Privacy Policy

1. Introduction

ViewTrace ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile app attribution analytics platform (the "Service").

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy regulations. By using our Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, company name, and billing information when you create an account.
• Creator Information: Social media usernames (TikTok, Instagram, Threads) of content creators you wish to track for attribution purposes.
• API Credentials: OAuth tokens and API keys for connected platforms (Meta Ads, TikTok Ads, App Store Connect, Google Play Console) that you voluntarily authorize.
• Support Communications: Information you provide when contacting customer support.

2.2 Information Collected Automatically

• Usage Data: Log data, device information, browser type, and pages visited within our Service.
• Analytics Data: Aggregated metrics about your use of the Service for product improvement.

2.3 Information from Third-Party Platforms

When you authorize connections to third-party platforms, we collect:

• TikTok: Public content metrics (views, likes, comments, shares) for specified creator accounts, collected only with user authorization through TikTok's official API.
• Instagram/Threads: Public content metrics for specified creator accounts.
• Advertising Platforms: Spend data, impression counts, and campaign metrics from authorized ad accounts.
• App Stores: Install counts and revenue data from your authorized developer accounts.

3. How We Use Your Information

We use collected information solely for the following purposes:

• Service Provision: To provide attribution analytics and insights about your creator marketing campaigns.
• Model Training: To improve our attribution models using aggregated, anonymized data patterns (no personally identifiable information is shared).
• Account Management: To manage your account, process payments, and communicate about service updates.
• Support: To respond to your inquiries and provide customer support.
• Legal Compliance: To comply with applicable laws and regulations.

Important: We never sell your data. We never use creator content for purposes other than providing attribution analytics to you, the authorized user.

4. Data Sharing and Disclosure

We share information only in these limited circumstances:

• Service Providers: With trusted vendors who help us operate our Service (hosting, payment processing), bound by confidentiality agreements.
• Aggregated Insights: We may use anonymized, aggregated data to improve our attribution models. This data cannot identify any individual organization or creator.
• Legal Requirements: When required by law, court order, or governmental authority.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.

We DO NOT:

• Sell personal information to third parties
• Share your data with competitors
• Use creator content for advertising purposes
• Share individual organization data without explicit consent

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Access Controls: Strict access controls limit employee access to user data on a need-to-know basis.
• Credential Security: API keys and OAuth tokens are stored securely using industry-standard encryption and are never logged or exposed.
• Regular Audits: We conduct regular security assessments and vulnerability scans.
• Incident Response: We maintain incident response procedures and will notify affected users of any data breach within 72 hours.

6. Data Retention

• Active Accounts: We retain your data for as long as your account is active.
• Account Deletion: Upon account deletion request, we delete or anonymize your data within 30 days, except where retention is required by law.
• Content Data: We do not store original content (videos, images, captions) longer than necessary for metric calculation. Only aggregated metrics are retained.
• Backup Retention: Backups are retained for up to 90 days for disaster recovery purposes.

7. Your Rights (GDPR & CCPA)

Depending on your location, you have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: Request deletion of your personal data ("right to be forgotten").
• Portability: Request a copy of your data in a machine-readable format.
• Objection: Object to processing of your personal data for certain purposes.
• Withdraw Consent: Withdraw consent for processing at any time.
• Opt-Out of Cross-Client Learning: Request that your organization's data not be included in our aggregated model improvements.

To exercise these rights, contact us at privacy@viewtrace.com.

8. Third-Party Platform Compliance

8.1 TikTok

Our integration with TikTok is conducted through TikTok's official Developer API and complies with TikTok's Developer Terms of Service and Privacy Policy. We only access data that users have explicitly authorized, and we respect TikTok's rate limits and usage guidelines.

8.2 Meta (Instagram/Threads)

Our integration with Meta platforms complies with Meta's Platform Terms and Developer Policies. We access data only with user authorization and use it solely for the stated purposes of attribution analytics.

8.3 Apple App Store Connect

We access App Store data only through Apple's official App Store Connect API with your authorization. We comply with Apple's Developer Program License Agreement.

8.4 Google Play

We access Google Play data only through Google's official APIs with your authorization. We comply with Google's API Terms of Service and Developer Distribution Agreement.

9. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will delete it immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, for transfers outside the EEA.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or through the Service at least 30 days before they take effect. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or our data practices: