Privacy Policy

Last updated: June 18, 2026

WGRD Technologies BV (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use the trackmint website and the trackmint browser extension (“the Service”).

We process personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

1. Identity of the data controller

For the purposes of the GDPR, the Data Controller is:

WGRD Technologies BV
Keurenplein 4
1069CD Amsterdam, Netherlands
Email: privacy@trackmint.io

2. Information we collect

To provide our analytics functionality, we collect the following types of information in the following ways:

2A. Data collected via the browser extension

When you use the trackmint browser extension, it processes the following information locally in your browser in order to display tracking activity to you in real time. This information is used only for that purpose and is not transmitted to our servers.

You can use the extension’s inspection features without creating a trackmint account. If you choose to sign in (for example, to join the waitlist for upcoming features), the authentication data described in section 2B applies.

• Network Activity: The extension intercepts and displays network requests sent towards analytics providers (such as Google Analytics, Snowplow, etc.). This is done to help you debug and verify the tracking implementation on a website. This processing happens locally in your browser and the intercepted requests are not sent to our servers.
• Web History and Tab Data: The extension accesses information about your active browser tab (URL, page title) and page content in order to display the tracking events firing on that page. This information is processed locally and is not sent to our servers.
• Screenshots: During general usage of the browser extension, screenshots are taken and displayed to you in real time within the extension to provide additional visual context alongside each captured analytics event. This feature is optional and can be turned off in the extension settings. These screenshots are not sent to our servers and remain only on your device.

2B. Data collected via the website

When you visit our website or register for an account:

• Authentication Data: We collect your email address, name, and OAuth profile data to manage your account and secure your login. If you choose to sign in with Google, your login is processed by Google under its own privacy policy, and we receive your email address and basic profile information from Google in order to create or match your account.
• Communications: By creating an account, you will receive service-related emails necessary for the operation of your account, such as account notifications and security alerts. These cannot be opted out of. With your consent, we may also send you non-essential communications such as product updates, feature announcements, and tips. You can opt out of these at any time using the unsubscribe link included in each email or through your account settings.

2C. Usage data (extension and website)

• Extension usage data: For users that opt in, we use Google Analytics to collect aggregated usage data on the browser extension to improve the product. This data is only collected while the extension’s side panel is open and includes general usage patterns such as which features are used and the domains of websites being debugged. This data collection is entirely optional and can be disabled in the extension settings.
• Website usage data: On our website, we use Google Analytics and PostHog to collect standard usage data such as pages visited, referral sources, and browser type to improve the user experience. These analytics cookies can be managed through the cookie consent banner on our website.

All usage data is processed by third-party providers acting as data processors in accordance with their respective privacy policies and our Data Processing Agreements with them.

3. Permissions for the browser extension

To enable the extension’s core functionality, we request the following permissions. These are strictly used for the purposes described below:

• activeTab: Grants temporary access to the currently active tab when you interact with the extension, used for live inspection of the active tab and, if enabled, optional local screenshots.
• <all_urls> and webRequest: Required to observe network requests on the website you are inspecting, so tracking events can be detected regardless of the domain.
• tabs: Used to read the URL and state of the active tab being inspected and, if enabled, to capture local screenshots.
• identity: Used to securely authenticate you with your trackmint account via OAuth if you choose to sign in. An account is not required to use the extension’s inspection features.
• sidePanel: Used to display the trackmint interface in the browser’s side panel.

4. Legal basis and purpose of processing

We process your personal data under the following lawful bases:

1. Consent (Art. 6(1)(a) GDPR): We rely on your consent for the following, each obtained separately:
   • Usage analytics: You consent to the optional collection of usage analytics in the browser extension and on our website when you opt in. You can withdraw this consent at any time in the extension settings or via the website cookie banner.
   • Non-essential communications: You consent to receiving non-essential communications such as product updates and feature announcements when you opt in to these. You can withdraw this consent at any time by unsubscribing.
2. Performance of a Contract (Art. 6(1)(b) GDPR): If you create a trackmint account, we process your authentication data to provide you with your account and access to the trackmint service. An account is optional and is not required to use the extension’s inspection features.
3. Legitimate Interests (Art. 6(1)(f) GDPR): We process limited technical data to ensure the security and stability of our platform.

5. Data sharing and no sale of personal data

We do not sell, rent, or trade your personal information or web history to third parties.

We only share your data with trusted third-party service providers (Data Processors) acting on our behalf to operate our business (e.g., cloud hosting providers, analytics providers). These processors are bound by data processing agreements to keep your data secure.

Chrome Web Store limited use disclosure

The trackmint Chrome extension’s use and transfer to any other app of information received from Google APIs or Chrome browser permissions will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements. Your data is collected solely to provide the core functionality of the extension and is not used for unrelated purposes.

6. International data transfers

We primarily store and process your personal data within the European Union. Our hosting infrastructure is provided by Microsoft Azure in an EU region.

Some of the third-party providers we use to operate the Service, in particular our analytics providers, process certain personal data outside the European Economic Area (EEA), including in the United States. Where personal data is transferred outside the EEA, we ensure it benefits from an adequate level of data protection by relying on one or more of the following safeguards under Chapter V of the GDPR:

• Adequacy decisions: decisions of the European Commission under Article 45 GDPR recognizing that a country or framework outside the EEA offers an adequate level of data protection. This includes transfers to U.S. providers certified under the EU-U.S. Data Privacy Framework.
• Standard contractual clauses: contractual clauses approved by the European Commission under Article 46 GDPR, which we rely on for transfers to providers in countries without an adequacy decision, or as an additional safeguard alongside DPF certification.

These transfers are additionally protected by technical measures applied by the providers concerned, such as encryption of data in transit and at rest.

A current list of our sub-processors, including the country in which each processes data and the transfer mechanism relied on, is available on our sub-processors page.

7. Data retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected.

• Account Data: Retained for as long as your account is active. If you delete your account, your data will be retained for 30 days in a deactivated state before being permanently removed from our servers. During this period, you may contact us to restore your account. After 30 days, all data is permanently and irreversibly deleted.
• Usage Data: Aggregated analytics data is retained in accordance with the default retention policies of the respective analytics providers (Google Analytics and PostHog).

8. Cookies

Our website uses cookies and similar technologies to enable core functionality and to collect usage data as described in section 2C. Cookies are small text files stored on your device by your browser.

• Essential cookies: Required for the website to function (e.g., authentication, session management). These cannot be disabled.
• Analytics cookies: Set by Google Analytics and PostHog to collect aggregated usage data. You can manage or disable these cookies through the cookie consent banner on our website.

If you sign in to your trackmint account in the browser extension, the extension uses a strictly necessary cookie for authentication. If you opt in to usage analytics when prompted by the extension, an additional cookie is set for Google Analytics.

9. Data security

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or destruction. These measures include encryption of data in transit, secure storage of data at rest, and restricted access to personal data on a need-to-know basis. We continuously work to protect your data. However, be aware that no system is ever completely secure, and no method of transmission or storage can be guaranteed absolutely safe.

10. Your rights under the GDPR

Under the GDPR, you have the following rights regarding your personal data:

• Right of Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request correction of inaccurate or incomplete data.
• Right to Erasure (“Right to be Forgotten”): You have the right to request that we delete your personal data, subject to certain legal exceptions.
• Right to Restrict Processing: You can ask us to suspend the processing of your personal data.
• Right to Data Portability: You have the right to receive your data in a structured, commonly used, and machine-readable format.
• Right to Object: You can object to the processing of your data based on legitimate interests.

To exercise any of these rights, please contact us at privacy@trackmint.io. We will respond to your request within one month.

11. Right to lodge a complaint

If you believe that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection in your country of residence, place of work, or place of the alleged infringement.

12. Children’s privacy

Our Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us at privacy@trackmint.io and we will take steps to delete such information.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. We will notify you of any material changes by updating the “Last Updated” date at the top of this policy, and where required by law, obtaining your consent.

14. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: privacy@trackmint.io
Website: https://www.trackmint.io