GDPR & Consent Mode v2 Compliant

GDPR Compliance & Consent Mode v2

Trackful works for businesses everywhere, with European-grade privacy built in: your data is hosted in Europe, compliant with GDPR and Google's Consent Mode v2.

Data in Switzerland

Infomaniak Swiss hosting

Consent Mode v2

Native integration

AES-256 Encryption

Secure data

GDPR Ready

Full documentation

Our European commitment

As a solution built by a French team, we understand the strict requirements of the European market regarding data protection.

Swiss Hosting

All your data is stored on Infomaniak servers in Switzerland. Maximum protection with Swiss data law (nFADP).

GDPR Compliant

Our architecture is designed from the ground up to comply with GDPR: data minimization, right to erasure, portability.

Swiss LPD Compliant

Our solution also complies with the new Swiss Data Protection Act (nLPD) that came into effect in 2023.

French Support

Our team speaks French and understands the specifics of the European French-speaking market.

Built-in Consent Mode v2

Since March 2024, Google requires Consent Mode v2 to use Enhanced Conversions features. Trackful integrates it natively.

The 4 consent signals

ad_storage

Allows storage of advertising cookies

analytics_storage

Allows storage of analytics cookies

ad_user_dataRequired for Enhanced Conversions

Allows sending user data to Google for targeting

ad_personalization

Allows ad personalization (remarketing)

Compatible with all CMPs

CookiebotDidomiAxeptioIubendaOneTrustTrustCommanderSirdata

Data security

๐Ÿ”

AES-256-GCM Encryption

All sensitive data is encrypted at rest with AES-256-GCM, the standard used by banks.

hash

SHA-256 Hashing

Emails and phones are hashed with SHA-256 before being sent to the ad platforms (Google, Meta, GA4, TikTok, Pinterest, Snapchat). Impossible to recover original data.

trash

No Raw PII Storage

We never store emails, phones or addresses in plain text. Only hashes are kept.

clock

Configurable Retention

Set data retention duration according to your internal policies and customer requirements.

refresh

Right to Erasure

Data can be deleted at any time via our API or on request.

Eco-friendly Infrastructure

Our servers are hosted by Infomaniak in Switzerland, which offsets 200% of its CO2 emissions.

200% CO2 offset

200% carbon offset on all activities

Infomaniak

Servers powered by renewable energy

ISO 14001

ISO 14001 environmental certification

Learn more

How it works

1

Consent Capture

Your CMP (Cookiebot, Axeptio, etc.) captures user consent and transmits it to Trackful via the dataLayer.

2

Conditional Processing

Trackful checks consent signals. If ad_user_data is denied, only click IDs are sent (no PII).

3

Secure Transmission

Data is hashed server-side then sent to the ad platforms via their official APIs.

4

Modeling

Even without full consent, Google can model conversions using Consent Mode's cookieless pings.

GDPR FAQ

Is Trackful GDPR compliant?
Yes. Trackful is designed to be 100% GDPR compliant. Data is hosted in Europe, encrypted, and we never store raw PII.
Where is my data stored?
All data is stored with Infomaniak in Switzerland. Switzerland has an EU adequacy decision, ensuring GDPR-equivalent protection.
What happens if a user refuses cookies?
Trackful respects user choice. If ad_user_data is denied, we only send click IDs (gclid, fbclid) without any personal data.
How to handle deletion requests?
You can delete user data via our API or by contacting us. Deletion is effective within 72h.
Do you have a DPA (Data Processing Agreement)?
Yes, a DPA is available upon request for all Business and Enterprise customers. Contact us to get it.
Is Consent Mode v2 mandatory?
Since March 2024, Consent Mode v2 is required to use Google Ads Enhanced Conversions in the EEA. Without it, you lose access to these features.

Ready to track with full compliance?

Join hundreds of Shopify stores that trust Trackful for accurate and GDPR-compliant tracking.