Privacy Policy

Last updated: March 30, 2026

N&P Soft, operating as TrackNCloak ("Company", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at trackncloak.com ("Service"). This policy applies to all users of the Service globally and is designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), India's Information Technology Act, and other applicable data protection laws.

1. Information We Collect

1.1 Information You Provide

  • Account information: Name, email address, password (hashed), workspace name, and billing information when you register for an account.
  • Payment information: Credit card details, billing address, and transaction history. Payment information is processed and stored by our payment processor, Razorpay. We do not store your full credit card number on our servers.
  • Campaign data: Campaign configurations, traffic source settings, offer URLs, landing page URLs, flow rules, cloak rules, and other settings you create within the Service.
  • Support communications: Information you provide when contacting our support team.

1.2 Information Collected Automatically

  • Log data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps when you access the Service.
  • Tracking data: When you use our tracking features, we process click data, conversion data, visitor metadata (IP addresses, user agents, device information, geo-location at the country/city level), and referrer information on your behalf.
  • Cookies and similar technologies: We use cookies and similar tracking technologies as described in our Cookie Policy.

1.3 Information from Third Parties

  • Advertising platform data: When you integrate with Facebook CAPI, TikTok Events API, or Google Ads, we may receive conversion and attribution data from these platforms.
  • IP intelligence data: We use third-party IP databases to identify VPN, proxy, Tor, and datacenter IP addresses for traffic filtering purposes.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: Operating your account, processing campaigns, tracking clicks and conversions, filtering traffic, and generating reports.
  • Billing and payments: Processing subscription payments, managing invoices, and handling refunds.
  • Communication: Sending transactional emails (account verification, password resets, billing notifications), product updates, and support responses. We use Brevo (formerly Sendinblue) as our email service provider.
  • Security and fraud prevention: Detecting and preventing unauthorized access, abuse, and fraudulent activity.
  • Service improvement: Analyzing usage patterns to improve features, performance, and user experience.
  • Legal compliance: Complying with applicable laws, regulations, and legal requests.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following legal bases:

  • Contract performance: Processing necessary to provide the Service you have subscribed to (Article 6(1)(b) GDPR).
  • Legitimate interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, and service improvement, balanced against your rights (Article 6(1)(f) GDPR).
  • Consent: Where you have given explicit consent, such as for marketing communications (Article 6(1)(a) GDPR).
  • Legal obligation: Processing necessary to comply with applicable legal requirements (Article 6(1)(c) GDPR).

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with the following categories of recipients:

  • Payment processor (Razorpay): To process subscription payments. Razorpay's privacy policy: razorpay.com/privacy.
  • Email service provider (Brevo): To send transactional and operational emails. Brevo's privacy policy: brevo.com/legal/privacypolicy.
  • Infrastructure providers: Hosting providers (Hetzner, Neon for database) that process data on our behalf under appropriate data processing agreements.
  • Advertising platforms: When you configure integrations (Facebook CAPI, TikTok Events API, Google Ads), data is shared with those platforms as directed by you.
  • Legal requirements: When required by law, subpoena, or governmental request, or to protect our rights, safety, or property.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

5. Data Retention

  • Account data: Retained for as long as your account is active. Upon account deletion, personal data is deleted within 30 days, except where retention is required by law.
  • Tracking and click data: Retained according to your plan's data retention settings. Users can configure retention periods. Default retention is 90 days for click-level data and 12 months for aggregated reports.
  • Billing records: Retained for 7 years as required by tax and accounting regulations.
  • Support communications: Retained for up to 2 years after resolution.
  • Server logs: Retained for up to 90 days for security and debugging purposes.

6. Your Rights

6.1 GDPR Rights (EEA/UK Users)

If you are located in the EEA or UK, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request restriction of processing in certain circumstances.
  • Portability: Request a machine-readable copy of your data.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint: File a complaint with your local data protection authority.

6.2 CCPA Rights (California Residents)

If you are a California resident, you have the right to:

  • Know: Request disclosure of the categories and specific pieces of personal information we have collected.
  • Delete: Request deletion of personal information we have collected.
  • Opt-out: Opt out of the sale of personal information. Note: We do not sell personal information.
  • Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

6.3 Exercising Your Rights

To exercise any of these rights, contact us at help@trackncloak.com. We will respond to verified requests within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

7. International Data Transfers

N&P Soft (operating as TrackNCloak) is based in India with infrastructure in various locations. Your data may be transferred to and processed in countries outside your jurisdiction, including India, Germany (Hetzner), and the United States (Razorpay, Neon). Where such transfers occur, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Data processing agreements with all sub-processors;
  • Compliance with applicable data transfer frameworks.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest;
  • Secure password hashing (bcrypt);
  • JWT-based authentication with secure session management;
  • Regular security reviews and updates;
  • Access controls limiting employee access to personal data;
  • Infrastructure hosted on reputable providers with SOC 2 compliance.

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at help@trackncloak.com.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you interact with.

11. Data Processing Role

With respect to tracking data processed through your campaigns, N&P Soft (operating as TrackNCloak) acts as a data processor on your behalf. You, as the user, are the data controller responsible for ensuring that your collection and use of visitor data complies with applicable data protection laws, including obtaining necessary consents from your visitors. Please refer to our Data Processing Agreement for details.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service at least fifteen (15) days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

For privacy-related inquiries, data access requests, or complaints, contact us at:

If you are in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.