Security program
TrackingInk uses reasonable administrative, technical, and organizational safeguards designed to protect account data, publishing data, connection material, support records, billing metadata, and operational systems. Security controls are selected based on the sensitivity of the data, the role of the system, and the risks created by marketplace integrations, sync jobs, browser extension flows, mobile apps, and cloud infrastructure.
Data minimization
TrackingInk is designed to collect and retain the minimum data needed to operate the product. We do not ask for or store your Amazon, Apple, or Google marketplace password. We avoid collecting personal documents, marketplace messages, banking instructions, payout settings, two-factor codes, recovery answers, or tax forms unless a user deliberately submits something through support.
Authentication and account access
TrackingInk uses authenticated sessions, account-scoped API access, authorization checks, and token controls so users access only their own account data. Tokens, refresh sessions, and sign-in events may be logged or stored in limited form so we can operate authentication, detect abuse, support logout, and troubleshoot account access.
Marketplace connection security
Some integrations require encrypted cookies, tokens, signed sync plans, extension sessions, or similar connection material. TrackingInk uses that material only for supported sync, import, reconnect, troubleshooting, and fraud-prevention flows. Connection material is not displayed back to users in the dashboard and should never be shared through screenshots, support messages, or public channels.
Encryption and secrets
TrackingInk uses encrypted transport for traffic between apps, browsers, APIs, and cloud systems. Sensitive connection material and stored publishing data are protected using access controls and encryption at rest where appropriate. Production secrets, encryption keys, and provider credentials are managed through restricted operational controls rather than being hard-coded into public client code.
Operational safeguards
Sync and import systems use safeguards such as cooldowns, rate limits, deduplication, status polling, signed plans, connection health checks, reauthorization flags, public error messages, retry controls, and background job monitoring. These controls reduce repeated unsafe actions and help surface when a user needs to reconnect instead of silently retrying forever.
Monitoring and logs
TrackingInk may collect logs, diagnostics, metrics, sync status, failed-job records, extension health, API events, security events, and support context to operate the service, investigate errors, prevent abuse, and improve reliability. Logs are intended for operational use and may be redacted, summarized, rotated, or deleted according to retention needs.
Incident response
If TrackingInk becomes aware of a security incident affecting user data, we will investigate, contain, and remediate the issue using reasonable incident-response procedures. When legally required or appropriate based on the risk, we may notify affected users, service providers, regulators, or other parties.
User responsibilities
You are responsible for protecting your devices, email account, app store account, marketplace accounts, passwords, two-factor authentication, browser profiles, extension installations, and authorized users. Do not send passwords, two-factor codes, recovery answers, raw cookies, access tokens, private keys, or sensitive screenshots through support or public channels.
Vulnerability reporting
Security concerns should be reported through the support page with the subject Security or by email to security@trackingink.com. Include the affected URL or feature, steps to reproduce, timestamps, screenshots or logs if safe, and your contact information. Do not access another user's data, disrupt the service, run destructive tests, exfiltrate data, or publicly disclose a vulnerability before TrackingInk has had a reasonable chance to investigate.
No perfect security
No online service, cloud system, browser extension, marketplace integration, mobile app, or sync pipeline can be guaranteed perfectly secure. TrackingInk works to reduce risk, but security also depends on user devices, third-party marketplaces, app stores, browsers, networks, payment providers, cloud providers, and user account practices.
Last updated: June 1, 2026.