loading...
loading...

Privacy Policy

Last updated: 30.06.2026

This Privacy Policy explains how Trackian Ltd. (Тракиан ООД), a limited liability company registered in Bulgaria (UIC 207030368, VAT BG207030368), registered seat at 19 Krairechna St., office No. 6, Svilengrad 6500, Bulgaria (“Trackian”, “we”, “us”), collects, uses, and protects personal data across our website, our marketing analytics application, and the Trackian connector for AI assistants (the “Service”). Contact: info@trackian.com.

1. Our Role: Controller and Processor

Trackian is a data controller for personal data of our website visitors, account holders, and people we correspond with. Trackian is a data processor for the analytics data you connect from third-party platforms (Google Analytics, Google Ads, Google Search Console, and similar), which we process only on your instructions to provide the Service; you remain the controller of that data and are responsible for a lawful basis to share it.

2. Information We Collect

You provide: name, company name, address, email, phone, message contents and attachments, and anything you choose to send when registering or contacting us.

Connected platforms: when you authorize a source, we access the marketing/analytics data needed to provide the Service, using only the requested OAuth scopes. You can revoke access anytime.

Log files: IP address, browser type, ISP, date/time stamps, referring/exit pages, and click counts, used for trend analysis and site administration. These are not linked to identifiable individuals.

Cookies: we and our providers use cookies to store preferences and pages visited, to optimize your experience. Control them via your browser settings.

3. How We Use Personal Data and Legal Bases

Purpose Legal basis (GDPR Art. 6)

Provide, operate, maintain, and improve the Service Performance of a contract; legitimate interests

Process connected-platform data to deliver insights and anomaly detection On the controller’s instructions (we act as processor)

Customer service and account communications Performance of a contract

Develop new products, features, and functionality Legitimate interests

Marketing and promotional communications, including through our partners Consent

Send emails, find and prevent fraud Legitimate interests; legal obligation

Where we rely on consent, you may withdraw it at any time without affecting processing done before withdrawal.

4. Automated Processing

The Service uses automated analysis to detect anomalies and surface insights. It supports your decisions, does not produce legal or similarly significant effects on individuals, and is not automated decision-making under Article 22 GDPR.

5. Use with AI Assistants

The Service can be accessed through AI assistants via the Model Context Protocol. When you make a request this way, the data needed to answer it — which, depending on your request, may include records sourced from your connected platforms — is sent to the AI provider operating that assistant (for example, OpenAI) and processed under their terms and privacy policy to fulfill your request. We send only what is needed to answer your request, we do not use this data to train AI models, and we do not control how third-party AI providers process data once it reaches their systems. Review their policies before sending sensitive information through an assistant.

6. Sharing and Sub-Processors

We do not sell personal data. We share data with sub-processors under contracts requiring them to protect it and use it only on our instructions, including: Google Cloud / BigQuery (hosting and storage), OpenAI (processing requests made through the AI connector), payment and billing providers (subscriptions), and the platform APIs you connect, as you direct. We may share data with partners for the marketing purposes described in Section 3 where you have consented. We may also disclose data where required by law. Our marketing website may display third-party advertising; those ad networks may set their own cookies, which we do not control — consult their privacy policies for opt-out options.

7. International Data Transfers

We use infrastructure and providers located in the United States and other regions, so your personal data may be transferred outside the European Economic Area. For such transfers we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, or another lawful transfer mechanism. Request details using the contact above.

8. Data Retention

We keep personal data only as long as necessary: account and contact data for the life of your account plus a reasonable period for legal and accounting obligations; connected-platform data for as long as the source remains connected or as you instruct; log data for a limited diagnostic period. We then delete or anonymize it.

9. Your GDPR Rights

You have the right to access, rectification, erasure, restriction, objection, data portability, and to withdraw consent. The first access request is provided free of charge. Contact info@trackian.com; we respond within one month. For connected-platform data where we act as processor, direct requests to the relevant controller (our customer), whom we will assist. You may also complain to your supervisory authority — in Bulgaria, the Commission for Personal Data Protection (CPDP).

10. California Privacy Rights

California residents may request disclosure of the categories and specific pieces of personal data we hold, request deletion, and opt out of any “sale” of personal data. We do not sell personal data. Contact info@trackian.com.

11. Google User Data

When you connect Google services, we access your data through Google OAuth and process it to provide the features you request. Trackian’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to train AI or machine-learning models.

  • Google Search Console. Our application accesses your Google Search Console data via Google’s API using OAuth permissions. The data accessed includes various website metrics and properties. This is done solely with your explicit consent and primarily to facilitate you in gaining insights and visualizing your website’s performance data. The data is extracted into and securely stored within Google’s BigQuery. It is used to provide the features and functions of our application — primarily data visualization and the insights you request. When you use the Trackian connector for AI assistants, data needed to answer your request, which may include this Google Search Console data, is shared with the AI provider as described in Section 5; it is otherwise confined to your user account and not sold. 
  • Google Analytics. Our application accesses your Google Analytics account data through OAuth permissions via Google’s API. The data extracted includes website traffic, user behavior, demographics, and other site statistics, used to provide analysis of your website’s performance. It is transferred to and stored in Google’s BigQuery for accessibility and visualization. It is used exclusively within your account, except that when you use the AI connector, data needed to answer your request, which may include this Google Analytics data, is shared with the AI provider as described in Section 5. It is not sold.
  • Google Ads. Our application accesses your Google Ads data via OAuth permissions through Google’s API. The data accessed includes campaign information, ad performance, cost information, and other relevant metrics, used to manage and visualize your advertising efforts. It is stored in Google’s BigQuery. It is used to provide our application’s services and is tied to your user account, except that when you use the AI connector, data needed to answer your request, which may include this Google Ads data, is shared with the AI provider as described in Section 5. It is not sold or used for advertising.

12. Security

We use technical and organizational measures appropriate to the risk, including access controls and encryption in transit. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. Children’s Privacy

The Service is not directed to children, and we do not knowingly collect personal data from children under the age of 16. If you believe a child has provided us data, contact us and we will delete it.

14. Changes to This Policy

We may update this policy from time to time, posting the revised “Last updated” date and, for material changes, providing additional notice.

15. Contact

Trackian Ltd. (Тракиан ООД), 19 Krairechna St., office No. 6, Svilengrad 6500, Bulgaria — info@trackian.com