Privacy Policy

Who We Are
Data We Collect
How We Use Your Data
Legal Basis for Processing
Third-Party Services
Cookies & Tracking
Data Retention
Your Rights (GDPR)
International Data Transfers
Security
Children's Privacy
Changes to This Policy
Contact Us

We believe privacy policies should be readable. This one is written in plain English. If something is unclear, email us at hello@traffi.app.

1. Who We Are

Traffi.app ("Traffi", "we", "our", or "us") is an autonomous content marketing platform that generates SEO articles, distributes them across publication platforms, and tracks traffic performance — so your website grows while you focus on your product.

We operate at traffi.app and can be reached at hello@traffi.app.

For the purposes of the EU General Data Protection Regulation (GDPR) and UK GDPR, Traffi.app acts as the data controller for personal data we collect from you directly. Where we process data on your behalf (e.g., content generated for your business), we act as a data processor.

2. Data We Collect

2.1 Information You Provide

Account data: Email address, name (optional), and password hash when you sign up.
Website URLs: The URLs you submit for analysis and content generation — your homepage, blog, product pages, etc.
ICP (Ideal Customer Profile) data: Information you provide about your target audience, industry, keywords, and content preferences.
Billing information: Your billing address and payment card details. Note: We do not store card numbers — all payment data is processed and stored by Stripe.

2.2 Information We Collect Automatically

Usage data: Pages visited, features used, time spent, and actions taken within the platform.
Traffic analytics: Click-through data from your tracked links (via track.traffi.app), including visitor counts, referral sources, and engagement metrics.
Technical data: IP address, browser type, device type, operating system, and session identifiers.
Log data: Server logs for debugging and security monitoring, retained for 30 days.

2.3 Information from Third Parties

Stripe: Subscription status, payment history, and billing events from our payment processor.
Distribution platforms: Article performance data (views, reads, engagement) from Dev.to and Hashnode when you connect these accounts.

3. How We Use Your Data

We use your data to:

Provide the service: Analyze your website, generate SEO content, schedule and publish articles, and track traffic performance.
Personalize content generation: Use your ICP data and website context to write articles that match your brand voice and target your specific audience.
SEO optimization: Match generated content to search intent using your URL data and keyword preferences.
Track performance: Attribute traffic and conversions to specific articles via our track.traffi.app redirect system.
Process payments: Manage your subscription, handle billing events, and send payment receipts.
Send service communications: Account confirmations, subscription updates, feature announcements, and support responses.
Improve the platform: Aggregate anonymized usage analytics to identify what's working and what isn't.
Ensure security: Detect fraud, prevent abuse, and protect user accounts.

We do not sell your data to third parties. We do not use your data for advertising targeting on other platforms.

4. Legal Basis for Processing (GDPR)

If you are in the EU or UK, we process your data under the following legal bases:

Contract performance (Art. 6(1)(b)): Processing necessary to deliver the service you signed up for — content generation, distribution, analytics, billing.
Legitimate interests (Art. 6(1)(f)): Platform security, fraud prevention, product improvement, and sending relevant service updates.
Consent (Art. 6(1)(a)): Optional analytics cookies and marketing emails, where we ask for your consent first.
Legal obligation (Art. 6(1)(c)): Financial record-keeping and compliance with applicable laws.

5. Third-Party Services

We share data with the following third parties only as necessary to operate the platform:

Stripe (Payments)

Stripe processes all payment transactions. Your card details are entered directly into Stripe's secure forms — we never see or store them. Stripe is PCI DSS Level 1 certified. Stripe Privacy Policy.

Dev.to, Hashnode (Content Distribution)

When you connect distribution accounts, we use their APIs to publish articles on your behalf. The content we publish is generated from your website data and ICP profile. Each platform has its own privacy policy governing their use of data.

track.traffi.app (Analytics Tracking)

Our redirect service at track.traffi.app processes clicks on distributed article links to attribute traffic back to specific pieces of content. This data is used solely to generate your performance reports within the platform.

Hosting & Infrastructure

Our infrastructure runs on Render (hosting), Neon (database), and Cloudflare (CDN/DNS). These providers process data as data processors under our instructions and are contractually bound to protect your data.

Google Analytics

We use Google Analytics to understand how users navigate the platform. This data is anonymized and aggregated. You can opt out via the Google Analytics opt-out browser add-on.

6. Cookies & Tracking

We use cookies and similar technologies to keep you logged in, remember your preferences, and understand how the platform is used. See our full Cookie Policy for details on what cookies we set, their purpose, and how to manage them.

7. Data Retention

We keep your data for as long as your account is active or as needed to provide services:

Account data: Retained while your account is active. Deleted within 30 days of a verified erasure request.
Generated content: Retained indefinitely while your account is active, as it constitutes the service output. Deleted with your account.
Traffic analytics: Aggregated data retained for 24 months to support trend analysis. Raw click logs retained for 90 days.
Billing records: Retained for 7 years for tax and accounting compliance (legal obligation).
Server logs: Retained for 30 days for security and debugging.

8. Your Rights (GDPR & Privacy Rights)

If you are in the EU, UK, or California (CCPA), you have the following rights:

Right of Access (Art. 15 GDPR)

Request a copy of all personal data we hold about you. We'll respond within 30 days.

Right to Rectification (Art. 16 GDPR)

Request correction of inaccurate or incomplete data. You can update most information directly in your account settings.

Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

Request deletion of your personal data. We'll delete everything except data we're legally required to retain (e.g., billing records for tax purposes).

Right to Data Portability (Art. 20 GDPR)

Request your data in a structured, machine-readable format (JSON or CSV). This includes your account data, content library, and analytics history.

Right to Object (Art. 21 GDPR)

Object to processing based on legitimate interests. This includes opting out of analytics and product improvement tracking.

Right to Restrict Processing (Art. 18 GDPR)

Request that we limit how we use your data while you contest accuracy or pending an objection.

Right to Withdraw Consent

Where processing is based on consent (e.g., analytics cookies), you may withdraw it at any time without affecting the lawfulness of prior processing.

Right to Lodge a Complaint

You have the right to complain to your local data protection authority. In the EU, you can find your authority at edpb.europa.eu.

To exercise any of these rights, email hello@traffi.app with the subject line "Privacy Rights Request". We'll respond within 30 days. We may need to verify your identity before processing the request.

Data Processing Agreement (DPA)

If you are a business customer using Traffi.app to process data on behalf of your clients, a Data Processing Agreement is available upon request. Email hello@traffi.app with subject "DPA Request".

9. International Data Transfers

Traffi.app is operated from the United States. If you are in the EU or UK, your data may be transferred to and processed in the US or other countries that may not offer the same level of data protection as your home country.

Where we transfer data internationally, we rely on:

EU Standard Contractual Clauses (SCCs) with processors
Adequacy decisions by the European Commission where applicable
Legitimate interest transfers with appropriate safeguards

10. Security

We take reasonable technical and organizational measures to protect your data:

All data in transit is encrypted via TLS 1.2+
OAuth tokens and sensitive credentials are encrypted at rest using AES-256-GCM
Database access is restricted to application servers only (no public exposure)
Passwords are hashed using bcrypt
Access to production systems is limited to authorized personnel

No system is 100% secure. If you believe your account has been compromised, contact us immediately at hello@traffi.app.

11. Children's Privacy

Traffi.app is not directed to children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top of this page and — for material changes — notify you via email or a prominent notice on the platform.

Continued use of Traffi.app after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions, requests, or complaints:

Email: hello@traffi.app
Subject line for requests: "Privacy Rights Request"
Response time: Within 30 days

We're a lean team and we read every email.

Table of Contents