Contact us

Privacy Policy

Introduction

This Privacy Policy (“Policy”) describes how TrueFunnel, LLC, d/b/a WebsiteTracker ("WebsiteTracker," "we," “us,” "our," or "Company") collects, uses, and discloses information in connection with our website at www.websitetracker.com (the "Site") and the services described below (collectively, the “Services”). “Personal Information” means information that identifies, relates to, or could reasonably be linked to an identified or identifiable individual. “User(s),” “you,” or “your” refers to individuals who access the Site or whose Personal Information is otherwise processed by us. Capitalized terms not defined in this Policy have the meanings given in the applicable Terms of Service and Acceptable Use Agreement, Subscription Agreement, or Master Services Agreement (each, a “Customer Agreement”) between WebsiteTracker and the customer (“Customer”) that engages our Services; Customer is also a User. 

This Policy describes our practices across our services:

  • SiteIntel (“SiteIntel”): our cloud-based platform for website governance analysis, compliance monitoring, and digital insights, including AI-powered features.
  • MarketIntel (MarketIntel): an optional add-on to the SiteIntel that includes Competitor Intelligence Monitoring (“CIM”) and External Link Assessment (“ELDAA”), each conducted only at the Customer’s direction. Data collected through MarketIntel is used exclusively for the requesting Customer.
  • ActivityIntel (ActivityIntel”): our optional first-party pixel-based service for fraud detection, bot prevention, and (where applicable) marketing analytics.

This Policy also describes how we use artificial intelligence ("AI") technologies as part of all Services, including how your data may be processed by AI systems and third-party AI providers ("AI Providers").

We encourage our Users to carefully read this Policy whenever you access the Site or otherwise interact with us to stay informed about our privacy practices and the ways in which you can exercise available options over these practices.

Further Defined Terms. The following capitalized terms have the meanings set forth below:

“Order Form” or “Subscription Agreement” means the executed ordering document or Customer Agreement between Customer and WebsiteTracker.

“Customer Content” means content, data, and materials submitted by Customer to the Services.

“Sensitive Information” has the meaning given to Sensitive Personal Information as defined below.

Grounds for data collection

Processing of your information, including your Personal Information, is necessary for the performance of our contractual obligations towards you and providing you with our services, to protect our legitimate interests, and for compliance with legal and financial regulatory obligations to which we are subject.

When you use the Site, you consent to the collection, storage, use, disclosure, and other uses of your Personal Information as described in this Policy, including transmission to third-party AI Providers as described below, unless you inform us that you elect to exercise a right available to you regarding that Personal Information as stated herein. We do not rent, sell, or share Users' information with third parties except as described in this Policy.

How do we receive information about you?

We receive information, including your Personal Information, from various sources:

  • When you voluntarily provide us with your personal details in order to register on our Site;
  • When you use or access our Site in connection with your use of our services, except where you have opted out or deployed a GPC signal (defined herein);
  • When you provide your banking information to make a payment;
  • From third-party providers, services, and public registers (for example, traffic analytics vendors);
  • Through automated website scanning and analysis, including processing by AI-powered tools, in connection with the delivery of our SiteIntel, except where you have opted out or deployed a GPC signal (defined herein);
  • Through automated scanning of third-party websites, including competitor websites and externally linked pages, at Customer's direction as part of the MarketIntel, in connection with Competitor Intelligence Monitoring and External Link Assessment features of the SiteIntel, except where you have opted out or deployed a GPC signal (defined herein); and
  • Through deployment of our first-party security pixel on your website, in connection with the delivery of our ActivityIntel, which collects behavioral signals, device identifiers, IP addresses, and session activity data from your website visitors for fraud detection purposes, except where you have opted out or deployed a GPC signal (defined herein).

What information do we collect?

Our Site collects Personal Information. Personal information does not include: 

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.
  • Other information deemed under applicable state law not to be personal information.

In particular, our Site has collected within the last twelve (12) months, and intends to continue collecting, the following categories of personal information from consumers:

Category Examples Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80I). A name, signature, address, telephone number. Some personal information included in this category may overlap with other categories. YES
C. Protected classification characteristics under applicable state or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). NO
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. NO
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO
F. Internet or other similar network activity. Search history, information on a consumer’s interaction with a website, application, or advertisement, and cookies from web access management (WAM) data for user authentication, authorization, and access privileges for web applications and resources. YES
G. Geolocation data. Physical location or movements. NO
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO
I. Professional or employment-related information. Current or past job history or performance evaluations. NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO
K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. YES (e.g., related to information provided by Google Analytics)
L. Sensitive Personal Information (SPI) Precise geolocation, government IDs (SSN, DL#, passport), racial or ethnic origin, religious beliefs, union membership, genetic data, biometric identifiers, sexual orientation, citizenship/immigration status, and information concerning a consumer’s health or lifestyle. NO
M. Health or Medical Information Medical records, biometric health data, wellness survey responses, fitness tracker information NO
N. Financial or Payment Information Bank account numbers, credit/debit card numbers, or financial transaction histories. NO
O. Precise Geolocation Location data that is accurate to 1,750 feet or less (e.g. GPS) NO
P. Communications Content / Audio-Visual / Social Media Content User-generated content, voicemail recordings, chat logs, photos, or video data. YES
Q. Device Information Hardware model, operating system and version, unique device identifiers, mobile network information, and notification and location permission settings. YES

We obtained the categories of personal information listed above from the following categories of sources:

  • Directly from you. For example, from forms you complete or products and services you purchase.
  • Indirectly from you. For example, from observing your actions on our Site.
  • From other third parties, including those listed within this Policy.

