At Trakg, protecting user data and respecting global privacy laws isnโ€™t an afterthought โ€” itโ€™s built into the core of our platform. We understand the sensitivity around form data and ensure businesses stay compliant while gaining powerful insights.

โ€‹
๐Ÿ” Built with Privacy in Mind

Trakg is designed to capture only non-sensitive interactions on forms โ€” like which fields were filled, the time taken, or what was removed โ€” while explicitly ignoring sensitive fields such as:
  • Passwords
  • Payment and financial details
  • Government IDs (like SSN, Aadhaar)
  • Health-related or confidential fields
Our script uses built-in field name and type filters, as well as advanced pattern matching, to block the collection of personally identifiable or protected data.

โ€‹
๐ŸŒ GDPR (General Data Protection Regulation)

For businesses operating in or serving users from the EU:
  • Trakg never stores personally identifiable information (PII) without consent.
  • All tracking can be opt-in only, respecting cookie banners or consent managers.
  • Users can request to have their interaction data removed via your dashboard.
  • Data collection is anonymized unless a user explicitly submits a form.
You remain the controller of the data โ€” Trakg acts as a processor, helping you stay compliant with article 28 of GDPR.

โ€‹
๐Ÿ‡บ๐Ÿ‡ธ CCPA (California Consumer Privacy Act)

Under CCPA, users have the right to:
  • Know what is being collected (Trakg is transparent by design)
  • Opt-out of sale or tracking (via cookie settings or opt-out APIs)
  • Request deletion of data (Trakg supports secure erasure workflows)
We do not sell user data, and do not build advertising profiles.

โ€‹
๐Ÿ›ก Data Storage & Retention

  • All collected data is encrypted at rest and in transit using modern TLS standards.
  • Data is stored only for as long as necessary to provide insights or as defined by your custom retention policies.
  • You can manually delete any captured session or lead data from the dashboard at any time.
Trakg plays nicely with major consent management tools (OneTrust, Cookiebot, etc.). You can:
  • Defer script execution until consent is given
  • Use data-trakg-disabled on forms to opt-out
  • Respect DNT (Do Not Track) headers and incognito modes

โ€‹
๐Ÿค SOC2, HIPAA & ISO Readiness

While Trakg doesnโ€™t process health or financial data by default, we:
  • Follow principles aligned with SOC2 Type I controls (access logs, audit trails, breach reporting)
  • Plan HIPAA-compatibility for healthcare-adjacent use cases (forms using data-trakg-sensitive will be auto-ignored)
  • Work with external consultants to validate ISO 27001-aligned practices

โ€‹
๐Ÿงช Transparent Practices

  • Source code is periodically reviewed and validated by external security professionals.
  • We do not use dark patterns or track keyboard input beyond whatโ€™s typed into standard form fields.
  • You always have visibility into what Trakg captured โ€” viewable on a per-user, per-form basis from your dashboard.

โ€‹
๐Ÿงญ Your Responsibilities

While Trakg helps with compliance, itโ€™s up to you to:
  • Disclose use of analytics and trackers in your privacy policy
  • Ensure consent mechanisms are in place when required
  • Avoid collecting data you donโ€™t need or canโ€™t legally justify
Trakg gives you the tools. Compliance is a shared responsibility.
Need more details for a compliance audit or integration help with your DPO or legal team? Contact us or request a compliance brief through your Dashboard.