Privacy Policy — ZelTracker

1. Who We Are

ZelTracker is an ad traffic analytics and bot detection service operated by ZelTracker, based in Uruguay ("we", "us", "our"). Our service helps website owners identify invalid traffic and protect their advertising budget.

2. What Data We Collect

2.1 Website Visitors (via SDK)

When a website owner installs our tracking SDK, we collect anonymous session data from their website visitors. This includes:

Browser type, version, and language settings
Screen resolution and viewport size
Operating system and platform
IP address (used for geolocation and threat detection, not stored in personally identifiable form)
Page URL and referrer URL
Mouse movement and click patterns (aggregated, not individual tracking)
Time on page and scroll depth
Browser fingerprint hash (a non-reversible identifier used to detect repeat visits)
Ad click identifiers (GCLID, FBCLID, TTCLID) when present in the URL

We do NOT collect:

Names, email addresses, or phone numbers of website visitors
Form inputs, passwords, or payment information
Cookies for cross-site tracking
Any personally identifiable information (PII)

2.2 ZelTracker Account Holders

When you create a ZelTracker account, we collect:

Email address
Company name
Password (stored as a secure hash, never in plain text)

3. How We Use Data

Bot detection: Analyzing session data to identify automated, invalid, or suspicious traffic
Traffic reports: Generating dashboards and reports for account holders
Service improvement: Improving our detection algorithms and machine learning models
Account management: Authentication, billing, and customer support

We do not sell, rent, or share visitor data with third parties for advertising or marketing purposes.

4. Data Retention

Session data is retained according to your subscription plan:

Free plan: 7 days
Basic plan: 30 days
Enterprise plan: 90 days

After the retention period, session data is automatically and permanently deleted. Account data is retained while your account is active and deleted within 30 days of account deletion.

5. Data Security

We protect your data using:

HTTPS/TLS encryption for all data in transit
Encrypted database connections
Secure password hashing (bcrypt)
JWT-based authentication with expiring tokens
Rate limiting and CORS protections on all API endpoints

6. Third-Party Services

We use the following third-party services:

Cloudflare Turnstile: Invisible CAPTCHA verification for bot detection (governed by Cloudflare's Privacy Policy)
LemonSqueezy: Payment processing (governed by LemonSqueezy's Privacy Policy)
Resend: Transactional email delivery

7. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the following rights:

Access: Request a copy of the data we hold about you
Rectification: Request correction of inaccurate data
Deletion: Request deletion of your account and associated data
Portability: Request your data in a machine-readable format
Objection: Object to processing of your data
Opt-out of sale: We do not sell personal data, but you can contact us at any time

To exercise any of these rights, contact us at contact form. We will respond within 30 days.

8. Cookies

The ZelTracker SDK does not use cookies on your visitors' browsers. Our dashboard application (app.zeltracker.com) uses only essential cookies for authentication (JWT session token). We do not use advertising, analytics, or third-party tracking cookies.

9. Children's Privacy

ZelTracker is a business tool not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify account holders of significant changes via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

11. Contact

For privacy-related questions or requests:

Use our contact form to get in touch.