The information we obtain about you from third parties may be combined and utilized with the information you provide us. 

We collect two types of data and information from Users.

The first type is un-identified and non-identifiable information pertaining to a User(s) ("Non-personal Information"). Non-personal Information which is being collected may include your aggregated usage information and technical information transmitted by your device, including certain software and hardware information (e.g. the type of browser and operating system your device uses, language preference, access time, etc.) in order to enhance the functionality of our Site. We may also collect information on your activity on the Site (e.g. pages viewed, online browsing, clicks, actions, etc.).

The second type is Personal Information, which is individually identifiable information, namely information that identifies an individual or may, with reasonable effort, identify an individual. Such information includes:

  • Personally Identifiable Information, such as name, address, email address, and phone number.
  • Banking information for collecting payments.

Device Information: We collect Personal Information from your device. Such information includes geolocation data, IP address, unique identifiers (e.g. MAC address and UUID), and other information that relates to your activity through the Site.

Website Scan Data: When you use our SiteIntel, we collect and process data obtained through automated scanning of websites you designate, including technical attributes, performance metrics, and digital marketing signals ("Website Scan Data"). Website Scan Data may be processed by AI systems to generate insights, summaries, scores, and recommendations. Website Scan Data is generally non-personal in nature; however, if Website Scan Data collected from your designated websites includes any Personal Information, you are responsible for ensuring you have a lawful basis for providing it to us.

MarketIntel Data: Technical and analytical data, including page structure, authority signals, governance indicators, and related metrics, obtained through CIM and ELDAA scans of third-party websites conducted at Customer’s direction (“MarketIntel Data”). CIM scans are limited to the competitor domains identified by Customer in the applicable Customer Agreement or Order Form; ELDAA scans are limited to externally linked pages and the publicly accessible root domain of each linked site. We do not intentionally collect or retain personal data incidentally contained on third-party sites.

Site Activity Tracking Data: Data collected through the ActivityIntel first-party pixel from visitors to Customer’s designated website(s) (“Site Activity Tracking Data”), including the following elements:

  • Device Identifiers (Pseudonymous): Unique identifiers assigned to visitor devices, used exclusively to detect repeat fraudulent or bot activity. Not used to identify individuals for marketing purposes. Retained for up to 180 days.
  • IP Addresses: Collected for geo-risk analysis and bot network detection. Raw IP addresses are hashed after 30 days; hashed IP addresses are retained for up to 180 days.
  • Session Activity Data: Behavioral signals including click patterns, mouse movement, page velocity, form submission patterns, and keystroke timing dynamics, used exclusively for fraud scoring and bot detection; individual page viewing history (full sequence of page paths visited, time per page, visit count, and session depth), stored pseudonymously linked to the device identifier; traffic source signals including UTM parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term), advertising click identifiers (Google Click ID / GCLID; Microsoft Click ID / MCLID), and referrer domain. All session signals are analyzed solely to distinguish automated bot activity from human website visitors and detect click fraud. No individual biometric templates are created or retained. Retained for up to 180 days.
  • Fraud Score: A risk score derived from the above signals, used solely to evaluate spam and fraud risk. Retained in identified form for up to 180 days; retained in de-identified form for up to 2 years.

Site Activity Tracking Data is collected from all website visitors regardless of consent status for fraud detection purposes. The Marketing Analytics Module and Lead Management Application collect marketing analytics data only from consented or non-opted-out visitors as described under “Dual-Purpose Data Architecture” below.

Feedback Data: When you submit comments, ideas, or suggestions regarding our Services ("Feedback"), we collect and retain that information. Unless otherwise determined under our agreements with customers, we hold a perpetual license to use and incorporate Feedback to improve our Services. Feedback is not sold to third parties and is used solely for internal product development purposes.

Other Information We Collect and How We Use That Information

The table below sets forth other information we may collect and how we use that information.

Category of Information Purpose
Location Information — Location of your device when you access certain features of the Site. We use this information to provide location-relevant features of the services.
Cookie Information — Data collected via cookies and similar tracking technologies. We use cookies to provide our services, remember your preferences, and serve relevant advertising.
Third-Party Information — Information received from other sources, including data providers and publicly available sources. We may use this information on its own or in combination with information you provide to us directly to contact you, send you promotional materials, personalize our communications and services to you, for marketing purposes, prepopulate online forms, and better understand the demographics of our users.
Website Scan Data — Technical and performance data obtained by scanning websites you designate through the SiteIntel. We use Website Scan Data to provide and improve the SiteIntel, generate AI-powered insights, summaries, scores, and recommendations, conduct benchmarking and analytics, and for other legitimate business purposes. Website Scan Data is aggregated and anonymized where possible before use for analytics or model improvement purposes.
Site Activity Tracking Data — Pseudonymous device identifiers, IP addresses, session behavioral signals, and fraud scores collected via first-party pixel from visitors to your website(s). Used exclusively to detect bots, spam, and fraudulent activity (Fraud Detection Module). The Marketing Analytics Module, when activated with appropriate consent or opt-out mechanisms, data will also be used for campaign analytics and marketing optimization. Never used for cross-site tracking, sold to third parties, or used for advertising profiling.
MarketIntel Data — Technical and analytical data obtained by scanning third-party websites at Customer's direction, including competitor websites identified by Customer (Competitor Intelligence Monitoring) and externally linked pages (External Link Assessment). Scans are limited to publicly accessible pages only. Used exclusively to provide Competitor intelligence, governance insights, domain authority scoring, and related analytics to the requesting Customer. Not used for cross-customer analysis, platform-level training, or any purpose beyond providing the elected MarketIntel features to Customer. Data is not aggregated across customers. WebsiteTracker identifies itself as "WebsiteTracker-Bot" and complies with robots.txt directives of scanned sites.
Fraud Scores & Automated Blocking Data — Risk scores generated from behavioral signals; automated blocking records where that feature has been activated with written consent from the Customer. Used to evaluate visitor risk. Automated blocking — where the fraud score is used to automatically limit a visitor’s access to website features — is not activated by default and may only be enabled with the Customer’s prior written consent. Subject to human review upon request. See “Automated Decision-Making” below for your rights.
Feedback Data — Comments, ideas, or suggestions you submit to us regarding our Services. Used solely for internal product development and improvement of our Services. Retained for the duration of our relationship and thereafter as needed for product development purposes. Not sold or shared with third parties.

