Home ·Terms of Service

Legal

Privacy Policy

Effective date: February 9, 2026

1. Who we are

FollowTracker (followtracker.io) is operated by Mathias Van Hecke, trading as Forgr (VAT BE1034814905). FollowTracker is a SaaS application that helps users track their social network connections over time by analysing CSV and JSON exports they upload themselves. We never connect to social platforms directly.

For any privacy-related questions, contact us at [email protected].

2. What data we collect

Data you provide directly

  • Name and email address (on registration)
  • Password (stored as a bcrypt hash — we never see it in plain text)
  • Google account identifier (if you sign in with Google)
  • Billing details processed by Stripe (we do not store card numbers)
  • Social network export files (CSV/JSON) you upload for analysis
  • Connection data extracted from those exports (names, profile URLs, timestamps)

Data collected automatically

  • IP address and browser/device information
  • Pages visited and feature usage patterns
  • Error reports and performance diagnostics
  • Authentication timestamps and refresh token records

3. Why we process your data

PurposeLegal basis
Creating and managing your accountContract performance
Analysing your uploaded exports and generating reportsContract performance
Processing subscription payments via StripeContract performance / Legal obligation
Sending transactional emails (verification, password reset)Contract performance
Security monitoring and abuse preventionLegitimate interest
Diagnosing errors and improving reliabilityLegitimate interest
Retaining billing recordsLegal obligation (7 years)
Usage analytics (optional, consent-based)Consent

4. Your uploaded data

The CSV and JSON files you upload, and the contact data extracted from them, belong to you. We process them solely to provide the comparison and analytics features you signed up for. We do not sell, share, or use your connection data for advertising. You can delete any upload — and all derived data — at any time from your account dashboard.

5. Third-party processors

We use the following sub-processors. Each has been assessed for adequacy or is covered by Standard Contractual Clauses (SCCs) or the EU–US Data Privacy Framework where applicable.

ProcessorPurposeLocation
HetznerHosting & databaseEU (Germany)
CloudflareDNS, CDN & DDoS protectionUS (DPF)
StripePayment processingUS (DPF + SCCs)
ResendTransactional emailUS (SCCs)
SentryError monitoringUS (SCCs)
Microsoft ClarityUsage analytics (consent only)US (DPF)

6. Data retention

  • Account data and uploads: deleted within 30 days after you delete your account
  • Billing records: retained for 7 years as required by Belgian tax law
  • Error logs: up to 90 days
  • Access logs: up to 90 days
  • Refresh tokens: expire after 7 days of inactivity and are purged on logout

7. Cookies & local storage

We use an HTTP-only cookie to store your refresh token — it is strictly necessary for keeping you logged in and cannot be used for tracking. Your JWT access token is held in memory only and is never written to localStorage. If you consent to analytics, Microsoft Clarity may set its own cookies; you can withdraw consent at any time from your account settings.

8. Your rights (GDPR)

Under the GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — delete your account and all associated data (subject to legal retention obligations)
  • Restriction — ask us to stop processing your data while a dispute is resolved
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — at any time for consent-based processing (e.g. analytics)

To exercise any of these rights, email [email protected]. We will respond within 30 days. If you are unsatisfied, you may lodge a complaint with the Belgian Data Protection Authority (dataprotectionauthority.be).

9. Children

FollowTracker is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

10. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or via an in-app notice before the changes take effect. The effective date at the top of this page always reflects the latest revision.

Questions? Email us at [email protected] — Mathias Van Hecke · Forgr · VAT BE1034814905