Privacy Policy

Trackerjacker Pro. This describes what data we handle and for how long.

What we process

Trackerjacker is a Chrome extension plus a backend that adds open tracking and PDF Fill & Sign to your Gmail. We process only what the features require:

• Account identity. Your Google account's stable id and verified email, obtained via Google OAuth, used to authenticate you and link your subscription.
• Tracked-email metadata. For emails you choose to track: subject, recipients, send time, and per-recipient open events (timestamp, coarse location, user-agent). This is metadata about your sends — not the body of your emails.
• Fill & Sign documents. When you sign a PDF, we read a copy from your Gmail, store it encrypted while you edit, and delete it (see retention). We never retain document contents.
• Billing. Your email and subscription status. Card details are handled entirely by Stripe; we never see or store them.

Retention

• Documents (Fill & Sign): stored encrypted at rest, per-user isolated, and deleted the moment you finish — typically seconds, and within 24 hours at the absolute outside via automatic sweeps and a storage lifecycle rule. No document content is ever written to our database.
• OAuth tokens: never stored server-side. Held in memory only for the duration of the single request that uses them.
• Tracking metadata: retained while your account is active so the dashboard can show your history; deletable on request.

Your rights

You can request export or deletion of your data at any time. Deleting your account removes your tracked-email and subscription records and cancels your subscription. Because documents are deleted as soon as a Fill & Sign session ends, there is no persistent document data to erase.

Sharing

We do not sell your data. We use Stripe (payments), Cloudflare (hosting, storage, database), and Google (the Gmail APIs you authorise). Each processes data only to provide its part of the service.

Contact

For any privacy request, email the address on your receipt.