Privacy Policy

Effective Date: May 22, 2025

Last Updated: May 22, 2025

SalesTrakkr ("we," "us," or "our"), operated by Neximus Holdings LLC DBA Spargata, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our sales analytics platform at salestrakkr.com.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Password (encrypted and hashed)
  • Account creation date
  • Subscription and billing information

Platform Connection Data

When you connect e-commerce platforms to SalesTrakkr using OAuth authentication, we collect and store:

Etsy Data

When you connect your Etsy shop, we collect transaction data through Etsy's API, including:

  • Order details (order ID, receipt ID, timestamps)
  • Transaction amounts and currency
  • Product information (listing IDs, product names, quantities)
  • Customer information (email addresses, country/location)
  • Shop information (shop ID, username)

Your Etsy OAuth access tokens and refresh tokens are encrypted using AES-256-GCM encryption and stored securely. We use read-only API scopes (transactions_r shops_r) and cannot modify your Etsy shop, listings, or orders.

Other Platform Data (Stripe, eBay, Gumroad, etc.)

Similar to Etsy, when you connect other e-commerce platforms, we collect:

  • Transaction and sales data
  • Product and order information
  • Customer details (as provided by the platform)
  • Payment and payout information

All OAuth tokens for connected platforms are encrypted and stored securely using industry-standard encryption (AES-256-GCM).

Cookies and Tracking Technologies

The following cookies may be set on your device. Analytics cookies load only after you give affirmative consent via the cookie banner, or are blocked if your browser sends a Global Privacy Control (GPC) signal.

CookiePurposeType
sb-*-auth-tokenSupabase authentication sessionFirst-party (necessary)
oauth_stateCSRF protection during OAuth flowsFirst-party (necessary)
oauth_user_idLinks OAuth callback to user sessionFirst-party (necessary)
sc_is_visitor_uniqueDetermines unique visitor countFirst-party (analytics)
is_uniqueUnique visitor trackingThird-party (analytics)
is_visitor_uniqueUnique visitor trackingThird-party (analytics)
sc_medium_sourceIdentifies traffic sourceThird-party (analytics)
__stripe_midStripe fraud prevention — machine identifierThird-party (necessary)
__stripe_sidStripe fraud prevention — session identifierThird-party (necessary)

Vercel Analytics and Speed Insights are privacy-friendly and do not set cookies. They collect anonymous usage data (page views, web vitals) without personally identifiable information. These services load only after you give consent.

Local Storage

We store the following data in your browser's localStorage:

KeyPurpose
analytics_consentStores your cookie consent choice (accepted/rejected)
analytics_consent_tsTimestamp of consent choice for 30-day expiration

Usage Information

With your consent, we collect usage information through analytics services:

  • Log data (IP address, browser type, device information)
  • Usage patterns (pages visited, features used, time spent)
  • Sync history and API call logs
  • Error logs and debugging information

How We Use Your Information

We use the information we collect to:

  • Provide our service: Display your sales data in a unified dashboard, sync transaction data, and generate analytics
  • Maintain and improve: Monitor service performance, fix bugs, and develop new features
  • Communicate: Send service updates, respond to support requests, and notify you of important changes
  • Billing: Process subscription payments and manage your account
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Compliance: Comply with legal obligations and enforce our terms

We do NOT use your platform sales data for advertising, marketing to third parties, or any purpose other than providing the SalesTrakkr service to you.

Cookie Consent

When you first visit SalesTrakkr, a consent banner appears asking whether you accept or reject analytics cookies. Your choice is stored in localStorage and remembered for 30 days, after which the banner will reappear.

  • Accept: Analytics scripts (StatCounter, Vercel Analytics, Vercel Speed Insights) load and set cookies
  • Reject: No analytics scripts load, no tracking cookies are set

You can change your choice at any time using the "Privacy Choices / Do Not Sell My Info" link in the footer of any page.

Global Privacy Control

We honor the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we automatically treat analytics as rejected without showing the consent banner. No analytics cookies will be set.

Your Rights and Choices

You have the following rights regarding your data:

Access and Portability

  • Access your data through the SalesTrakkr dashboard
  • Request a copy of your data by contacting us
  • Export your transaction data (feature coming soon)

Control Your Platform Connections

  • Disconnect any platform at any time from the Connections page
  • Disconnecting removes our access to your platform data
  • Historical synced data remains until you delete your account

Account Deletion

  • Delete your account at any time (contact support)
  • Account deletion permanently removes all your data
  • OAuth tokens are immediately revoked and deleted
  • Transaction data is permanently deleted within 30 days

Communication Preferences

  • Opt out of marketing emails (service emails still sent)
  • Manage notification settings in your account

GDPR Rights (EEA Visitors)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation:

  • Access, correct, or delete your personal data
  • Withdraw consent for analytics at any time via the cookie banner
  • Lodge a complaint with your local data protection authority
  • Object to processing based on legitimate interest
  • Request restriction of processing

To exercise these rights, contact us at privacy@salestrakkr.com.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect, use, and disclose
  • Right to request deletion of your personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@salestrakkr.com.

Data Storage and Security

Security Measures

  • Encryption at rest: All OAuth tokens are encrypted using AES-256-GCM encryption before storage
  • Encryption in transit: All data transmission uses HTTPS/TLS encryption
  • Database security: Row-level security (RLS) policies ensure data isolation between users
  • Access controls: Strict authentication and authorization mechanisms

Data Retention

  • Account data: Until you delete your account
  • Transaction data: Until you disconnect a platform or delete your account
  • Backup data: Automatically deleted after 30 days
  • Log data: Retained for 90 days for debugging and security purposes
  • Analytics data: Subject to StatCounter's retention policy

Third-Party Services

We use the following third-party services. Each has its own privacy policy:

Connected E-Commerce Platforms

When you connect third-party platforms, you are also subject to their privacy policies:

We are not responsible for the privacy practices of these third-party platforms.

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information or sales data to third parties.

We may disclose your information if required by law, such as to comply with legal process, respond to lawful requests from public authorities, protect our rights, or prevent fraud.

Children's Privacy

SalesTrakkr is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 13 (or under 16 for EEA visitors). If you believe we have collected information from a child, please contact us immediately.

International Users

SalesTrakkr is operated in the United States. If you are located outside the United States, please be aware that information we collect will be transferred to, processed, and stored in the United States. By using our service, you consent to the transfer of your information to the United States and processing in accordance with this Privacy Policy.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top and notify you via email for material changes.

Your continued use of SalesTrakkr after changes become effective constitutes acceptance of the updated Privacy Policy.

Contact Us

Neximus Holdings LLC DBA Spargata

Maryland, United States

Email: privacy@salestrakkr.com