Additionally, we may use the information, including your Personal Information, for the following:

  • To serve you advertisements when you use our Site (see more under "Advertisements");
  • To market our websites and products (see more under "Marketing");
  • Conducting statistical and analytical purposes, intended to improve the Site; and
  • To power and improve AI Features within the SiteIntel and ActivityIntel, using aggregated and anonymized data.

In addition to the different uses listed above, we may transfer or disclose Personal Information to our subsidiaries, affiliated companies, and subcontractors, including AI Providers, some of which may be located in different jurisdictions across the world, for any of the following purposes:

  • Hosting and operating our Site;
  • Providing you with our services, including providing a personalized display of our Site;
  • Storing and processing such information on our behalf;
  • Serving you with advertisements and assisting us in evaluating the success of our advertising campaigns;
  • Providing you with marketing offers and promotional materials related to our Site and services;
  • Performing research, technical diagnostics, or analytics; and
  • Providing AI processing services in connection with the SiteIntel and ActivityIntel.

We may also disclose information if we have good faith to believe that disclosure is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process, or governmental request; (ii) enforce our policies; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing; (iv) establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property, or safety of us, our users, yourself, or any third party; or (vi) collaborate with law enforcement agencies or enforce intellectual property or other legal rights.

How We Share Your Information

We may share your Personal Information by disclosing it to a third party for a business purpose. In the preceding twelve (12) months, we have disclosed personal information for a business purpose to the categories of third parties indicated in the chart below.

Personal Information Category Category of Third-Party Recipients
Business Purpose Disclosures Sales*
A. Identifiers. Sharing with our marketing partners, aiding in responding to employment candidates/job seekers, and storing of electronic information with hosting vendor(s). NO
B. California Customer Records personal information categories.Sharing with our marketing partners, aiding in responding to employment candidates/job seekers, and storing of electronic information with hosting vendor(s).NO
C. Protected classification characteristics under applicable state or federal law.Sharing with our marketing partners, aiding in responding to employment candidates/job seekers, and storing of electronic information with hosting vendor(s).NO
D. Commercial information.N/ANO
E. Biometric information.N/ANO
F. Internet or other similar network activity.Sharing with our marketing partners, aiding in responding to employment candidates/job seekers, and storing of electronic information with hosting vendor(s).NO
G. Geolocation data.Sharing with our marketing partners, aiding in responding to employment candidates/job seekers, and storing of electronic information with hosting vendor(s).NO
H. Sensory data.N/ANO
I. Professional or employment-related information.Sharing with our marketing partners, aiding in responding to employment candidates/job seekers, and storing of electronic information with hosting vendor(s).NO
J. Non-public education information.N/ANO
K. Inferences drawn from other personal information.N/ANO
L. Sensitive Personal Information (SPI)Sharing with our analytics partners and storing of electronic information with hosting vendor(s).NO
M. Health or Medical InformationN/ANO
N. Financial or Payment InformationSharing with our analytics partners, payment processor and storing of electronic information with hosting vendor(s)NO
O. Precise GeolocationSharing with our marketing and analytics partners and storing of electronic information with hosting vendor(s)NO
P. Communications Content / Audio-Visual / Social Media ContentN/ANO
Q. Device InformationPrevent fraud; link or combine with information from other sources to better serve you; aggregated and anonymized usage data may be used to train or improve AI-based features of the SiteIntel or ActivityIntelYES

SiteIntel: MarketIntel

This section applies to customers who have elected MarketIntel.

Customer-Directed Third-Party Scanning. CIM and ELDAA scans are conducted by us as the Customer’s agent at the Customer’s express direction, authorized in the applicable Customer Agreement, Subscription Agreement, or Order Form.

WebsiteTrackerBot. WebsiteTracker identifies itself using the "WebsiteTrackerBot" user agent string for all MarketIntel scanning activity. WebsiteTracker complies with robots.txt directives published by scanned website operators. If a website's robots.txt disallows access to WebsiteTrackerBot, that website will not be scanned, and the customer will be notified.

Third-Party Website Operator Rights. Operators of websites scanned through MarketIntel features may contact us at info@websitetracker.com to request exclusion from future scanning or to raise concerns about automated access to their website. We will respond to such requests promptly and remove the domain from future scanning where appropriate.

