TrakSolv.ai
Start Free Trial

Legal

Data Processing Agreement

Last updated May 17, 2026

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between TrakSolv.ai (“TrakSolv”, “Processor”) and the customer (“Customer”, “Controller”) and governs the processing of personal data that TrakSolv carries out on the Customer’s behalf when delivering the Services.

1. Roles of the Parties

With respect to end-user data flowing through the Customer’s sGTM container and related Services, the Customer is the Controller and TrakSolv is the Processor. Each party will comply with the data-protection laws applicable to it, including the GDPR, UK GDPR, CCPA/CPRA, and the Saudi PDPL where relevant.

2. Processing on Documented Instructions

TrakSolv will process personal data only to provide the Services and on the Customer’s documented instructions, including the instructions contained in the Terms, this DPA, and the Customer’s configuration of its container and power-ups. TrakSolv will inform the Customer if, in its opinion, an instruction infringes applicable law.

3. Confidentiality

TrakSolv ensures that personnel authorised to process personal data are bound by appropriate confidentiality obligations.

4. Security Measures

TrakSolv implements the technical and organisational measures described in Annex 2 to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

5. Sub-Processors

The Customer authorises TrakSolv to engage the sub-processors listed in Annex 3 and to add or replace sub-processors with reasonable prior notice. TrakSolv imposes data-protection obligations on each sub-processor that are no less protective than this DPA and remains responsible for their performance.

6. Assistance to the Controller

Taking into account the nature of the processing, TrakSolv will assist the Customer with reasonable measures to fulfil data-subject requests and to meet the Customer’s obligations regarding security, breach notification, data-protection impact assessments, and consultation with supervisory authorities.

7. Personal Data Breach

TrakSolv will notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer data, and will provide information reasonably available to help the Customer meet its own notification obligations.

8. International Transfers

Where processing involves a transfer of personal data outside the EEA, UK, or another regulated region, the parties will rely on a valid transfer mechanism, such as the EU Standard Contractual Clauses, which are incorporated by reference where applicable.

9. Audits

On reasonable written request and no more than once per year (or as required by a supervisory authority), TrakSolv will make available information necessary to demonstrate compliance with this DPA and allow for reasonable audits, subject to confidentiality and to minimising disruption to the Services.

10. Return and Deletion

On termination of the Services, TrakSolv will, at the Customer’s choice, delete or return Customer personal data and delete existing copies, unless retention is required by law. Customer containers and associated request logs are decommissioned according to TrakSolv’s standard retention schedule after termination.

11. Liability

Each party’s liability under this DPA is subject to the limitations of liability set out in the Terms of Service.

Annex 1 — Details of Processing

  • Subject matter — provision of hosted server-side tracking infrastructure and implementation services.
  • Duration — for the term of the Customer’s subscription and any agreed retention period.
  • Nature and purpose — receiving, processing, and forwarding website event and conversion data to advertising and analytics platforms as configured by the Customer.
  • Categories of data subjects — visitors and customers of the Customer’s websites.
  • Categories of personal data — online identifiers and cookies, device and browser data, IP address, page and event data, and, depending on the Customer’s configuration, contact details and order data (which may be hashed before transmission).

Annex 2 — Security Measures

  • encryption of data in transit (HTTPS/TLS);
  • network isolation between customer containers and least-privilege access controls;
  • hashed credentials and authenticated API access;
  • optional PII hashing and IP anonymisation power-ups configurable by the Customer;
  • monitoring, logging, and regular backups of platform data;
  • vulnerability management and restricted, audited administrative access.

Annex 3 — Sub-Processors

  • Stripe — payment and subscription processing.
  • Resend — transactional email delivery.
  • Hosting provider (Hostinger) — infrastructure hosting of the platform and customer containers.
  • Google — server-side tagging container image used to run sGTM.

Contact

To raise a data-protection matter or request a counter-signed copy of this DPA, contact arif@traksolv.ai.

WhatsApp