Privacy Policy

01Who we are

Traffic One Labs is the controller responsible for personal data processed about you in connection with the Services, except where we process Customer Data on your behalf as a processor (see “Customer Data we process on your behalf”). You can reach us at hi@traffic.io.

02Personal data we collect

We collect the following categories of personal data:

• Early-access & waitlist data. When you join our early-access or waitlist flow, we collect your name, email address, and the details you choose to provide — such as your developer experience level, developer type, programming languages, and LinkedIn profile — along with a verification code sent to confirm your email.
• Account data. When you register, we collect your email address and authentication details. If you sign in with a third-party provider (such as GitHub or Google), we receive basic profile information from that provider. We may store security settings such as two-factor authentication status.
• Workspace & profile data. Information you add about yourself, your workspaces, teams, and team members, and project metadata.
• Billing data. Plan selection, billing contact details, transaction and invoice history, credits, and usage records. Payment-card details are collected and processed by our payment processor; we do not store full card numbers.
• Usage & technical data. Logs, metrics, IP address, device and browser information, API and webhook activity, resource usage (compute, memory, storage, egress), error reports, and similar diagnostic data generated when you use the Services.
• Communications. Messages you send us (for example support requests) and your preferences for product and marketing communications.
• Cookies & similar technologies. As described in our Cookie Policy.

We do not intentionally collect special categories of personal data, and we ask that you do not submit them through the Services unless strictly necessary and lawful.

03How we use personal data

We use personal data to:

• provide, operate, maintain, and secure the Services;
• create and manage your account, workspaces, and teams;
• process early-access and waitlist sign-ups and send verification messages;
• meter usage, calculate credits, bill you, and prevent fraud;
• respond to your requests and provide support;
• send service, security, and transactional messages, and — where permitted — product updates and marketing (which you can opt out of at any time);
• monitor, debug, analyze, and improve the Services and develop new features; and
• comply with legal obligations and enforce our Terms.

04Legal bases (EEA/UK)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases:

• Contract — to provide the Services you request and administer your account and billing.
• Legitimate interests — to secure, improve, and promote the Services, prevent fraud and abuse, and run our business, balanced against your rights.
• Consent — for certain marketing, non-essential cookies, and where otherwise required; you may withdraw consent at any time.
• Legal obligation — to comply with applicable law.

05Customer Data we process on your behalf

When you deploy applications or store data on Traffic One Cloud, that content (“Customer Data”) may include personal data about your own users. For that data, you are the controller and we act as your processor: we process it only to provide the Services and on your instructions, as described in our Terms and any applicable data processing agreement. You are responsible for having a lawful basis to collect that data and for honoring the rights of your end users.

06How we share personal data

We do not sell your personal data. We share it only as described here:

• Service providers (sub-processors). We share data with vendors who process it on our behalf, such as email delivery (e.g. Resend), managed database and backend providers (e.g. Supabase), cloud and edge infrastructure and content-delivery providers, identity providers (e.g. GitHub, Google), payment processors, and analytics or error-monitoring tools. They are bound to protect the data and use it only for the services they provide to us.
• Within your organization. Workspace and team administrators and members may see data associated with shared workspaces, projects, and billing.
• Legal & safety. We may disclose data to comply with law, respond to lawful requests, enforce our Terms, or protect the rights, property, and safety of Traffic One, our users, or others.
• Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, data may be transferred as part of that transaction, subject to this policy.

07International data transfers

We and our service providers may process personal data in countries other than your own, which may have different data-protection laws. Where we transfer personal data out of the EEA, UK, or other regulated regions, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum) or other lawful transfer mechanisms.

08Data retention

We retain personal data for as long as needed to provide the Services and for legitimate business or legal purposes — for example, to maintain your account, comply with tax and accounting obligations, resolve disputes, and enforce agreements. Retention periods vary by data type; for instance, log history is retained according to your plan. When data is no longer needed, we delete or anonymize it. Residual copies may persist in backups for a limited period before being overwritten.

09Security

We use technical and organizational measures designed to protect personal data, including encryption in transit, access controls, secrets management, and authentication safeguards. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. You are responsible for keeping your credentials and API keys confidential and for securing the applications you build and deploy.

10Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, or receive a portable copy of your personal data; to object to or restrict certain processing; and to withdraw consent. If you are in the EEA/UK, you may also lodge a complaint with your local data-protection authority.

If you are a California resident, you have rights under the CCPA/CPRA, including to know, access, delete, and correct personal information and to opt out of any “sale” or “sharing” of personal information (we do not sell personal information). We will not discriminate against you for exercising your rights.

To exercise any right, contact us at hi@traffic.io. We may need to verify your identity, and we will respond within the timeframes required by applicable law. If our Services were provided to you by an organization (for example, your employer or a workspace owner), please direct your request to that organization.

11Marketing communications

If you sign up for early access or otherwise opt in, we may send you product news and marketing emails. You can unsubscribe at any time using the link in those emails or by contacting us. We will still send you essential service, security, and transactional messages relating to your account.

12Children’s privacy

The Services are not directed to children under 16 (or the age of digital consent in your jurisdiction), and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will take appropriate steps to delete it.

13Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, provide additional notice. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.

14Contact us

For privacy questions or requests, contact Traffic One Labs at hi@traffic.io.