ActivityIntel: Additional Disclosures

This section applies to Customer and website Users subject to our ActivityIntel.

Dual-Purpose Data Architecture. Our ActivityIntel operates two technically separated data environments:

  • Fraud Database: Collects data from all website visitors regardless of consent status, used exclusively for fraud detection, bot detection, spam prevention, click fraud analysis, and security monitoring. Operates under a legitimate interest or Service Provider business purpose legal basis. The Fraud Database contains: pseudonymous device identifier; session identifier (transient); IP address (raw for up to 30 days, then hashed); session behavioral signals including keystroke timing dynamics; individual page viewing history (full sequences of page paths, time per page, visit count, and session depth, stored pseudonymously); UTM parameters and advertising click identifiers (GCLID, MCLID); IP-derived geographic attributes; fraud risk score; and marketing consent flag (stored, not used for fraud purposes). The Fraud Database does not contain and must never contain visitor names, email addresses, phone numbers, company names, or any other direct identifier submitted via a form. Data in the Fraud Database is never used for marketing analytics under any circumstances.
  • Marketing Database: Upon activation, will contain data only from opted-in, consented or non-opted-out form submissions, together with marketing attribution data. Fields will include: name; email; phone; company; UTM parameters and advertising click identifiers; IP-derived geographic attributes (not raw IP); fraud risk score and derived behavioral engagement attributes (retrieved via one-time runtime query from the Fraud Database at form submission — session identifier not stored); lead quality score; lead verification outcomes (integrated component of the Lead Management Application); marketing consent flag and metadata; campaign attribution data; and aggregate opt-out conversion counts. Will not contain raw IP addresses, pseudonymous device identifiers, session identifiers, raw behavioral signals, or individual page viewing history. Used for campaign performance analytics, marketing optimization, and lead management.

No data collected under the Fraud Database may be used for marketing purposes. This separation is enforced by technical controls, not policy alone. The only permitted interaction between the two databases is a one-time runtime query at the moment a form is submitted: the session identifier is used to retrieve the fraud risk score and derived behavioral attributes from the Fraud Database, which are written to the Marketing Database record for that submission. The session identifier is immediately discarded and is not stored in the Marketing Database. No persistent linkage between the databases exists or is created. Each Customer’s data is maintained in a logically separate environment from all other customers’ data with no cross-customer commingling.

Purpose Limitation. The Fraud Database and Marketing Database are logically and technically separated environments with no persistent cross-database identifiers. This separation is enforced by technical controls, not policy alone. The only permitted interaction between the two databases is the one-time runtime query. 

WebsiteTracker's Role Classification. With respect to data collected through the ActivityIntel, WebsiteTracker's legal role is as follows:

  • Under US law (CCPA/CPRA and applicable state privacy laws): WebsiteTracker acts as a Service Provider to our Users and Customers. WebsiteTracker does not sell or share your Personal Information as those terms are defined under applicable US privacy law.
  • Under EU/UK law (GDPR / UK GDPR): WebsiteTracker acts as an Independent Controller with respect to fraud detection processing, and as a Data Processor acting on our Customer's instructions with respect to marketing analytics processing.
  • Under HIPAA: Where WebsiteTracker's pixel is deployed by a healthcare Covered Entity or Business Associate on pages where Protected Health Information may be encountered, WebsiteTracker acts as a Business Associate or subcontractor Business Associate and has executed a HIPAA Business Associate Agreement with that Customer.

Session Activity Signals and Biometric Laws. Session activity signals collected by the ActivityIntel, including keystroke timing dynamics and mouse movement patterns, are behavioral signals used solely to distinguish automated bot activity from human website visitors. We do not use these signals to identify any individual, do not create or retain individual-level biometric templates, and process these signals only in aggregate for fraud anomaly scoring. Because these signals cannot identify an individual, they do not constitute “biometric identifiers” or “biometric information” under the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), the California Privacy Rights Act (CPRA), or equivalent state laws, consistent with the principle that biometric identifiers must be capable of identifying a person. If our processing configuration changes in a manner that would cause these signals to be used for individual identification, we will update this Policy and notify affected customers or users at least 30 days in advance.

Illinois, Texas, and Washington Residents — Additional Protection: As an additional safeguard for visitors whose IP address geo-resolves to Illinois, Texas, and Washington, WebsiteTracker does not retain keystroke timing dynamics or mouse movement pattern data. These signals are discarded at the point of collection for Illinois, Texas, and Washington — geolocated sessions — and are never written to WebsiteTracker's fraud database. All other session data (device identifier, IP address, page viewing history, traffic source signals, fraud risk score) continues to be processed for Illinois, Texas, and Washington visitors on the same basis as all other visitors. This additional protection does not affect the legal analysis above and does not constitute an acknowledgment that session behavioral signals are biometric identifiers under any applicable law.

Healthcare Configurations (HIPAA). If the ActivityIntel is deployed by a healthcare Customer on pages where Protected Health Information (PHI) may be encountered, including patient intake forms, appointment booking pages, or patient portal login pages, the following applies:

  • WebsiteTracker operates as a Business Associate (or subcontractor Business Associate) of that Covered Entity or Business Associate healthcare Customer under HIPAA, where applicable.
  • A HIPAA Business Associate Agreement governs WebsiteTracker's handling of any PHI encountered during fraud detection processing.
  • Collected PHI, if any, is used solely for fraud detection and is never used for marketing analytics. Form submissions on HIPAA-configured pages are not routed to the Marketing Database or Lead Management Application regardless of consent status, this restriction applies both now and upon any future activation of the Lead Management Application.
  • PHI data is stored in a separate, HIPAA-compliant data environment with enhanced security controls.
  • If you are a Washington State resident and the pixel is used in a health services context, the Washington My Health MY Data Act may also apply. Contact us at info@websitetracker.com for more information.

