LEGAL

Privacy Policy

Last updated: 1 May 2026 · Effective immediately

1. Who we are

This Privacy Policy describes how Rightlander Limited (company number 10852894, registered in England and Wales at 86–90 Paul Street, London EC2A 4NE), trading as Trackback ("Trackback", "we", "us", "our"), collects, uses and protects personal data when you visit trackback.example, sign up for an account, or use any Trackback service (together, the "Service").

Rightlander Limited is the data controller for personal data processed in connection with the Service. We are registered with the UK Information Commissioner's Office (ICO).

2. The personal data we collect

We collect the following categories of personal data:

  • Account data: name, work email, company name, job title, password (hashed) and billing details that you provide when signing up.
  • Domain & program data: the affiliate tracking domains and partner URLs you submit for scanning, together with derived metadata such as scores, flags and traffic patterns generated by the Service.
  • Usage data: pages visited, features used, IP address, browser type, device identifiers, and timestamps. We use this for performance monitoring, security and product improvement.
  • Communications: messages you send to support@trackback.io, replies to marketing emails, and feedback submitted through forms.
  • Cookies and similar technologies: see section 8 below.

3. How we use your personal data & lawful basis

We process personal data on the following lawful bases under UK GDPR Article 6:

  • Performance of a contract (Art 6(1)(b)): to deliver Health Reports, run scans, manage your account and process payments.
  • Legitimate interests (Art 6(1)(f)): to keep the Service secure, prevent fraud, improve features, send service-related notifications, and contact existing customers about closely related products.
  • Consent (Art 6(1)(a)): to send marketing emails to prospects who opt in, and to set non-essential cookies.
  • Legal obligation (Art 6(1)(c)): to retain billing records and comply with tax, accounting and law-enforcement requirements.

4. Sub-processors

We use a small number of trusted sub-processors to run the Service. Each is bound by a written contract and equivalent data-protection terms:

  • Amazon Web Services (AWS) — hosting and storage (eu-west-2, London).
  • Google Cloud Platform — supplementary compute, log aggregation and BigQuery (europe-west2).
  • Stripe Payments Europe Ltd — payment processing (Ireland).
  • Postmark / ActiveCampaign — transactional and marketing email delivery (EU/US, covered by Standard Contractual Clauses).
  • Sentry — error monitoring (EU region).

An up-to-date list is available on request from support@trackback.io.

5. International transfers

Where personal data is transferred outside the UK or EEA (for example, to a US sub-processor), we rely on the UK International Data Transfer Agreement or the EU Standard Contractual Clauses, supplemented by appropriate technical and organisational measures such as encryption in transit and at rest.

6. Retention

We retain personal data only as long as needed for the purposes set out above:

  • Active accounts: for the duration of the contract.
  • After cancellation: account data is deleted within 90 days, except for billing records which are kept for six years to meet UK statutory accounting obligations.
  • Scan history: kept for the duration of your subscription so that historical trends remain visible in the Service. You can delete individual domains or scans at any time from your dashboard.
  • Marketing data: deleted within 30 days of unsubscribing.

7. Your rights

Under UK GDPR you have the right to: (a) access the personal data we hold about you; (b) rectify inaccurate data; (c) erasure ("right to be forgotten"); (d) restrict processing; (e) data portability in a structured machine-readable format; (f) object to processing based on legitimate interests; and (g) withdraw consent at any time where processing is consent-based.

To exercise any of these rights, email support@trackback.io. We respond within one calendar month. You also have the right to lodge a complaint with the UK Information Commissioner's Office.

8. Cookies

We use a small number of cookies. Strictly necessary cookies (session, CSRF, language preference) are always set. Analytics cookies (privacy-respecting product analytics) are set only after you accept them through our cookie banner. You can withdraw consent at any time from the cookie settings link in the footer.

9. Security

We apply industry-standard technical and organisational measures including TLS 1.2+ in transit, AES-256 at rest, role-based access control, audit logging, regular vulnerability scanning and annual penetration testing. Despite our efforts, no online service can be guaranteed 100% secure; we encourage strong unique passwords and the use of single sign-on where possible.

10. Children

The Service is a B2B tool and is not directed to children under 16. We do not knowingly collect data from children.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be announced by email or in-product notice at least 14 days before they take effect.

12. Contact

Questions about this Policy or about how we handle your data: support@trackback.io · Rightlander Limited (trading as Trackback), 86–90 Paul Street, London EC2A 4NE, United Kingdom.