WinTrafficWinTraffic

Last updated

April 18, 2026

Controller

Wintraffic

Contact

hello@wintraffic.ai

Website

https://www.wintraffic.ai

Privacy Policy

This Privacy Policy explains how WinTraffic collects, uses, shares, and protects personal data when you browse our website, request a demo, communicate with our team, create an account, or use the WinTraffic service.

1. Scope

This policy covers the WinTraffic marketing website, contact and demo flows, payment flows, and the related application and service experiences we operate under the WinTraffic brand.

It applies to website visitors, prospects, customers, authorized users of customer accounts, partners, and business contacts who interact with us in connection with our business.

2. Controller and contact details

Wintraffic operates the WinTraffic service and acts as the controller for the processing described in this policy, except where we act as a processor for a customer under a separate agreement.

You can contact us about privacy matters, data rights requests, or our processing practices at hello@wintraffic.ai.

3. Personal data we may collect

The categories of data we process depend on how you interact with WinTraffic and which features you use.

  • Identity and contact data: name, email address, company, role, and information you provide when requesting a demo, contacting us, or asking for support.
  • Account and organization data: account identifiers, user roles, access status, organization or workspace details, and essential administrative history needed to operate the service.
  • Payment and billing data: transaction details, payment status, checkout session identifiers, and metadata needed to manage commercial operations. Payment card data is handled by the payment provider and is not stored by WinTraffic.
  • Service setup and customer success data: domains, URLs, company name, Search Console property details, onboarding settings, support exchanges, and configuration information needed to deliver the service.
  • Content and analytics data: pages and content you ask us to analyze, AI visibility signals, page analytics, leads, performance data, and competitor or market information you provide or the service computes for you.
  • Technical and usage data: logs, IP address, browser, device, pages viewed, timestamps, traffic source, interaction events, and security-related information.
  • Integration data: information received from third-party tools you connect, such as Google Search Console, an authentication provider, or a payment provider.

4. Sources of data

We collect data directly from you when you submit forms, schedule a demo, create an account, configure a workspace, communicate with us, or use the service.

We also collect certain data automatically when you use the website or product, and we receive certain data from third-party services you connect to the product or from public sources you ask us to analyze, such as your own website and its publicly accessible pages.

5. Why we process data and our legal bases

Depending on context, we process personal data on the basis of contract performance or pre-contractual steps, legitimate interests, consent, and compliance with legal obligations.

  • Responding to your requests, arranging demos, preparing proposals, and managing pre-contractual discussions: pre-contractual steps and legitimate interests.
  • Creating and administering your account, providing the product, managing access, running requested analyses, displaying dashboards, and operating connected integrations: performance of a contract.
  • Maintaining security, preventing abuse, logging sensitive actions, diagnosing incidents, improving stability, and maintaining the service: legitimate interests and, where needed, legal obligations.
  • Measuring audience, understanding website usage, and improving usability or performance: legitimate interests where the measurement stays appropriately limited and, where required by law, consent.
  • Sending marketing communications, newsletters, or commercial follow-ups: consent where required, otherwise legitimate interests for permitted B2B outreach.
  • Issuing invoices, retaining accounting records, managing tax obligations, and responding to lawful requests: legal obligation.

6. Cookies, trackers, and analytics

Our marketing website uses technologies needed for the website to function and a privacy-oriented analytics tool to understand website traffic and improve user experience. As of the effective date of this policy, we use Umami for website audience measurement.

We do not use the website for cross-site behavioral advertising and we do not sell personal data. If we later add cookies or trackers that require consent, we will ask for consent before placing or reading them, in accordance with applicable law.

Where local law requires it, you may object to non-essential audience measurement through the tools made available on the site or by contacting us using the details above.

7. Sharing data and service providers

We limit access to people who need the data for their work. We may share data with processors acting on our behalf or where needed to provide the service.

  • Hosting, infrastructure, and database providers.
  • Authentication and access-management providers.
  • Payment, billing, and fraud-prevention providers.
  • Analytics, monitoring, logging, and security providers.
  • Messaging, customer communication, scheduling, and support tools.
  • Providers connected at your request, such as Google Search Console.
  • Professional advisors, courts, regulators, or authorities when required by law or needed to protect our rights.

8. International data transfers

Some of our providers or infrastructure may process data outside your country, including outside the European Economic Area or the United Kingdom. When that happens, we use appropriate safeguards required by law, such as an adequacy decision or standard contractual clauses together with supplementary measures where needed.

9. Retention

We keep personal data only for as long as needed for the purposes described in this policy, and then delete, anonymize, or archive it when required by law.

  • Sales and demo request data: for the period reasonably needed to manage the relationship and for a limited follow-up period compatible with our legal obligations and commercial cycle.
  • Account and service data: for the duration of the customer relationship and then for the period needed for account closure, backups, dispute handling, and compliance.
  • Billing and accounting records: for the legally required retention periods.
  • Technical and security logs: for a period proportionate to security, incident detection, and audit needs.

10. Security

We use reasonable technical and organizational safeguards to protect data against unauthorized access, alteration, disclosure, loss, or destruction. No security measure is perfect, and you must also protect your credentials and use the service responsibly.

11. Your rights

Depending on where you live and which laws apply, you may have rights over your personal data.

To exercise your rights, contact us at hello@wintraffic.ai. We may ask for reasonable information to verify your identity and the scope of your request.

  • Access, correction, and deletion rights.
  • Restriction and objection rights, including objection to direct marketing where available by law.
  • Data portability where processing is based on consent or contract and carried out by automated means.
  • The right to withdraw consent at any time where processing is based on consent.
  • The right to lodge a complaint with your local supervisory authority; in France, the CNIL.

12. Additional notices for specific jurisdictions

If you are a California resident and the CCPA/CPRA applies to our business, you may have additional rights, including rights to know, delete, correct, and receive information about the categories of personal information collected, the purposes of use, and the categories of recipients. As of the effective date of this policy, we do not state that we sell personal information or share it for cross-context behavioral advertising.

Browser Do Not Track signals are not uniformly interpreted. Where a legally recognized signal such as Global Privacy Control applies to a right we are required to honor, we will process it as required by applicable law.

13. Children

Our website and service are intended for business and professional audiences. We do not knowingly target children or collect personal data from children in violation of applicable law.

14. Changes to this policy

We may update this policy to reflect changes to the service, our stack, our practices, or the law. The date at the top of the page shows the latest update. If we make material changes, we will take reasonable steps to notify you when required by law.

15. Contact us

If you have questions about this policy, want to exercise your rights, or want more information about our processors or transfer safeguards, contact us at hello@wintraffic.ai.