Privacy Policy
Last updated: February 28, 2026
Tractium is committed to protecting the fundamental rights of freedom, privacy, and the free development of the personality of its users, in compliance with the Brazilian General Data Protection Law — LGPD (Law No. 13,709/2018). This policy describes how we collect, use, store, share, and protect your personal data. Data Protection Officer (DPO): Tiago Fonseca Costa — contato@tractium.com
1. Data Controller
Tractium acts as the Controller of collected Personal Data, being responsible for defining the purposes and means of processing users' personal data under the LGPD.
2. Personal Data Collected
We collect the following personal data during registration and platform use: (a) Registration data: full name and email address; (b) Usage data: information about platform interactions, features used, and preferences; (c) Integration data: Meta Ads and Google Ads API access tokens (required for metric synchronization), ad campaign metrics (CPA, ROAS, CTR, impressions, clicks, conversions, etc.) — these do not constitute personal data of ad end-users; (d) Organization data: organization name, team members, and project settings. Important: payment data (credit card) is not collected by Tractium. Payment processing is handled entirely by Stripe. Please refer to Stripe's privacy policy for more information.
3. Purposes of Processing
We use your personal data to: (a) operate and maintain the platform; (b) display campaign metrics and reports; (c) manage your account, subscription, and permissions; (d) send relevant product communications, updates, and service notifications; (e) improve user experience and develop new features; (f) comply with legal and regulatory obligations; (g) protect platform security and prevent fraud.
4. Legal Bases for Processing
Personal data processing is based on the following grounds provided by LGPD Article 7: (a) user consent; (b) legal or regulatory obligation compliance; (c) contract execution or preliminary contract procedures; (d) regular exercise of rights in judicial, administrative, or arbitration proceedings; (e) legitimate interests of the controller; (f) credit protection. For users in the European Union, processing may also rely on GDPR legal bases including consent, contract performance, and legitimate interests.
5. Storage and International Transfer
Personal data is stored on Supabase infrastructure, which uses Amazon AWS servers. Servers may be located internationally, constituting international data transfer under the LGPD. This transfer complies with GDPR (European General Data Protection Regulation) standards and meets the requirements of LGPD Article 33 regarding adequate protection levels.
6. Data Sharing
Tractium does not sell your personal data. We may share data with: (a) Supabase and Amazon AWS: database and storage infrastructure; (b) Vercel: platform hosting; (c) Stripe: payment processing; (d) Meta and Google: integration APIs for ad data synchronization; (e) public authorities: when required by legal or judicial order; (f) contracted service providers: who assist in platform operations, always subject to confidentiality and data protection obligations.
7. Cookies
We only use first-party essential cookies for: (a) user authentication and session management; (b) preference storage (such as selected language); (c) proper platform functionality. We do not use third-party tracking cookies, behavioral analysis cookies, or advertising content personalization cookies.
8. Data Retention
Personal data will be retained for 5 (five) years after service termination, in compliance with LGPD Article 16, for legal obligation compliance and regular exercise of rights. After this period, data will be anonymized or securely deleted.
9. Data Security
We adopt technical and organizational measures to protect your personal data, including: (a) data encryption in transit (HTTPS/TLS) and at rest; (b) ad platform access tokens stored in encrypted form; (c) role-based access control (admin/member) within organizations; (d) secure authentication via Supabase Auth; (e) cloud infrastructure with regular security audits (AWS, Vercel); (f) regular data backups. We recommend users keep their browsers updated (Chrome, Firefox, or Edge) for optimal security.
10. Data Subject Rights (LGPD)
In compliance with the LGPD, you have the right to: (a) confirm the existence of data processing; (b) access your personal data; (c) correct incomplete, inaccurate, or outdated data; (d) request anonymization, blocking, or deletion of unnecessary data or data processed in non-compliance; (e) request data portability to another provider; (f) be informed about who your data is shared with; (g) be informed about the consequences of not providing consent; (h) revoke consent at any time. To exercise any of these rights, contact us at: contato@tractium.com
11. Policy Changes
Tractium reserves the right to modify this Privacy Policy at any time. Significant changes will be communicated via email or platform notification. The updated version will always be published on this page with the last modification date.
12. Contact and National Authority
For questions, requests, or complaints related to personal data, contact our Data Protection Officer (DPO): Tiago Fonseca Costa Email: contato@tractium.com You may also contact Brazil's National Data Protection Authority (ANPD): https://www.gov.br/anpd/pt-br