact phone numbers and names are used solely for message delivery and CRM management
• Users can request deletion of their WhatsApp conversation data at any time

When connected to Meta services (Facebook, Instagram), Trakos accesses data through official Meta APIs in compliance with Meta Platform Terms:

• Marketing API: used to retrieve ad campaign data, ad spend, impressions, clicks, and performance metrics for attribution dashboards
• Conversions API (CAPI): used to send server-side conversion events (purchases, leads) to improve ad optimization while respecting user privacy
• WhatsApp Business API: used to send and receive messages on behalf of connected business accounts
• We do not sell, rent, or share Meta platform data with any third parties
• Data obtained from Meta APIs is used exclusively to provide the services described in this policy

We use cookies and similar technologies to provide our services:

Essential cookies:

• Authentication and session management
• Security and fraud prevention
• Retention: session or up to 30 days

Attribution cookies:

• Visitor identification for multi-touch attribution
• UTM parameter and click ID storage
• Conversion tracking across sessions
• Retention: up to 90 days

Analytics cookies:

• Platform usage analysis and improvement
• Error monitoring and performance tracking
• Retention: up to 26 months

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

We share personal data only in these situations:

• Infrastructure providers: hosting (Vercel), database (Supabase), and cloud services necessary to operate the platform
• Meta and Google: conversion data sent via CAPI/server-side tracking as configured by our clients
• Payment processors: billing information for subscription management
• Legal requirements: when required by law, court order, or regulatory authority

We never sell, rent, or trade personal data to third parties for their own marketing purposes.

Your data may be processed in servers located outside of Brazil, including the United States and the European Union, through our infrastructure providers:

• Vercel (United States) - application hosting
• Supabase (United States) - database and authentication
• Meta (United States) - WhatsApp API and advertising APIs
• Google (United States) - analytics and advertising APIs

These transfers are protected by standard contractual clauses, data protection certifications, and appropriate security measures as required by the LGPD and GDPR.

We implement industry-standard security measures to protect your data:

• Encryption: all data is transmitted over TLS/SSL encryption
• Access control: role-based access control and multi-tenant data isolation
• Authentication: secure password hashing (bcrypt), session management with HTTP-only cookies
• Row Level Security: database-level isolation ensuring each company can only access their own data
• API token security: integration credentials are encrypted at rest
• Monitoring: continuous monitoring for suspicious activity and security incidents

In the event of a security incident that may pose a relevant risk, we will notify affected users and the relevant data protection authorities as required by law.

Under the LGPD and GDPR, you have the following rights regarding your personal data:

• Access: request a copy of your personal data
• Correction: request correction of inaccurate or incomplete data
• Deletion: request deletion of your data (subject to legal retention requirements)
• Portability: request transfer of your data to another service
• Restriction: request restriction of processing in certain circumstances
• Objection: object to processing based on legitimate interest
• Withdraw consent: withdraw your consent at any time

To exercise any of these rights, contact us using the information provided in the Contact section below. We will respond within 15 business days.

You may request deletion of your personal data at any time by contacting us at the email address below. Upon receiving a valid deletion request, we will:

• Delete your account and associated personal data within 30 days
• Remove WhatsApp conversation data and CRM records
• Anonymize or delete tracking and attribution data
• Retain only data required by legal obligations (e.g., tax records for 5 years)

Trakos is a business-to-business platform and is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make significant changes, we will notify you through the platform or via email. We recommend reviewing this policy periodically. The last update date is indicated at the top of this document.

If you have questions, requests, or complaints about this Privacy Policy or the processing of your personal data, contact us:

You may also file a complaint with the Brazilian National Data Protection Authority (ANPD) at www.gov.br/anpd.