Use of Artificial Intelligence

Overview. Artificial intelligence ("AI") and machine learning technologies, including large language models ("LLMs") and other AI tools, are an integral part of our Services. This section explains what AI technologies we use, how your data interacts with those technologies, and what controls you have.

This section applies to the SiteIntel (including the MarketIntel) and the ActivityIntel.

How We Use AI

We use AI technologies to:

  • Automatically gather, analyze, and summarize website and digital campaign performance data on your behalf;
  • Generate trend analysis, predictive analytics, scoring, and recommendations based on your website and campaign data;
  • Analyze Competitor intelligence data and external link signals collected through the MarketIntel to generate insights and recommendations;
  • Analyze behavioral signals and generate fraud scores for fraud detection and bot prevention (ActivityIntel);
  • Classify and qualify non-personally identifiable lead data to support your marketing and sales activities;
  • Accelerate development and maintenance of our proprietary software and codebase; and
  • Improve the quality, accuracy, and performance of our Services over time.

Third-Party AI Providers. To power AI features, we transmit certain data, including Website Scan Data, MarketIntel Data, and, in limited contexts, account-related information, to third-party AI service providers ("AI Providers"). A current list of AI Providers, as well as our full Subprocessor list, is available upon request at info@websitetracker.com. We maintain data processing agreements with our AI Providers that require them to implement appropriate data protection, confidentiality, and security measures.

MarketIntel Data transmitted to AI Providers is processed solely to provide the elected features to the requesting customer and is not used to benefit any other customer or to train general-purpose AI models.

AI Provider Data Use & Training. We take steps to ensure that our AI Providers do not use your Personal Information or Customer Content to train their general-purpose AI models without your consent. However, AI Providers may use aggregated, de-identified, or anonymized data in accordance with their own policies. Upon a valid deletion request, we will request deletion of your data from AI Providers to the extent technically and contractually practicable.

Data Minimization & Sensitive Data. We apply data minimization principles to AI processing. We do not intentionally transmit Sensitive Information to AI systems. You should not submit Sensitive Personal Information, including health or medical data, government identification numbers, financial account numbers, or data relating to minors, through any AI-powered feature of our Services. Note: session activity signals processed by the ActivityIntel (such as keystroke timing and mouse movement) are used solely for bot detection and are not biometric data within the meaning of applicable law; see “Session Activity Signals and Biometric Laws” below. Contact us at info@websitetracker.com if you have concerns.

AI-Generated Output Limitations. AI-generated insights, summaries, scores, and recommendations ("AI-Generated Output") are produced algorithmically and provided for informational purposes only. AI-Generated Output may contain errors, inaccuracies, or omissions, including content that appears plausible but is factually incorrect ("hallucinations"). This risk is heightened for outputs derived from MarketIntel features, which are based on content we do not own or control and which reflects only the pages scanned at the time of the scan. We strongly encourage you to independently verify AI-Generated Output before relying on it for business decisions. AI-Generated Output does not constitute legal, financial, or other professional advice.

Automated Decision-Making. Some features of our Services use automated processing, including AI, to generate scores, classifications, or recommendations that may influence business decisions. Specifically:

  • SiteIntel: AI generates website audit scores, governance recommendations, Competitor Intelligence insights, and external link assessments for informational purposes only; these outputs do not produce legal effects on individuals.
  • ActivityIntel: AI generates fraud scores and other information that may be used to limit access to certain website features.

We do not use automated processing to make decisions that produce outcomes with legal effects concerning individuals without the opportunity for human review. The automated blocking feature, which uses fraud scores to automatically limit a visitor’s access to certain website features, is not activated by default. It may only be enabled by a Customer with WebsiteTracker’s prior written consent, and only where the Customer has implemented the required human review and appeal process described in the applicable agreement. EU/UK visitors have rights under GDPR Article 22 with respect to automated decisions that produce legal or similarly significant effects. US visitors whose access has been limited by an automated blocking decision may request additional human review by contacting the website operator or us at info@websitetracker.com. Certain state laws (including but not limited to Minnesota, Colorado, and Connecticut) provide additional rights regarding profiling and bias. WebsiteTracker uses reasonable safeguards, including required human review, before any decision is made using AI general data.

International Transfers for AI Processing. AI Providers may process data on servers outside the United States. We ensure appropriate safeguards (such as Standard Contractual Clauses or equivalent mechanisms) are in place for international transfers of Personal Information to AI Providers, consistent with applicable law.

Your Rights Regarding AI Processing. Depending on your jurisdiction, you may have rights related to automated processing of your Personal Information, including the right to opt out of profiling with significant consequences. You also have the right to:

  • Request information about which AI Providers have processed your Personal Information and, where applicable, request deletion of that data from AI Provider systems.
  • Opt out of your data being used for AI model training or improvement purposes, to the extent such use occurs.

To exercise these rights, contact us at info@websitetracker.com. Opting out of certain AI processing may limit functionality and Services available to you.

Cookies

We and our trusted partners use cookies and other technologies in our related services, including when you visit our Site or access our Services.

