Start free Log in
Legal

Privacy Policy

Last updated: April 11, 2026

1. Who we are

Offline Conversions Tracking ("OCT", "we", "us", or "our") operates the website at offlineconversionstracking.com and the associated SaaS platform. We help businesses track form submissions from paid ad campaigns and export offline conversion data to ad platforms such as Google Ads, Meta Ads, TikTok Ads, and Microsoft Advertising.

For privacy enquiries, contact us at: hello@offlineconversionstracking.com

2. Data we collect and why

2a. Account data

When you create an account we collect your name, email address, and a hashed password. We use this to authenticate you and send you transactional emails (account verification, password reset).

2b. Lead data captured by the tracking script

When you install our tracking script on your website, it captures data from form submissions made by your visitors (the data subjects). OCT acts as a data processor on your behalf for this data; you remain the data controller. The data captured includes:

  • Form field values — all visible form fields except type="password" fields, which are explicitly excluded.
  • Ad click identifiersgclid, gbraid, wbraid (Google Ads); fbclid (Meta); ttclid (TikTok); msclkid (Microsoft).
  • Meta cookie valuesfbc (formatted click value) and fbp (Meta browser pixel ID, from the _fbp cookie set by Meta's pixel, if present).
  • UTM parametersutm_source, utm_medium, utm_campaign, utm_term, utm_content.
  • Page URL and referrer — the URL on which the form was submitted and the HTTP referrer.
  • Country — derived from Cloudflare's CF-IPCountry header (two-letter ISO code). We do not store the visitor's IP address.
  • Submission timestamp.

2c. Usage and technical data

We do not run third-party analytics (no Google Analytics, no Mixpanel) on the OCT dashboard or marketing site. Cloudflare may log request metadata (IP, user agent) for up to 24 hours as part of its standard infrastructure operations.

2d. Billing data

Payments are processed by our billing provider (Polar). We do not store your payment card details. We receive subscription status and plan tier from Polar to determine your access level.

3. How we use your data

  • To provide, maintain, and improve the OCT service.
  • To authenticate users and manage sessions.
  • To send transactional emails (OTP verification, export notifications, weekly digests) where enabled.
  • To generate the offline conversion CSV files you request.
  • To respond to support enquiries.

We do not sell your data. We do not use your lead data or your visitors' data for advertising or profiling purposes.

4. Where data is stored

All data is stored on Cloudflare's infrastructure:

  • Cloudflare D1 (SQLite) — accounts, project configuration, and lead records.
  • Cloudflare R2 — CSV export files (retained per your plan's data retention period).
  • Cloudflare KV — short-lived session tokens and OTP codes.

Cloudflare operates data centres globally. Your data may be stored in data centres within the EU, US, or elsewhere depending on Cloudflare routing. Cloudflare is certified under the EU-US Data Privacy Framework.

5. Cookies

OCT uses one first-party cookie:

  • sess — a session token set on login. It is HttpOnly, Secure, and SameSite=Lax. It expires after 30 days of inactivity.

We do not use advertising cookies on the OCT domain. The tracking script installed on your customers' websites may read the _fbp cookie set by Meta's pixel if it is present — we do not set this cookie ourselves.

See our Cookie Policy for full details.

6. Data retention

  • Starter plan — lead data retained for 30 days.
  • Growth plan — lead data retained for 1 year.
  • Agency plan — lead data retained indefinitely while the account is active.
  • Account data is retained until you delete your account.
  • When an account is deleted, all associated projects, leads, and export files are permanently deleted within 30 days.

7. Your rights (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your account and all associated data.
  • Restriction — request that we restrict processing in certain circumstances.
  • Portability — receive your data in a machine-readable format.
  • Object — object to processing where we rely on legitimate interests.

To exercise any of these rights, email hello@offlineconversionstracking.com. We will respond within 30 days.

For more information about our GDPR obligations, see our GDPR page.

8. Third-party sub-processors

Processor Purpose Location
Cloudflare Infrastructure (Workers, D1, R2, KV) Global (EU-US DPF certified)
Polar Billing and subscription management USA / EU
ZeptoMail (Zoho) Transactional email delivery USA / EU

9. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Passwords hashed using bcrypt before storage.
  • Session tokens are HttpOnly cookies — inaccessible to JavaScript.
  • All data in transit encrypted via TLS 1.2+.
  • API endpoints are authenticated and rate-limited.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email. Continued use of OCT after changes take effect constitutes acceptance of the revised policy.

11. Contact

For privacy questions or data requests: hello@offlineconversionstracking.com

Or visit our contact page.