Privacy Policy

Welcome to PostbackFlow. We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, process, and protect your information when you use our conversion tracking software.

1. Information We Collect

To operate our tracking and routing engine, we process technical transaction parameters:

• Technical Traffic Data: IP Address, browser User-Agent string, country code (resolved via Cloudflare headers), device type, operating system, and referrer URL.
• Ad Click Identifiers: Google Click ID (gclid/wbraid/gbraid), Meta Click ID (fbclid), TikTok Click ID (ttclid), and standard UTM parameters.
• Account Information: Your name and email address provided during signup for billing and system alert purposes.

2. How We Use Data

We process data strictly to deliver our core tracking services:

• Detecting and filtering crawlers and scraper bots to protect your campaign.
• Attributing conversions from affiliate postbacks to the original advertising click.
• Forwarding conversion events to your configured ad networks (Meta CAPI, Google Ads API, TikTok Events API).

3. Data Protection & SHA-256 Hashing

Privacy is our core feature:

• One-Way Hash Protection: Any customer data received in conversions (such as emails or phone numbers) is instantly hashed using the SHA-256 algorithm before storage or transmission to third-party ad networks. We never store plaintext customer data.
• AES-256 Encryption: All sensitive credentials (ad account tokens, integration secrets) are encrypted at rest using industry-standard AES-256 encryption.

4. Retention & Deletion

Raw click logs and IP caches are automatically purged after 7 to 30 days. You can request full account deletion at any time by contacting our support team.

5. Contact Us

If you have any questions regarding this Privacy Policy, please contact us at support@postbackflow.com.