SiteIntel Cookies. The SiteIntel uses standard session, persistent, and third-party analytics cookies to support platform functionality, remember your preferences, maintain your logged-in session on the dashboard, and collect aggregated usage analytics. These cookies do not collect Personal Information about your website visitors.

ActivityIntel - Cookie Banner. Our ActivityIntel first-party pixel is presented to EU/UK website visitors as a first-party security technology operating under the lawful basis of consent and contractual necessity, and is integrated with a Consent Management Platform (CMP) that records consent timestamps, version strings, and withdrawal events. The fraud detection pixel is not categorized as "strictly necessary" without specific legal review. EU/UK visitors may exercise their right to withdraw consent or to object to this processing through the cookie management interface or by contacting us at info@websitetracker.com. For marketing analytics processing under the ActivityIntel, consent is required in EU/UK and other jurisdictions and may be withdrawn at any time through the CMP interface.

Types of Cookies We Use:

  • Session cookies: stored only temporarily during a browsing session and deleted from your device when the browser is closed;
  • Persistent cookies: saved on your computer for a fixed period and not deleted when the browser is closed, used where we need to know who you are for repeat visits; and
  • Third-party cookies: set by other online services that run content on the page you are viewing, for example by third-party analytics companies who monitor and analyze our web access.

Cookies do not contain any information that personally identifies you, but Personal Information that we store about you may be linked to the information stored in and obtained from cookies. You may remove cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Site may not operate properly. For more general information on cookies, visit www.allaboutcookies.org.

We also use Google Analytics (GA4) to collect information about your use of the Site, such as how often users access the Site and which pages they visit. We use this information only to improve our Site and services and do not combine it with personally identifiable information.

Do Not Track Requests/Global Privacy Control (GPC)

In some states, such as California and Colorado, users may be entitled to restrict a website from tracking the users’ online movements, or to opt out of the sale or sharing of their personal information, by using “Do Not Track” browser settings or Global Privacy Control (“GPC”), or similar universal opt-out signals. We recognize GPC signals and “Do Not Track” signals as an opt-out for the sharing or sale of your personal data with third parties. You may still need to contact any third-party companies (including those who may have cookies or beacons on the Site) to direct them not to share your data with third parties as well. 

Opt-Out Provisions and Updating Your Information

We value our users’ privacy and provide them with the option to “opt out” of having their information used for purposes not directly related to the Services. If you wish to opt out, you can opt out by any of the following means:

  1. Send a written request to WebsiteTracker (TrueFunnel, LLC) 720 W St Germain Street, Suite 250, St Cloud, MN 56301; or 
  2. Email info@websitetracker.com

Your request will generally be responded to within three (3) business days if your request is via e-mail, or thirty (30) days if your request is via United States mail.

Please note that changing your opt-out preference will only affect future activities or communications from us. In other words, if you previously consented or did not opt out we may have already provided your information to a third party before you changed your opt-out preferences, you will need to contact the third party directly. To opt out of communications from our third-party business partners, if any, please contact them directly. 

Your State Privacy Rights

State privacy laws may provide their residents with additional rights regarding our use of their personal information. This section applies to residents of such states (“State Privacy Laws”) and supplements the other disclosures of this Policy.

State Privacy Laws include those consumer privacy laws in California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia, and other state privacy laws now existing or enacted in the future.

Categories of Personal Information Collected

Depending on how you interact with the Site, we may collect the following categories of personal information, as defined under the applicable State Privacy Laws:

  • Identifiers, such as name, email address, phone number, device identifiers, or online identifiers;
  • Commercial Information, such as transaction-related information, usage, products and service interests;
  • Internet or other electronic activity information, including Site usage data, log data, and interaction information.
  • Geolocation data, such as your general geographic location derived from device settings (where enabled) or more precise location when using the Site;
  • Inferences, drawn from usage data to improve Site functionality and user experience.

We may collect sensitive personal information, which may include, without limitation, geolocation information, account log in username, and other information that State Privacy Laws may classify as “sensitive” (“Sensitive Personal Information”). We use and disclose Sensitive Personal Information only as reasonably necessary to provide requested products and services, to complete or process transactions you initiate, to verify your identity, to detect and prevent fraud, to maintain the security and integrity of our systems, and to comply with legal and regulatory obligations. We do not sell or share Sensitive Personal Information for behavioral advertising or other commercial purposes. We may disclose Sensitive Personal Information to service providers and other third parties solely for the limited purposes described in this Policy and pursuant to written agreements that restrict their use of such information.

Purposes for Processing Personal Information

We collect and process Personal Information for the purposes described in this Policy, including to:

  • Provide, operate, and maintain the Site;
  • Authenticate users and manage accounts;
  • Ensure the security and integrity of the Site;
  • Detect, prevent, and investigate fraud or unauthorized activity;
  • Improve Site performance, functionality, and user experience;
  • Comply with legal, regulatory, and contractual obligations.

Disclosure of Personal Information

We may disclose personal information to:

  • Our third-party service providers and processors that perform services on our behalf, such as hosting, analytics, security, customer support, marketing, and compliance services;
  • Affiliates, where permitted by law and consistent with this Policy; 
  • Law enforcement or other third parties where required or permitted by law.

We do not disclose personal information to third parties for their own independent purposes except as described in this Policy.

