Privacy Policy
Effective date: June 1, 2026
This Privacy Policy explains how RavenTracker collects, uses, shares, and protects information when you visit raventracker.com or use our Services. It applies to subscribers, prospective subscribers, and other visitors. We do not sell your personal information.
1. Information We Collect
We collect only the information we need to operate RavenTracker, deliver your subscription, and keep the Services secure. The categories of information we collect are described below.
Account information. When you sign in with Google or request a magic login link, we receive your email address. If you sign in with Google, we also receive your name and profile picture from Google so we can display your account inside RavenTracker.
Subscription and payment metadata. When you subscribe, our payment processor, Stripe, Inc., collects and processes your payment details directly. We do not see or store your full card number, CVC, or bank credentials. We receive a limited set of metadata from Stripe, including a customer identifier, subscription identifier, subscription status, current period end date, and billing email.
Usage data. We log information about your interactions with the Services, including the Instagram usernames you look up, search timestamps, weekly search counts, IP address, user-agent string, referring URL, and basic device information. This data lets us deliver the Services, enforce rate limits, prevent abuse, and improve performance.
Support communications. If you email support@raventracker.com or otherwise contact us, we keep a copy of the message and our reply so we can follow up and improve our support.
2. How Information Is Used
We use the information described above only for the following purposes:
- to provide, maintain, and deliver the Services, including authenticating you, displaying your account, and returning search results;
- to process subscriptions, renewals, refunds (where applicable), and tax obligations through Stripe;
- to enforce weekly search limits, detect and prevent fraud, abuse, scraping, and other violations of our Terms of Use;
- to communicate with you about your account, subscription, security alerts, and operationally important changes to the Services;
- to monitor and improve the performance, reliability, and quality of the Services;
- to comply with legal obligations, respond to lawful requests, and enforce our agreements.
3. Stripe Payment Processing
All payments are processed by Stripe, Inc. Stripe is a PCI-DSS Level 1 certified payment processor. When you enter payment details, they are sent directly to Stripe over an encrypted connection and are stored and processed by Stripe in accordance with its own privacy policy and security practices.
We share with Stripe the limited information necessary to create a customer record, charge your payment method, and reconcile your subscription, including your email address, country, and a billing reference. We receive back from Stripe the metadata described in the previous section. We do not receive, store, or have access to your full card number.
Stripe's processing of your payment information is governed by Stripe's Privacy Policy, available at https://stripe.com/privacy. We encourage you to review it before subscribing.
4. Analytics and Cookies
We use a small number of cookies and similar technologies that are strictly necessary to operate the Services. These include a signed session cookie ("rt_session") that keeps you logged in after you click a magic link or complete a Stripe checkout, and a Google sign-in session cookie issued through NextAuth.js when you choose Google as your authentication method.
We also collect aggregated, server-side usage logs for analytics and abuse prevention. These logs include event timestamps, request IP address, user-agent, and high-level interaction metadata. We do not currently use third-party advertising cookies, cross-site tracking pixels, or behavioral retargeting tools. If that changes, we will update this Privacy Policy and, where required, request your consent in advance.
You can control cookies through your browser settings. Blocking strictly necessary cookies will prevent you from staying signed in.
5. Data Retention
We keep your information only for as long as we need it for the purposes described in this Privacy Policy, or for as long as we are legally required to do so. In practice, this means:
- subscriber records (email, Stripe customer reference, subscription status) are retained for the life of your account and for a reasonable period afterward to support refunds, chargebacks, accounting, and audit obligations;
- magic-link tokens are stored only as a one-way hash and are invalidated after first use or after 15 minutes, whichever comes first;
- session cookies expire automatically (typically within 30 days);
- usage logs are retained for a limited period appropriate to operational, security, and analytical needs, and then purged or aggregated;
- payment records held by Stripe are retained according to Stripe's own retention policy and the financial-record-keeping obligations of the jurisdictions in which Stripe operates.
6. Security
We take reasonable and appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, and destruction. These measures include TLS encryption in transit, signed authentication cookies, hashed magic-link tokens, scoped service credentials, environment-isolated infrastructure, and access controls limiting who can view production data.
No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. If we become aware of a security incident that materially affects your personal information, we will notify you in accordance with applicable law.
7. International Users
RavenTracker is operated from the United States. If you access the Services from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States and in other countries where we or our service providers maintain facilities.
Where required by applicable law (including, where relevant, the EU and UK General Data Protection Regulations, the Brazilian Lei Geral de Proteção de Dados, and similar laws), we rely on lawful transfer mechanisms — such as Standard Contractual Clauses and, where appropriate, your informed consent — to move your data to the United States. By using the Services, you consent to the transfer of your information to the United States and to the use of service providers (including Stripe) located there.
8. User Rights
Depending on where you live, you may have certain rights regarding your personal information, including the right to access, correct, delete, restrict processing of, or port your information, and the right to object to certain types of processing. Residents of the European Economic Area, the United Kingdom, Brazil, California, and other jurisdictions with comparable laws may have additional rights, such as the right to lodge a complaint with a supervisory authority and the right to opt out of the sale or sharing of personal information.
We do not sell personal information, and we do not share it for cross-context behavioral advertising. To exercise any of your rights, contact us at support@raventracker.com from the email address on file. We will verify your request before acting on it and may ask for additional information to confirm your identity.
9. Contact Information
If you have questions about this Privacy Policy, want to exercise a privacy right, or need to file a complaint, please contact us at support@raventracker.com.
RavenTracker — raventracker.com — support@raventracker.com
Questions about this document? Contact us at support@raventracker.com.
Return to the Legal hub.