Trakl logoTraklBack to app

Privacy policy

Effective date: 2026-05-02. Last updated: 2026-05-02.

This Privacy Policy explains how Trakl ("Trakl", "we", "us", or "our") collects, uses, shares, and protects information about you when you use our website, dashboard, short-link redirects, and related services (collectively, the "Service"). By using the Service, you agree to this Policy. If you do not agree, do not use the Service.

Trakl is operated by Digital King Inc. References to "we" and "us" mean Digital King Inc.

1. Information we collect

We collect the following categories of information:

  • Account information. When you create an account, we collect your email address and a password (stored only as a one-way hash by our authentication provider). We may also collect an admin flag, plan tier, and account creation timestamp.
  • Link metadata you create. Short slugs, destination URLs, optional labels, optional notes, UTM tags (campaign, source, medium, term, content), and pin and disable flags.
  • Click events on your short links.When a visitor follows one of your short links, we record the timestamp, user-agent string, parsed browser, OS, device type, referrer, country code (when our hosting provider supplies it), and a salted SHA-256 hash of the visitor's IP address. The raw IP address is never written to our database.
  • Billing information. When you purchase a paid plan, our payment processor (Stripe) collects your payment method, billing address, and tax information directly. We receive only a customer ID, subscription ID, plan, and subscription status from Stripe. We do not see or store your full card number.
  • Communications. If you contact us or submit a bug report through the in-app form, we receive the contents of that message together with your account email.
  • Cookies and similar technologies. We use first-party session cookies for authentication, analytics cookies for product measurement, and we may set or read short-lived cookies needed for our content delivery network and tag manager.
  • Server logs. Our hosting provider records standard request logs (timestamp, request path, response status, user-agent, country, hashed IP) for security and operational purposes.

2. How we use your information

We use the information we collect to:

  • provide, operate, and maintain the Service;
  • authenticate you and protect your account against unauthorized access;
  • show you analytics about clicks on your own short links in your dashboard;
  • detect, prevent, investigate, and respond to fraud, abuse, security incidents, spam, illegal activity, and violations of our Terms of Service;
  • process payments and manage subscriptions through Stripe;
  • communicate with you about your account, billing, security alerts, product updates, and changes to our terms;
  • measure and improve the performance, reliability, and usability of the Service through aggregated analytics and session-level diagnostics;
  • comply with our legal obligations and respond to lawful requests from public authorities.

3. Legal bases for processing (EEA / UK)

If you are located in the European Economic Area or the United Kingdom, we process your personal information under the following legal bases: (a) performance of a contract, when processing is necessary to provide the Service you requested; (b) legitimate interests, such as securing the Service, preventing abuse, measuring product performance, and growing our business, balanced against your privacy interests; (c) consent, when you have given it (for example, for non-essential cookies or marketing); and (d) legal obligation, when processing is required by applicable law.

4. Sharing and third-party services

We do not sell your personal information. We share information only with the following categories of recipients:

  • Supabase. Database and authentication provider. Stores account credentials, link metadata, click events, profiles, reports, and error logs.
  • Stripe.Payment processor. Handles all card data, billing portal access, and subscription lifecycle. Stripe's privacy policy applies to data they collect from you directly.
  • Cloudflare. Hosting, CDN, security, and tag management (Cloudflare Zaraz). Cloudflare may process request metadata, IP addresses, and cookies in the course of routing and protecting traffic.
  • Google Analytics 4 (Google LLC). Loaded server-side through Cloudflare Zaraz. We use it to measure aggregate product usage (page views, sessions, custom events such as link creation, destination edits, share-link copies, and short-link redirects). Google may use this data subject to its own privacy policy.
  • Microsoft Clarity (Microsoft Corporation).Loaded through Cloudflare Zaraz. Records anonymized session recordings, heatmaps, and behavioral metrics to help us diagnose usability issues. Clarity may capture page interactions, clicks, scroll depth, and form interactions, with sensitive fields masked. Clarity's privacy notice applies to data they collect.
  • Service providers. Other vendors that help us operate the Service (for example, transactional email senders, error reporting tools, or future support tools). They may access your information only as needed to perform services on our behalf and are bound by confidentiality obligations.
  • Legal and safety. We may disclose information if we believe in good faith that disclosure is necessary to comply with applicable law, lawful requests, or court orders; to enforce our Terms of Service; to protect the security, rights, property, or safety of Trakl, our users, or the public; or to investigate fraud or abuse.
  • Business transfers. If Trakl is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction, subject to standard confidentiality protections.

5. International data transfers

We and our service providers operate in the United States and other countries. If you access the Service from outside the country where our infrastructure is located, your information may be transferred to, stored in, and processed in countries with different data-protection laws than your jurisdiction. We rely on appropriate safeguards (such as Standard Contractual Clauses) where required.

6. Data retention

We retain information for as long as is needed to:

  • provide the Service to you (account information is retained while your account is open);
  • show you historical analytics (click events are retained while the parent link exists; deleting a link deletes its click history);
  • comply with our legal, accounting, tax, and audit obligations;
  • resolve disputes and enforce our agreements.

Inactive links are subject to reclamation under the schedule described in our Terms of Service. After account deletion, we delete or anonymize personal data within a reasonable period, except where retention is required by law or necessary to protect our legitimate interests (for example, to prevent abuse or comply with financial recordkeeping obligations).

7. Your rights

Depending on where you live, you may have rights with respect to your personal information, including the right to access, correct, delete, restrict or object to processing, data portability, and withdraw consent. Residents of California may also have rights under the California Consumer Privacy Act (including the right to know what personal information we collect and the right to delete or correct it). Residents of the EEA, UK, and Switzerland may have rights under the General Data Protection Regulation. To exercise any of these rights, contact us at the address below. We will respond within the time frame required by applicable law. We do not discriminate against you for exercising your rights.

8. Security

We use industry-standard technical and organizational measures to protect your information, including encryption in transit (TLS), access controls, row-level security on all user-owned data, salted SHA-256 hashing of visitor IPs before storage, secret management for service credentials, and audit logging of administrative actions. No system is perfectly secure. You are responsible for safeguarding your account credentials and notifying us immediately of any unauthorized access.

9. Children

The Service is not directed to children under 13 (or under 16 in the EEA and UK). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child without verifiable parental consent, we will delete that information promptly. If you believe a child has provided us with personal information, contact us at the address below.

10. Cookies and tracking

We use first-party cookies for authentication and session management. We use Cloudflare Zaraz to load Google Analytics 4 and Microsoft Clarity, which may set cookies and collect interaction data as described above. You can control cookies through your browser settings. Disabling cookies may impair some functionality of the Service.

11. Do Not Track

Our website does not currently respond to "Do Not Track" browser signals. Where required by law, we honor opt-out signals recognized by applicable regulations.

12. Changes to this Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be communicated through the Service or by email to your account address. Your continued use of the Service after the effective date of the updated Policy constitutes acceptance of the updated Policy.

13. Contact

For questions, requests under privacy laws, or other concerns, contact us at info@digitalkinginc.com.