Privacy Policy

Last updated: March 2026

1. Who We Are

Tracio ("we", "us", "our") provides an AI visibility monitoring platform for fintech brands. This policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).

2. Data We Collect

  • Account data: email address, display name
  • Project data: company name, domain, keywords, competitor names and domains
  • Monitoring data: AI model responses about your brand, visibility scores, mentions
  • Usage data: feature usage analytics (anonymized via PostHog)

We do not collect: IP addresses for storage, behavioral tracking data, payment card details (handled by Paddle), or location data.

3. Why We Collect It (Legal Basis)

  • Contract performance: to provide the monitoring service you subscribed to
  • Legitimate interest: to improve our service and prevent abuse
  • Consent: for marketing emails (opt-in only)

4. How We Use Your Data

  • Send your keywords to AI models (OpenAI, Anthropic, Google, Perplexity) to monitor brand visibility
  • Calculate and store visibility scores and breakdowns
  • Send email notifications about score changes and system events
  • Improve the accuracy of our monitoring algorithms

5. Data Storage and Security

All data is stored in the EU (Frankfurt) region via Supabase (PostgreSQL). Data is encrypted at rest and in transit. We use Row Level Security (RLS) to ensure strict tenant isolation — your data is never accessible to other users.

6. Sub-processors

  • Supabase — database and authentication (EU region, DPA signed)
  • Vercel — application hosting (DPA signed)
  • Resend — transactional email delivery (DPA signed)
  • OpenAI, Anthropic, Google, Perplexity — AI model providers (keywords only, no PII sent)

7. Data Retention

  • Account data: retained while your account is active
  • Monitoring data (scores, mentions): retained indefinitely for trend analysis
  • Full AI response text: retained for 90 days, then automatically deleted
  • Response excerpts (2-3 sentences): retained indefinitely

8. Your Rights (GDPR)

You have the right to:

  • Access: request a copy of all your data
  • Rectification: correct inaccurate data via Settings
  • Erasure: delete your account and all associated data
  • Portability: export your data in JSON format
  • Restriction: pause data processing
  • Objection: object to processing based on legitimate interest

To exercise any of these rights, email us at privacy@tracio.io. We will respond within 30 days.

9. Deleting Your Data

You can delete your account at any time from Settings. Deleting your account will permanently and irreversibly remove all your data including: projects, keywords, competitors, monitoring history, scores, and all associated records. This action cannot be undone.

10. Data Protection Officer

For data protection inquiries, contact our DPO at dpo@tracio.io.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email. The latest version is always available at this page.