Trackapp

Legal

Privacy Policy

Last updated: May 12, 2026 · Draft — align with your final DPA / hosting agreements (Supabase, Stripe).

1. Who we are

Trackapp ("we") operates a web application at your configured production domain (for example trackapp.fr). This Policy explains how we process personal data when you use the Service.

2. Data we collect

  • Account data — email address and authentication metadata processed by Supabase when you sign up or sign in.
  • Billing data — handled by Stripe when you purchase a paid plan (we do not store full card numbers).
  • Usage & technical data — standard server logs, device/browser metadata, and diagnostics needed to operate and secure the Service.
  • Third-party API outputs — aggregated public commercial content we retrieve via TikTok Commercial Content / Research APIs (and similar APIs) to display in dashboards. This is generally not your personal TikTok profile data.

3. Purposes & legal bases (GDPR)

  • Providing and securing the Service (performance of a contract / legitimate interest).
  • Billing and fraud prevention (performance of a contract / legitimate interest).
  • Compliance with legal obligations where applicable.

4. TikTok & Meta integrations

Where enabled, our servers obtain client credentials tokens from TikTok and query Commercial Content / Research endpoints server-side. End users do not need to connect their personal TikTok account for this read-only library view. Tokens and secrets stay on the server environment (for example Vercel environment variables).

5. Processors & transfers

We rely on subprocessors such as Supabase (authentication/database), Stripe (payments), and hosting providers. Their locations and terms govern international transfers; sign DPAs as required for your organization.

6. Retention

We retain account and billing records as needed for legal, tax, and operational purposes, then delete or anonymize when no longer necessary.

7. Your rights

Depending on jurisdiction, you may request access, rectification, erasure, restriction, portability, or objection. Contact us using the channel published on the production site. You may lodge a complaint with your supervisory authority.

8. Children

The Service is not directed at children under 16 (or the minimum age in your region).

9. Changes

We may update this Policy. Material changes will be indicated by revising the date above.

10. Contact

Add your GDPR / privacy contact email and postal details before production marketing.

Terms of Service · Confidentialité (FR)

Privacy Policy — Trackapp