Privacy Policy

Last updated: March 29, 2026

1. Introduction

Tracking MD (“we”, “us”, “our”) operates the Tracking MD affiliate marketing platform (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last updated” date at the top of this page. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

2. Information We Collect

We collect information that you provide directly to us, that we collect automatically when you use the Service, and that we receive from third parties.

Account Information

When you register for an account, we collect:

  • Full name and email address
  • Organization or business name
  • Password (stored as a bcrypt hash — never in plaintext)
  • Billing address and tax identification information where required

Usage Data

We automatically collect certain information when you or your affiliates interact with the Service, including:

  • Click events, conversions, and page view counts for affiliate link tracking
  • IP addresses, browser user-agent strings, and referrer URLs for analytics and fraud detection
  • Device type, operating system, and browser version
  • Timestamps and session identifiers for attribution accuracy
  • Geographic region derived from IP address (country/region level)

Payment Information

All payment processing is handled by Stripe, Inc. We do not store credit card numbers, CVV codes, or full payment card details on our servers. We receive and store a Stripe customer ID, subscription ID, and limited payment metadata (last four digits, card brand, and expiry month/year) for account management and support purposes.

Affiliate Data

For affiliates enrolled in programs managed through Tracking MD, we may collect:

  • Commission records, earnings history, and payout transactions
  • Tax compliance forms including W-9 (U.S. persons) and W-8BEN (non-U.S. persons)
  • Bank account or PayPal information for payout disbursement, provided voluntarily
  • Promotional materials, affiliate links, and custom campaign parameters

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the Tracking MD platform and all associated features
  • To process affiliate commissions, calculate earned amounts, and facilitate payouts to affiliates
  • To detect, investigate, and prevent fraudulent click activity, bot traffic, and abuse using our AI Guardian fraud detection system
  • To monitor affiliate link health, detect broken links, and send automated notifications to merchants
  • To send transactional emails such as account confirmations, payout notifications, and security alerts
  • To communicate service updates, feature announcements, and support responses
  • To analyze usage patterns and improve platform performance, reliability, and user experience
  • To comply with legal obligations, including tax reporting requirements (1099-NEC issuance)
  • To enforce our Terms of Service and protect the rights and safety of our users

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties for marketing purposes. We may share your information in the following limited circumstances:

  • Stripe, Inc. (Payment Processing): We share billing information with Stripe to process subscription payments and affiliate payouts. Stripe’s use of your information is governed by their Privacy Policy at stripe.com/privacy.
  • Email Service Providers: We use third-party email infrastructure to deliver transactional notifications. These providers process email addresses and message content solely to deliver messages on our behalf.
  • Legal Compliance: We may disclose your information if required to do so by law, subpoena, court order, or other governmental authority, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website of any change in ownership or uses of your personal information.
  • Between Merchants and Affiliates: Merchants using the platform can view analytics data and commission records for affiliates enrolled in their programs. This is a core function of the Service and is disclosed to affiliates at enrollment.

5. Data Security

We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction:

  • Tenant Isolation: Each merchant account operates within a dedicated PostgreSQL schema. Data from different merchants is never commingled at the database level.
  • Encrypted Connections: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
  • CSRF Protection: All state-mutating requests are protected against Cross-Site Request Forgery attacks.
  • Session-Based Authentication: We use Laravel Sanctum with HTTP-only session cookies, reducing exposure to token theft via JavaScript.
  • Two-Factor Authentication: Merchant administrators may enable TOTP-based two-factor authentication for additional account security.
  • Access Controls: Role-based access controls limit which users can view or modify sensitive data within your organization.

Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

6. Data Retention

  • Account data (name, email, organization details) is retained for the duration your account is active.
  • Click and conversion tracking data is retained according to the data retention period included in your merchant subscription plan.
  • Financial records including commission history and payout records are retained for a minimum of seven (7) years to comply with applicable tax and accounting regulations.
  • Upon account closure or termination, personal data is deleted or anonymized within thirty (30) days, except where retention is required by law.
  • Backups may retain data for up to ninety (90) days before expiration as part of our disaster recovery process.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: You may request a copy of the personal data we hold about you.
  • Correction: You may update inaccurate or incomplete personal data through your account settings or by contacting us.
  • Deletion: You may request deletion of your personal data, subject to retention obligations described above.
  • Portability: You may export your data (click records, commission data, affiliate information) using the built-in data export feature available in your merchant dashboard.
  • Objection and Restriction: You may object to or request restriction of certain processing of your personal data.
  • Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@trackingmd.com. We will respond to your request within thirty (30) days.

8. Cookies

We use cookies and similar tracking technologies to operate the Service. Our cookie usage is minimal and functional:

  • Session Cookies: HTTP-only, secure cookies used for authentication and maintaining your logged-in session. These are essential for the Service to function and expire when you close your browser or log out.
  • XSRF Token Cookie: A cookie used to protect against CSRF attacks. This is required for the security of all state-mutating requests.

We do not use third-party tracking cookies, advertising cookies, or cross-site behavioral tracking technologies. We do not participate in ad networks or remarketing programs.

9. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date. For significant changes, we may also send a notification to the email address associated with your account. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Tracking MD

Email: support@trackingmd.com

We use cookies to improve your experience and analyze site traffic. Essential cookies are required for the platform to function. Analytics cookies help us understand usage patterns. Privacy Policy