This policy describes what data we collect, how we use it, and the rights you have under GDPR and other privacy laws.
Trakos GmbH (“Targos”, “we”, “us”) operates the Targos Visibility OS. We act as the data controller for the personal data processed on targos.io and inside the Targos platform.
You can reach us at Roemerstrasse 101, 6103 Reith bei Seefeld, Austria. For privacy requests, email support@targos.io.
Account data – name, business email, role, password hashes, billing details.
Usage data – product interactions, feature usage, diagnostic events, crash logs.
Support & sales data – email threads, demo notes, survey responses, attachments you provide.
Integration data – data pulled from services you connect (e.g., GA4, Search Console) strictly to deliver agreed features.
Cookies & similar tech – functional cookies for authentication plus optional analytics pixels (opt-in where required).
Provide and secure the platform, authenticate users, customize workspaces.
Measure product performance, improve features, detect abuse.
Provide support, onboarding, success and billing communications.
Send product updates or marketing communications (with consent, unsubscribe anytime).
Comply with legal obligations and respond to lawful requests.
Contract performance – to deliver the services you subscribed to.
Legitimate interest – to keep services secure, prevent fraud, understand usage.
Consent – for marketing emails, non-essential cookies, and when required for optional integrations.
Legal obligation – to maintain accounting records or respond to authorities.
Account data is retained while you use Targos and deleted or anonymized within 90 days after termination unless law requires longer storage.
Log data is retained for up to 12 months for security and auditing.
Support conversations and contractual records are stored for the duration of the relationship plus statutory retention periods.
Infrastructure operated by Vercel hosts the web application; workloads run in EU (primarily Frankfurt) regions.
Customer data is stored in Supabase (PostgreSQL) located in Frankfurt, Germany.
Autumn handles billing profiles, subscription management and entitlements.
Stripe processes payments and may store payor information as the merchant of record.
Additional subprocessors (support tooling, email providers) only receive data necessary to deliver the contracted functionality.
We never sell personal data. We only share with subprocessors needed to provide the service or when legally required.
Where processors operate outside the EEA/UK, we use EU Standard Contractual Clauses and additional safeguards.
Access, rectification, deletion, restriction, portability, objection and withdrawal of consent.
Submit requests via support@targos.io. We respond within 30 days.
You can lodge complaints with the Austrian Data Protection Authority or your local supervisory authority.
Encryption in transit and at rest, role-based access controls, audit logging, least-privilege policies and regular testing.
We may update this notice to reflect product or regulatory changes. We will notify users of significant updates.