Privacy and compliance

PitchTraffic identifies companies, not individuals. Our tracking script captures page views, session data, referrer, UTMs, and device class — never form inputs, keystrokes, or personal data. All identification operates at the company level using IP-to-company matching, with confidence scoring that transparently shows match reliability.

Our tracking script supports consent flags. When consent mode is enabled, no data is collected until the visitor provides consent. Workspace administrators can configure consent requirements by region, and all consent decisions are logged in an immutable audit trail.

PitchTraffic maintains workspace-level suppression lists for emails, domains, and companies. Unsubscribe links are included in all outbound emails. Suppression entries are enforced across all outreach — manual and automated — and cannot be overridden by individual users.

Workspace administrators control data retention periods. Visit event data, identification records, and audit reports can be configured for automatic deletion after a specified period. Export functionality allows data portability before deletion.

All data is encrypted in transit (TLS 1.3) and at rest. API keys are stored using envelope encryption. Role-based access control ensures team members only access data appropriate to their role. All sensitive operations are logged in the audit trail.

PitchTraffic supports region-aware configuration for GDPR, CCPA, and other frameworks. Workspace settings allow administrators to configure data processing rules based on visitor geography, including automatic consent requirements and data retention limits.