Roles
Where applicable data protection law treats the account owner as a controller or business and TrackingInk as a processor or service provider, TrackingInk will process customer personal data on behalf of the account owner to provide the service. For data TrackingInk processes for its own account administration, billing, security, legal compliance, product analytics, and business operations, TrackingInk may act as an independent controller or business.
Subject matter and duration
The subject matter of processing is the operation of TrackingInk's author intelligence platform, including accounts, dashboards, imports, sync, analytics, reports, alerts, AI features, support, subscriptions, security, and related services. Processing continues for the term of the user's account and as needed for retention, backups, legal compliance, security, dispute resolution, fraud prevention, and service operation.
Nature and purpose
TrackingInk processes data to authenticate users, connect marketplaces, import and normalize publishing data, generate dashboards, run sync jobs, create reports and alerts, provide AI-assisted insights, provide support, enforce plan limits, process subscriptions, monitor security, troubleshoot errors, prevent abuse, and improve reliability.
Categories of data
Customer personal data may include account identifiers, names, email addresses, authentication data, device data, IP address, support messages, screenshots, subscription metadata, platform connection metadata, sync status, logs, titles, book identifiers, catalog metadata, sales, royalties, KENP reads, refunds, payout records, tax-withholding indicators, ratings, reviews, review text, and other publishing information submitted or made available through the service.
Categories of data subjects
Data subjects may include TrackingInk users, authors, publishers, account administrators, support contacts, team members, marketplace account users, and, where review text or public review metadata contains personal data, reviewers or readers whose information appears in marketplace data.
Customer instructions
TrackingInk will process customer personal data according to the Terms, Privacy Policy, this DPA, product settings, documented user actions, support requests, and other lawful instructions reasonably understood from the customer's use of the service. TrackingInk may decline instructions that would violate law, marketplace rules, security requirements, product integrity, or the rights of others.
Confidentiality and access
TrackingInk restricts access to customer personal data to personnel, contractors, and service providers who need access to operate, secure, support, or improve the service and who are subject to confidentiality obligations or equivalent restrictions.
Security measures
TrackingInk uses reasonable technical and organizational measures designed to protect customer personal data, including account-scoped authorization, access controls, encrypted transport, encryption at rest where appropriate, restricted secrets, logging, monitoring, backup controls, rate limits, sync safeguards, incident-response processes, and operational review of sensitive systems.
Subprocessors
TrackingInk may use subprocessors for hosting, databases, storage, authentication, monitoring, logging, analytics, email, support, payments, subscriptions, AI processing, security, and infrastructure operations. TrackingInk remains responsible for subprocessors it engages to process customer personal data on its behalf and requires them to process data under contractual restrictions appropriate to their role.
International transfers
Customer personal data may be processed in the United States and other countries where TrackingInk or its subprocessors operate. Where transfer safeguards are required, TrackingInk will use appropriate mechanisms such as standard contractual clauses, data processing terms, or other lawful transfer measures.
Assistance
Taking into account the nature of the processing and the information available to TrackingInk, we will provide reasonable assistance with data subject requests, security obligations, incident response, deletion requests, and compliance requests that relate to TrackingInk's processing of customer personal data.
Security incidents
If TrackingInk becomes aware of a confirmed security incident involving customer personal data, we will take reasonable steps to investigate, contain, and remediate it. Where legally required or appropriate based on the risk, we will notify affected customers without undue delay and provide information reasonably available to us.
Deletion and return
Upon account deletion, termination, or verified request, TrackingInk will delete or return supported customer personal data within a reasonable period, subject to backups, legal obligations, security records, fraud prevention, billing records, dispute resolution, operational constraints, and data we are required or permitted to retain.
Audits and information
Upon reasonable written request, TrackingInk may provide information about its privacy and security controls sufficient to help customers assess compliance with this DPA. Requests must not compromise security, confidentiality, other users' data, trade secrets, or provider restrictions.
CCPA/CPRA service provider terms
Where the California Consumer Privacy Act or California Privacy Rights Act applies, TrackingInk acts as a service provider or contractor for customer personal information processed on behalf of a customer. TrackingInk will not sell or share that customer personal information, retain, use, or disclose it outside the business purposes described in the Terms, Privacy Policy, and this DPA, or combine it with other personal information except as permitted by applicable law.
Conflict
If this DPA conflicts with the Terms or Privacy Policy, this DPA controls only for the processing of customer personal data where data protection law requires processor, service provider, or contractor terms. The Terms continue to control all other use of TrackingInk.
Last updated: June 1, 2026.