Our privacy position

TrafficCatch creates pseudonymous device intelligence for analytics, attribution, visitor intelligence, session replay, funnels, events, and fraud detection. It does not identify a person by name unless a customer separately provides consented first-party data.

TrafficCatch is an identity infrastructure product. That means trust is part of the product, not a legal afterthought.

The platform should be implemented responsibly. Customers should disclose TrafficCatch in their privacy policy, configure consent settings based on their jurisdiction and legal advice, apply session recording masking rules, avoid sending sensitive personal data through custom events, and set appropriate data retention periods.

What TrafficCatch may collect

TrafficCatch may collect website visit data, browser and device signals, network indicators, rendering signals, behavioral timing signals, pageviews, events, session recording metadata, and fraud indicators. These signals support pseudonymous analytics, attribution, visitor intelligence, session replay, funnels, and traffic quality analysis.

Browser and device signals: Type, version, language, timezone, screen resolution, and hardware hints.

Network and rendering: Network indicators, canvas, and font rendering used for matching.

Visit history: Pageviews, referrers, sources, UTM details, session duration, and page count.

Events and goals: Custom events, goal completions, and optional event values.

Session recording metadata: Replay metadata, click/scroll events, page navigation.

Fraud indicators: Risk signals such as suspicious browser patterns, datacenter IPs.

What TrafficCatch does not collect by default

TrafficCatch should be positioned clearly. By default, it is not designed to collect raw passwords, payment card data, private messages, clear-text personal identity, unmasked sensitive form inputs, or customer database records.

✗Raw passwords

✗Payment card data

✗Private messages

✗Clear-text personal identity

✗Unmasked sensitive form inputs

✗Customer database scraping

Customers are responsible for configuring their site, events, and masking rules so sensitive information is not sent into TrafficCatch.

Pseudonymous TCID, not named human identity

A TrafficCatch ID, or TCID, is a pseudonymous device-level profile. It is used to group anonymous visits and behavior records under one visitor journey. A TCID is not a named human identity by default.

TrafficCatch processes signals into hashed identifiers and matching signals. Hashing reduces raw data exposure, but it does not automatically remove all privacy obligations in every legal context. That is why TrafficCatch should be described as pseudonymous, not fully anonymous.

Allowed signals → server-side processing → hashed identifiers → TCID → visitor intelligence

Session recording should protect sensitive input

TrafficCatch session recording is designed to help teams review visitor behavior, but session replay must be configured carefully. Sensitive form inputs should be masked, password fields should never be recorded, and customers should define exclusion rules for sensitive pages or fields.

✓Text input masking

✓Password field exclusion

✓Sensitive field exclusion

✓Recording retention settings

✓Customer configuration rules

✓Internal access control

Session replay is powerful, but it should never become uncontrolled surveillance. The right implementation masks sensitive data, limits retention, and restricts access to authorized users.

Consent modes and customer controls

TrafficCatch should support implementation choices based on customer jurisdiction, legal advice, and use case. The safest website copy should describe these as configurable modes rather than universal legal guarantees.

Strict Mode: Advanced identity matching does not run until user consent is present.

Balanced Mode: Basic analytics and fraud signals may run, while advanced identity matching is limited until consent.

Customer-Controlled Mode: The customer configures TrafficCatch based on jurisdiction, use case, privacy policy, and legal review.

Retention and deletion workflows

Customers should be able to define how long visitor data, recordings, events, and profile associations are kept. Shorter retention can reduce privacy risk. TrafficCatch should support workflows for TCID lookup, export, deletion, and breaking identity graph associations where required.

1. Customer receives a request or searches TCID.

2. Relevant device data is reviewed or exported if required.

3. Customer triggers deletion.

4. Visits, recordings, events, and identity associations are removed or broken based on policy.

5. Audit log records the deletion action.

Customer responsibility

TrafficCatch provides the technology, but customers control their website implementation. Customers should review their legal obligations and configure TrafficCatch based on their geography, traffic sources, user consent requirements, privacy policy, and internal data governance.

✓Disclose TrafficCatch in their privacy policy

✓Update cookie and tracking banners where needed

✓Configure consent mode based on jurisdiction

✓Avoid sending sensitive personal data through custom events

✓Configure session recording masking properly

✓Set appropriate retention periods

✓Control internal access to dashboards and exports

Privacy FAQ

Is TrafficCatch anonymous tracking?

No. The safer and more accurate term is pseudonymous visitor intelligence. TrafficCatch uses TCID profiles to group activity without identifying a person by name by default.

Does TrafficCatch collect passwords?

No. Password fields should never be recorded, and sensitive inputs should be masked.

Does hashing make the data anonymous?

Not automatically in every legal context. Hashing reduces raw data exposure, but the safer legal framing is pseudonymous.

Who is responsible for privacy policy disclosure?

The customer is responsible for disclosing TrafficCatch and configuring the system based on their legal obligations.

Can data be deleted?

TrafficCatch should support TCID lookup, data export, recording deletion, event deletion, and identity association removal based on customer policy and product implementation.

Privacy-aware visitor intelligence