Sale, Sharing, and Targeted Advertising

We share personal information with third parties for business purposes as seen above in the Section titled “How We Collect and Use Your Information.” We will not sell or share your personal information to third parties for targeted advertising. The categories of third parties to whom we disclose your Personal Information may include business strategy, analytics, and payment providers and certain third parties where you have provided consent or where we are required by law. 

Rights Under State Privacy Laws

Subject to certain limitations and exceptions, residents of states with enacted State Privacy Laws may have the right to:

  • Confirm whether we process their Personal Information.
  • Access Personal Information we have collected about them.
  • Correct inaccuracies in their Personal Information.
  • Delete Personal Information, subject to legal retention requirements.
  • Obtain a copy of their Personal Information in a portable format.
  • Opt out of certain processing activities, where applicable.
  • Appeal a decision regarding a privacy rights request.

You may have additional rights based on the State Privacy Laws where you reside.

Exercising Your Rights

You may submit a request to exercise your State Privacy Rights by using the contact information provided in this Policy. We will verify your request as required by law and respond within the timeframes mandated by applicable State Privacy Laws. 

Authorized agents may submit requests on your behalf where permitted by law and subject to verification requirements. 

Please submit a request specifying the right you wish to exercise by:

  • Emailing us at info@websitetracker.com with the subject line “Privacy Rights Request”;
  • Calling us at 866-549-4191; or
  • Writing to us at: WebsiteTracker (TrueFunnel, LLC) 720 W St Germain Street, Suite 250, St Cloud, MN 56301.

Non-Discrimination

We will not discriminate or retaliate against you for exercising your rights under an applicable State Privacy Laws, including by denying products, services, or providing a different level or quality of product or service, except as permitted by law.

Updates to this Section

We may update this section to reflect changes in applicable State Privacy Laws or our data practices. Any material changes will be posted in this Policy. 

Retention

We will retain your information, including your Personal Information, for as long as necessary to provide our Services or as stated in an agreement we have with you to provide Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

SiteIntel. Website Scan Data and data processed by AI Features under the SiteIntel are retained only as long as necessary to provide the Services. Upon termination or a valid deletion request, this data is removed from active systems within a reasonable period and from backups on a standard rotation schedule. Data transmitted to AI Providers is subject to those providers' retention practices; we will use commercially reasonable efforts to ensure AI Providers delete or anonymize your data consistent with our obligations to you.

MarketIntel. Third-Party Scan Output from Competitor Intelligence Monitoring and External Link Assessment data are retained only as long as necessary to provide the elected features to the requesting customer. These data types are removed from active systems upon termination or a valid deletion request within a reasonable period. MarketIntel data is not retained for cross-customer use or platform improvement purposes.

ActivityIntel. The following specific maximum retention periods apply to data collected through the ActivityIntel:

Data Type Maximum Retention Period
Device Identifiers (pseudonymous) 180 days
IP Addresses (raw) 30 days, then hashed
IP Addresses (hashed) 180 days
Session Behavioral Signals 180 days
Fraud Score (identified) 180 days
Fraud Score (de-identified) 2 years
Unconsented leads — Marketing Database90 days from last interaction (auto-deleted or anonymized)
Consented leads — Marketing DatabasePer applicable data addendum (typically duration of Customer’s relationship with the lead)
Aggregated Non-PII Analytics2 years
PHI (HIPAA configurations)Per Business Associate Agreement
EU/UK Consent RecordsDuration of processing + 3 years

These periods represent maximums, not targets. Shorter retention is preferred and applied where operationally feasible.

Feedback Data. Feedback submitted to us is retained for the duration of our relationship and for a reasonable period thereafter for product development purposes, consistent with the perpetual license granted under our agreements.

We may rectify, replenish, or remove incomplete or inaccurate information at any time and at our own discretion.

Pseudonymous Data

Some data collected through the ActivityIntel is maintained only in pseudonymous form and cannot be linked to a specific individual without disproportionate effort, if at all. In response to data subject rights requests (including deletion and access requests), we will make reasonable efforts to match requests to pseudonymous records using available identifiers (email address, IP address within the active scoring window, or device fingerprint if the requestor revisits the site voluntarily). Where a match cannot be confirmed, we will document our best-efforts attempt and provide a response disclosing that no matching record was identified or that records may be pseudonymous and not linkable. This approach is consistent with CCPA § 1798.145(a)(7) and equivalent provisions under applicable law.

Sub-processors

We engage third-party service providers ("Sub-processors"), such as hosting providers, analytics vendors, payment processors, and AI Providers, to provide or support delivery of our Services. We maintain contractual obligations with Sub-processors requiring appropriate data protection and security measures. A current list of all Sub-processors, including AI Providers, is available upon request at info@websitetracker.com. We are not responsible for the acts or omissions of our Sub-processors beyond our contractual obligations with them.

International Transfers - ActivityIntel

WebsiteTracker's infrastructure is hosted on Amazon Web Services (AWS) in US-based regions. For EU/EEA and UK users and website visitors, all data processed through ActivityIntel involves international data transfers. The following transfer mechanisms are in place:

  • EU Users: EU Standard Contractual Clauses (SCCs) 2021/914, Module 1 (Controller-to-Controller, for fraud detection data) and Module 2 (Controller-to-Processor, for marketing analytics data), accompanied by a Transfer Impact Assessment (TIA).
  • UK Users: UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs.
  • AWS: AWS has executed a HIPAA Business Associate Agreement with WebsiteTracker for applicable healthcare data. PHI is stored only on HIPAA-eligible AWS services.

