Trackingplan is committed to strict privacy and data security practices. Our platform:
Only processes events that are already anonymized and never collects more data than your clients already send to their analytics providers.
The SDK inspects locally on the device the network requests your site or app already sends to third-party tools (e.g., Google Analytics, HubSpot, Mixpanel), applying anonymization or masking before forwarding to our backend.
On our servers, events are parsed and modeled to detect anomalies indicating implementation errors or third-party tool issues.
Client data remains encrypted both in transit and at rest, hosted on hardened AWS services with fine-grained IAM role access controls, and is automatically deleted after 90 days.
Our security practices include peer-reviewed code changes, continuous integration and deployment (CI/CD), two-factor authentication (2FA), audit logs, 24/7 monitoring, and GDPR compliance via data processing agreements (DPA) and Standard Contractual Clauses (SCC) for international transfers.
To learn more about Trackingplan's privacy and security measures, refer to our Privacy Hub.
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
