Privacy & Security You Can Rely On
AllTrack is built with privacy and security at its core. We handle your conversion data with the same care we'd want for our own.
Data Handling Practices
AllTrack processes conversion event data on behalf of our customers. We act as a data processor — you remain the data controller. Your conversion data is only used to deliver events to the ad platforms you have configured.
- We never sell your data or your end users' data to third parties.
- Conversion data is only shared with ad platforms you explicitly authorize.
- Personal data (emails, phone numbers) is hashed before being sent to ad platforms as required by their APIs.
- We do not use your data for advertising, profiling, or any purpose beyond delivering the service.
GDPR Compliance
AllTrack is fully GDPR compliant. We provide the tools and transparency you need to meet your obligations as a data controller.
- Lawful basis: We process data based on your instructions as the data controller. We support all lawful bases including consent, legitimate interest, and contractual necessity.
- Data subject rights: We support data access, rectification, erasure, and portability requests. Contact us to exercise these rights on behalf of your end users.
- Data Processing Agreement: Available upon request for enterprise customers.
- Data minimization: We only process the data necessary to deliver conversion events to your configured platforms.
Infrastructure Security
AllTrack is built on enterprise-grade infrastructure with security best practices at every layer.
- Encryption at rest: All stored data, including OAuth tokens and API keys, is encrypted with AES-256 encryption.
- Encryption in transit: All data transmitted to and from AllTrack uses TLS 1.2+ encryption. No unencrypted connections are accepted.
- SOC2-ready architecture: Our infrastructure is designed to meet SOC2 Type II requirements, with access controls, audit logging, and monitoring in place.
- Secure authentication: Passwords are hashed using industry-standard algorithms. JWT-based session management with HMAC signing.
Data Processing Location
AllTrack processes data in the European Union. Our infrastructure is hosted in EU data centers, ensuring your data stays within the EU for processing and storage.
When conversion data is delivered to ad platforms (Google, Meta, TikTok, etc.), the data is transmitted to those platforms' APIs according to their respective data processing locations and agreements.
Consent Management
AllTrack works seamlessly with all major Consent Management Platforms (CMPs). We respect your users' consent choices and only process events when valid consent is present.
- Compatible with Cookiebot, OneTrust, Usercentrics, and other CMPs.
- Consent signals can be passed via webhook parameters to control event processing.
- Events without valid consent are not forwarded to ad platforms.
- Full audit trail of consent status for every processed event.
Related Documents
- Privacy Policy — Full details on how we collect, use, and store data.
- Terms of Service — The terms governing your use of AllTrack.
- Data Deletion — How to request deletion of your data.
Have security questions? Contact our team and we'll be happy to help.