GDPR Compliant

PrivacyPolicy

Your privacy matters. This policy explains how Traaaction collects, uses, and protects your data with full GDPR compliance.

Last updatedFebruary 3, 2026

Welcome to Traaaction. We provide a platform for managing affiliate and partner marketing programs, enabling startups to create missions and sellers to earn commissions through tracked referrals.

We are committed to protecting your privacy and personal data. By using our Service, you agree to the collection and use of information as described in this policy.

Data Controller

The data controller responsible for your personal data is:

Traaaction

60 rue Amiral Romain-Desfosses

29200 Brest, France

contact@traaaction.com

Information We Collect

We collect different types of information depending on how you interact with our Service:

For Startups (Program Owners)

Account information: name, email address, company name
Workspace settings and preferences
Payment information processed through Stripe
Mission and program configurations

For Sellers (Affiliates)

Account information: name, email address
Profile information: bio, social media links, profile picture
Payout information: Stripe Connect, PayPal, or IBAN
Performance data: clicks, leads, sales, commissions

For End Users (Visitors)

When you click on a tracking link, we may collect:

Click identifiers for attribution
IP address (geolocation only, not stored for EU)
Device type and browser information
Country and city (derived from IP)
Referrer URL and timestamp

Cookies & Tracking

We use cookies and similar technologies to operate our Service and provide attribution tracking.

Cookie	Purpose	Duration
trac_id	Attribution tracking	90 days
trac_active_ws	Active workspace session	Session
sb-*	Authentication (Supabase)	Session

No advertising cookies. Our tracking cookies are strictly first-party and used solely for affiliate attribution.

How We Use Your Data

We use the collected information for the following purposes:

Service Delivery

To provide, operate, and maintain our platform

Attribution

To track clicks, leads, and sales to correct sellers

Payments

To process commissions and payouts

Analytics

To provide insights about affiliate programs

Communication

Transactional emails and support responses

Security

Fraud detection and abuse prevention

Improvement

Analyze usage patterns to improve Service

Legal

Comply with applicable laws and regulations

Legal Basis (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

Contract Performance

Processing necessary to provide our Service (account management, payments, tracking)

Legitimate Interests

Fraud prevention, security, and service improvement

Legal Obligation

Tax records, anti-money laundering compliance

Consent

Where required (e.g., marketing communications)

Data Sharing

We share your data with trusted service providers who help us operate our platform:

Service Providers (Subprocessors)

Provider	Purpose	Location
Stripe	Payment processing	US (EU available)
Supabase	Authentication, database	EU (Frankfurt)
Vercel	Hosting, edge functions	Global (EU edge)
Tinybird	Real-time analytics	EU (GCP Europe)
Upstash	Redis cache, rate limiting	EU (Frankfurt)

Other Disclosures

To comply with legal obligations or lawful requests
To protect our rights, privacy, safety, or property
In connection with a merger or acquisition (with prior notice)
With your consent for any other purpose

International Transfers

Your data may be transferred to countries outside the EEA. We ensure appropriate safeguards:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Data Processing Agreements with all subprocessors

Data Retention

We retain your personal data only as long as necessary:

Account dataUntil deletion + backup period

Transaction data7 years (legal requirement)

Analytics data24 months detailed, aggregated longer

Tracking data90 days for attribution

Log data30 days for security/debugging

Your GDPR Rights

If you are in the EU/EEA, you have the following rights:

Right to Access

Request a copy of your personal data

Right to Rectification

Request correction of inaccurate data

Right to Erasure

Request deletion ("right to be forgotten")

Right to Restriction

Limit processing in certain cases

Right to Portability

Receive data in machine-readable format

Right to Object

Object to legitimate interest processing

To exercise these rights, contact us at contact@traaaction.com. We will respond within 30 days. You may also lodge a complaint with your local Data Protection Authority.

Controller vs Processor

When you use our tracking features on your website:

You (Startup)

Data Controller

Responsible for obtaining consent, informing users, and responding to privacy requests.

Traaaction

Data Processor

Processes data on your behalf according to our Data Processing Agreement.

Security

We implement appropriate technical and organizational measures:

Encryption (TLS/HTTPS)

Secure authentication

Regular security audits

Access controls

Input validation

Rate limiting

While we strive to protect your data, no method of transmission over the Internet is 100% secure.

Children's Privacy

Our Service is not intended for individuals under 18. We do not knowingly collect data from children. If you become aware that a child has provided us with personal data, please contact us.

Policy Changes

We may update this Privacy Policy from time to time. When we make significant changes:

We will post the updated policy with a new "Last updated" date
We will send email notification to registered users for material changes

Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy:

Traaaction

60 rue Amiral Romain-Desfosses

29200 Brest, France

contact@traaaction.com