Traffly Traffly

Privacy Policy

Last updated: January 2026

Traffly ("we", "our", or "us") is a service provided by SYNADEX LLC. This Privacy Policy explains how we collect, use, store, and protect information when you use the Traffly platform and related services.

This policy is designed to comply with Google API Services User Data Policy, Cloudflare API Terms, and general data protection best practices.

1. Information We Collect

1.1 Account Information

When you create an Traffly account, we may collect:

  • Email address
  • Basic account identifiers (user ID)

We do not collect passwords directly when using third-party authentication providers.

2. Google Search Console Data Usage

Traffly integrates with Google Search Console via the Google Search Console API to provide search performance analysis.

2.1 Data Accessed

With your explicit consent, we may access the following Google Search Console data:

  • Search performance metrics (impressions, clicks, CTR, average position)
  • Indexing and coverage status
  • Property-level metadata

Traffly requests the following OAuth scopes:

  • https://www.googleapis.com/auth/webmasters.readonly (to access Google Search Console data)
  • https://www.googleapis.com/auth/userinfo.email (to display which Google account is connected and help you manage the integration)

We use the Google account email only to show the connected account in the Traffly UI (e.g., "Connected as ...") and to help users distinguish integrations if they connect multiple accounts. We do not use this email for login/authentication, account creation, advertising, profiling, or linking your Google data with other services (such as Cloudflare).

This access is read-only. We do not modify your Google Search Console properties.

2.2 Purpose of Use

Google Search Console data is used exclusively to:

  • Analyze search visibility and indexing phases
  • Generate search performance insights within your Traffly dashboard
  • Help you understand trends and potential SEO issues

2.3 Data Sharing

Traffly:

  • Does not sell Google Search Console data
  • Does not share Google Search Console data with third parties
  • Does not use Google Search Console data for advertising or profiling
  • We do not use your Google Search Console data to train generalized artificial intelligence and/or machine learning models.

Google Search Console data is treated as first-party analytics data.

2.4 Data Retention and Revocation

  • OAuth access tokens (and refresh tokens, if issued) are stored in encrypted form.
  • We retain tokens and the connected Google account email only while the integration remains connected and only as necessary to provide the service (e.g., retrieving Search Console data and showing the connected account in the UI).
  • You may revoke Google Search Console access at any time via:
    • The Traffly dashboard (disconnect the integration), or
    • Your Google Account security settings.
  • When access is revoked or you disconnect the integration, we delete the stored tokens and associated integration metadata from our database, and API access stops.

3. Cloudflare API Data Usage

Traffly integrates with Cloudflare APIs to provide traffic and infrastructure-level analytics.

3.1 Data Accessed

Depending on your configuration, Traffly may access:

  • HTTP request and traffic metrics
  • Aggregated analytics at the zone or domain level

Traffly does not modify your DNS, firewall rules, or other Cloudflare resources unless you explicitly enable such functionality in the future.

3.2 API Authentication

Cloudflare access is performed using:

  • API Tokens provided by you
  • Tokens with permissions scoped according to Cloudflare best practices

Traffly never requests or stores your Cloudflare Global API Key.

3.3 Data Usage

Cloudflare data is used solely to:

  • Display traffic trends and high-level analytics
  • Correlate infrastructure signals with search performance insights

4. Domain Ownership Verification

Traffly may require domain ownership verification for certain features.

4.1 Verification Method

  • Domain ownership is verified using DNS TXT records
  • Verification tokens are unique, time-limited, and cryptographically generated

4.2 Security Measures

  • Verification tokens expire automatically
  • Tokens are stored as hashes (not plaintext)
  • DNS queries use system resolvers only (no user-supplied DNS servers)

5. Data Security

We implement technical and organizational measures to protect your data, including:

  • Encrypted storage for sensitive credentials and tokens
  • Access controls limiting internal access to authorized systems only
  • Rate limiting and abuse prevention on sensitive endpoints

6. Data Retention

  • Account-related data is retained while your account is active (or until you request deletion).
  • Integration data (including encrypted tokens and integration metadata such as the connected Google email, if stored) is retained only while the integration is connected.
  • You may request deletion of your data by contacting us.

7. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access your personal data
  • Request correction or deletion
  • Withdraw consent for integrations

You can exercise these rights through the Traffly dashboard or by contacting us.

8. Third-Party Services

Traffly integrates with third-party services including:

  • Google Search Console (Google LLC)
  • Cloudflare (Cloudflare, Inc.)

These services are governed by their own privacy policies. Traffly is not responsible for third-party data handling beyond authorized API usage.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the platform.

10. Contact Information

If you have questions about this Privacy Policy or data practices, contact:

Traffly Team
Email: support@traffly.io

Google Search Console is a trademark of Google LLC.
Cloudflare is a trademark of Cloudflare, Inc.