First-party server-side tracking. Your click data lives on your domain. Your Stripe connection is read-only. No third-party trackers run inside our dashboard — ever.
How it works
Five principles, no exceptions.
Every architectural decision in TrackRev defers to these. If a feature would break one of them, we don't ship it.
🔒
Your data stays on your domain
TrackRev uses first-party, server-side tracking. When someone clicks one of your tracking links, the request hits your server first — before it redirects the visitor anywhere. Your server logs the click and sets a first-party cookie directly on your domain. No third-party tracking script runs in the visitor's browser. No data passes through an advertising network. The click record belongs to you.
Click data is stored in TrackRev's database, associated only with your workspace
No advertising network — Google, Meta, or otherwise — receives your click data
No cross-site user profiling: TrackRev only tracks visitors interacting with your specific links, not across the internet
Your tracking domain (e.g., go.yourbrand.com) is a domain you own — you control the DNS, you control the data
If you stop using TrackRev, your tracking domain redirects can be pointed elsewhere immediately
💳
Stripe: read-only, always
When you connect Stripe to TrackRev, you create a restricted API key with read-only permissions in your Stripe dashboard. TrackRev reads your charge and subscription records to match them to link clicks. That is all it can do. It cannot create charges, modify subscriptions, issue refunds, change your payout schedule, or access your Stripe balance. The connection is strictly one direction — we read, we never write.
Required permissions: `charges: read` and `subscriptions: read` — nothing else
TrackRev never stores your full Stripe secret key
You can revoke the restricted key from your Stripe dashboard at any time — TrackRev stops receiving data immediately with no action needed on our side
We recommend creating a dedicated restricted key labelled "TrackRev" so you can track and revoke it independently of your other integrations
Stripe connection is optional: TrackRev tracks link clicks without Stripe, but revenue attribution requires the read-only connection
🇪🇺
GDPR and privacy compliance
TrackRev's first-party architecture is built to be GDPR-compatible by default. Because tracking happens on your own domain using a cookie you set, the data controller relationship is clear: you are the controller, TrackRev is the processor. We do not use your customers' data for any purpose beyond providing the attribution service you have configured. We do not sell data. We do not build advertising profiles from it.
First-party cookies only — no cross-site third-party cookie dependencies
Data processing agreement (DPA) available on request: email support@trackrev.io
Cookie lifetime matches your attribution window — no indefinite tracking
Users can request deletion of their data via your own privacy policy (which should reference TrackRev as a data processor)
TrackRev does not operate an advertising network and your data is never used for ad targeting
⚡
Infrastructure and uptime
TrackRev runs on Vercel and Supabase. Link redirects are served from Vercel's global edge network — the redirect happens in under 50 milliseconds from anywhere in the world. Tracking data is written asynchronously, which means a database issue never blocks your visitor from reaching their destination. If TrackRev's analytics systems are temporarily unavailable, your links still redirect correctly.
Link redirects are infrastructure-independent: clicks redirect even during analytics maintenance windows
Vercel edge network: 99.99% redirect uptime SLA from Vercel's infrastructure
Database backups run daily via Supabase's automated backup system
For status updates: email support@trackrev.io or check Vercel and Supabase status pages directly
🚫
No third-party trackers — ever
We do not use Google Analytics, Hotjar, FullStory, or any session-recording tool on the TrackRev marketing site or inside the dashboard. We track our own marketing performance using TrackRev. This is not just a principle — it is how we keep the product honest. If we let third-party trackers run inside a privacy-first tracking tool, we would be contradicting everything we ask you to trust us with.
No Google Analytics on trackrev.io or inside the dashboard
No Meta Pixel — we run no Facebook or Instagram advertising that requires pixel tracking
No session recording or keystroke capture of any kind
No third-party chat widget that reads your conversation content
We use TrackRev's own first-party analytics to measure what works on our marketing site
Frequently asked questions
TrackRev stores click events (timestamp, referrer, device type, hashed IP address for deduplication, and the session ID used for attribution), conversion events (the Stripe charge ID matched to a session, not the full charge details), and workspace configuration (your tracking links, custom domains, and attribution settings). We do not store personal information about your end customers beyond the session ID required for attribution matching. Email addresses and payment details from Stripe are never stored in TrackRev — we only read the charge ID and amount from Stripe's API.
Questions not answered here? Email security@trackrev.io — we respond within one business day.
Track revenue without giving up control of your data.
First-party tracking, read-only Stripe access, GDPR-compliant by default.