Copies of applicable transfer mechanisms are available upon request by contacting info@websitetracker.com.

Third-Party Collection of Information

Our Policy only addresses the use and disclosure of information we collect from you. To the extent you disclose your information to other parties or sites throughout the internet, different rules may apply to their use or disclosure of the information you disclose to them. Accordingly, we encourage you to read the terms and conditions and privacy policies of each third party to whom you disclose information.

This Policy does not apply to the practices of companies that we do not own or control, or to individuals whom we do not employ or manage, including any of the third parties to whom we may disclose information as set forth in this Policy. For information about the privacy practices of our AI Providers and other Subprocessors, please contact us at info@websitetracker.com to request a current list and links to their applicable privacy policies.

Location of Your Information

The information we collect may be stored and processed in your region, in the United States, or in any other country where we or our affiliates, subsidiaries, or service providers maintain facilities. We take steps to ensure that the information we collect is processed in accordance with this Policy and applicable law, wherever the information is located, including data processed by AI Providers. Where required by applicable law, we ensure appropriate transfer mechanisms (such as Standard Contractual Clauses) are in place for international transfers of Personal Information.

Advertisements

We may use a third-party advertising technology to serve advertisements when you access the Site. This technology uses your information with regard to your use of the Services to serve advertisements to you (e.g., by placing third-party cookies on your web browser).

You may opt out of many third-party ad networks, including those operated by members of the Network Advertising Initiative ("NAI") and the Digital Advertising Alliance ("DAA"). For more information, visit their respective websites: http://optout.networkadvertising.org and http://optout.aboutads.info.

To opt out of use of your Personal Information for advertisements provided by us, please contact our office at info@websitetracker.com.

Marketing

Unless you have communicated to us restricting the use of your Personal Information, we may use your Personal Information ourselves or by using our third-party subcontractors for the purpose of providing you with promotional materials concerning our services, which we believe may interest you.

Out of respect for your right to privacy, we provide you within such marketing materials with the means to decline receiving further marketing offers from us. If you unsubscribe, we will remove your email address or telephone number from our marketing distribution lists. Contact us at info@websitetracker.com with any questions or issues unsubscribing.

Please note that even if you have unsubscribed from receiving marketing emails from us, unless you have opted-out completely we may send you other types of important e-mail communications without offering you the opportunity to opt out. These may include customer service announcements or administrative notices.

Corporate Transaction

We may share information in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation, or asset sale). In the event of the above, the transferee or acquiring company will assume the rights and obligations as described in this Policy.

Minors

The Site is meant for adults and those who have reached the age of majority as defined by the laws of their domicile. The Site is not meant for individuals under the age of eighteen (18) or those defined by the laws of their domicile as minors. Nonetheless, this Policy is designed to comply with the Children’s Online Privacy Protection Act (“COPPA”) and, to the extent applicable, the applicable state data privacy laws, including their enhanced protections for minors. Accordingly, we do not knowingly collect, use, or retain any personal information about users under the age of eighteen (18) except with verified consent of the user (so long as they are above thirteen (13) years of age), parent, or guardian. Subject to applicable law, if we obtain actual knowledge that we collected or retained personal information about a child under the age of eighteen (18) without such consent, that information will be promptly deleted from our systems. Any personal information collected from minors under eighteen (18) with consent from the user, parent, or guardian will be used only for the purposes disclosed at the time of collection or as reasonably necessary to provide our services, will not be sold or used for targeted advertising or profiling, and will not be retained longer than necessary. Users, parents, or guardians may review their own or their child’s personal information, opt out, request deletion, and refuse any further collection or use of such information by contacting us at info@websitetracker.com.

If parents or guardians wish to create an account for, and provide information related to their child who is under the age of eighteen (18), the parent or guardian may do so, but assumes full responsibility for ensuring that the information is kept s and that the information submitted is accurate. In creating such an account, the parent or guardian accepts that this Policy will apply to the minor child’s information. Additionally, we do not knowingly submit Personal Information of minors to AI systems. If you believe a minor's information has been processed through our AI features, please contact us immediately at info@websitetracker.com.

Updates or Amendments to This Policy

We reserve the right to periodically amend or revise this Policy; material changes will be effective immediately upon the display of the revised Policy. The last revision will be reflected in the "Last Modified" section. Your continued use of the Site and Services, following the notification of such amendments on our website, constitutes your acknowledgment and consent of such amendments to the Policy and your agreement to be bound by the terms of such amendments. We will provide advance notice of any material changes to how we use the ActivityIntel to process Personal Information of website visitors, and of any material changes to how we use AI to process your Personal Information.

Limitations

The adoption or publication of this Policy does not subject us to any stricter duty in its collection, handling, storage and disclosure of nonpublic information than otherwise applies to us under applicable law. No person or entity shall have any right or recourse against WebsiteTracker nor any of its affiliates, agents, sponsors, or other related parties based on any alleged violation of or noncompliance with this Policy. This Policy is subject to applicable law as well as any separate contract that may be signed between WebsiteTracker and you. 

How to Contact Us

If you have any general questions about the Site or the information we collect about you and how we use it, including questions about our use of AI, the MarketIntel, the SiteIntel, or the ActivityIntel, you can contact us at info@websitetracker.com.

WebsiteTracker (TrueFunnel, LLC) 720 W St Germain Street, Suite 250, St Cloud, MN 56301 info@websitetracker.com | 866-549-4191

Last Modified: 5/29/26