Privacy Policy

This Privacy Policy explains how TrafficSpy Pro ("we", "us", or "our") collects, uses, stores, and shares information about you when you use our website and services (collectively, the "Service"). By using the Service, you acknowledge that you have read and understood this policy.

We are not a large corporation with a dedicated legal team — we are a small, independent software product. We have written this policy to be plain and honest about what we actually do, not what sounds impressive.

Information you provide to us:

• Account credentials: your email address and a password you create. Passwords are hashed by our authentication provider (Supabase) using industry-standard algorithms — we never see or store your plain-text password.
• Profile information: display name, if you choose to provide one.
• Feedback submissions: the type, subject, message, and optional star rating you submit through the Help & Support form. Guest submissions are anonymous; logged-in submissions are linked to your account.

Information collected automatically:

• Usage data: domains you search, features you access, and credits consumed. This is used solely to power the Service.
• Technical data: IP address, browser type, device type, and server log data collected by our infrastructure providers (Supabase, Vercel). We do not use this data to build advertising profiles.
• Session cookies: strictly necessary cookies that maintain your login session. We do not set advertising, analytics, or third-party tracking cookies.

We do not collect: payment card data (we have no payment system currently), location data beyond IP-level country, or biometric data of any kind.

We use the information we collect solely to:

• Create and manage your account and authenticate your identity.
• Provide the core features of the Service (domain analysis, keyword research, etc.).
• Send you transactional emails — specifically, account verification and password reset emails. We do not send marketing emails unless you have explicitly opted in.
• Read and respond to feedback you submit.
• Detect and prevent abuse, fraud, and security incidents.
• Comply with legal obligations we are subject to.

We do not sell, rent, or share your personal information with third parties for their own marketing purposes. We do not use your data to serve you targeted advertisements.

For users in the European Economic Area, United Kingdom, and other jurisdictions with similar laws, our legal basis for processing your personal data is:

• Contract performance: Processing your account data to provide the Service you signed up for (Art. 6(1)(b) GDPR).
• Legitimate interests: Security monitoring and abuse prevention, where these interests are not overridden by your rights (Art. 6(1)(f) GDPR).
• Legal obligation: Where processing is required to comply with applicable law (Art. 6(1)(c) GDPR).
• Consent: For any optional communications you explicitly opt into (Art. 6(1)(a) GDPR). You may withdraw consent at any time.

Your data is stored in databases managed by Supabase, Inc., which runs on Amazon Web Services (AWS) infrastructure. Data is encrypted at rest and in transit using TLS 1.2 or higher.

We implement reasonable technical and organisational measures to protect your data, including access controls and secure API design. However, no system is completely immune to security incidents. We will notify you promptly if a breach affects your personal data.

Data location: Our primary database region is US-East-1 (AWS Virginia). If you are in the EU/EEA, your data is therefore transferred to and processed in the United States. See our GDPR page for details on the safeguards we rely on for this transfer.

We use only strictly necessary session cookies to keep you logged in. These cookies are required for the Service to function and are not used for tracking or advertising. No consent banner is needed for strictly necessary cookies under GDPR, PECR, or equivalent laws.

You can disable cookies in your browser settings, but doing so will prevent you from staying logged in.

We share data with the following service providers only to the extent necessary to operate the Service:

• Supabase, Inc. — authentication, database, and storage. Supabase acts as a data processor under our instructions and has a GDPR-compliant Data Processing Agreement.
• Vercel, Inc. — web application hosting and edge delivery. Vercel has a GDPR-compliant Data Processing Agreement.

We do not use Google Analytics, Facebook Pixel, or any other advertising or behavioural analytics tools.

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required by law to retain it for longer (for example, server access logs may be retained for up to 90 days for security and abuse prevention).

Anonymous feedback submissions (guest feedback) contain no personal identifiers and are retained indefinitely to help us improve the Service.

Depending on your location, you may have rights over your personal data. We honour the following rights for all users, regardless of jurisdiction:

• Access: Request a copy of the personal data we hold about you.
• Correction: Ask us to correct inaccurate or incomplete data. You can also update your display name directly in Settings.
• Deletion: Request that we delete your account and associated personal data.
• Restriction: Ask us to limit how we process your data in certain circumstances.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.

To exercise any of these rights, email us at dexteritydevelops@gmail.com. We will respond within 30 days. We may ask you to verify your identity before acting on a request.

TrafficSpy Pro is intended for users aged 16 and over. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has created an account or submitted data to us, please contact us immediately and we will delete it.

If we make material changes to this Privacy Policy (for example, changes to the types of data we collect, how we use it, or who we share it with), we will notify registered users by email at least 14 days before the changes take effect. Minor, non-material clarifications will be reflected by updating the date at the top of this page.

For EU/EEA users: where material changes require a new legal basis or new consent, we will obtain that separately and will not rely on continued use as implied consent.

If you have questions, concerns, or requests relating to this Privacy Policy:

TrafficSpy Pro
Email: dexteritydevelops@gmail.com