How will Trackingplan handle my clients’ data?

We are committed to providing agencies and end users with complete transparency about our privacy practices and the technical and organizational measures we use to ensure the security of your client’s data.

Trackingplan only collects the necessary data for our operation, and nothing more. We are fully GDPR compliant and follow strict data retention practices. Additionally, our SDKs only clone and forward samples that your clients are already sending to their existing analytics providers, such as Google Analytics, Adobe Analytics, or Segment.

Moreover, Trackingplan does not store anything until anonymization measures are applied, selecting only the necessary samples to deliver the intended value.

Furthermore, although Personally Identifiable Information (PII) is typically not permitted in most third-party services, our collectors perform additional measures to avoid processing PII:

• We hash any known session or user identifiers used by the analytics provider (e.g., client_id, session_id, g_id, etc.).
• We employ a best-effort approach to identify and remove sensitive data. This includes masking or hashing known sensitive field names and value patterns.
• We allow our clients to specify fields that should not be processed.

Please note that there is no storage before the anonymization measures. Subsequently, our processing system selects samples and stores them to deliver the intended value:

• We ensure that no PII is processed or stored beyond the initial, on-the-fly collection phase on our servers.
• We randomize and dissociate different samples to prevent identification through the aggregation of pseudo identifiers or user behavior analysis.

To learn more about our security measures, refer to our Privacy Hub.