How will Trackingplan handle my clients’ data?

At Trackingplan, we are committed to providing agencies and end users with complete transparency regarding our privacy practices and the technical and organizational measures we use to ensure the security of your clients' data. As a privacy-first marketing data quality tool, we prioritize data protection at every step.

Trackingplan only collects the necessary data for our operations, and nothing more. We are fully GDPR compliant and adhere to strict data retention practices. Additionally, our SDKs only clone and forward samples that your clients are already sending to their existing analytics providers, such as Google Analytics, Adobe Analytics, or Segment.

Moreover, Trackingplan does not store any data until anonymization measures are applied, selecting only the necessary samples to deliver the intended value. Our approach includes the following safeguards against processing Personally Identifiable Information (PII):

• We hash any known session or user identifiers used by the analytics provider (e.g., client_id, session_id, g_id, etc.).
• We employ a best-effort approach to identify and remove sensitive data, including masking or hashing known sensitive field names and value patterns.
• We allow our clients to specify fields that should not be processed.

Please note that there is no storage before the anonymization measures are applied. Once anonymization is complete, our processing system selects samples and stores them to deliver the intended value:

• We ensure that no PII is processed or stored beyond the initial, on-the-fly collection phase on our servers.
• We randomize and dissociate different samples to prevent identification through the aggregation of pseudo identifiers or user behavior analysis.

To learn more about our security measures, refer to our Privacy Hub.