LEGAL

Cookie Policy

Cookie Policy

Cookie Policy

Effective date: 8 July 2026 · Last updated: 8 July 2026

SUMMARY

NexusMedia Denis Werbicki , a sole proprietorship (jednoosobowa działalność gospodarcza) registered in Poland, doing business as “TrackYourApp”.

ul. Dziatwy 18B/32, 03-109 Warsaw, Poland · EU VAT / NIP: PL5242901092

Effective date: 8 July 2026

Last updated: 8 July 2026

Each numbered section below opens with an “In plain terms” box. Those boxes are plain-language summaries for convenience only — the numbered text is what is legally binding.

1. Introduction

In plain terms. This policy explains how we use cookies and similar technologies on our marketing site (trackyourapp.dev, built on Framer) and in the App (app.trackyourapp.dev). Some are needed to make the Service work; others we only use if you agree.

This Cookie Policy explains how NexusMedia Denis Werbicki, doing business as “TrackYourApp” (“ TrackYourApp ”, “ we ”, “ us ”, or the “ Provider ”) uses cookies, local storage, and similar technologies on our marketing website at https://trackyourapp.dev (the “ Marketing Site ”, which is built and hosted on Framer) and our web application at https://app.trackyourapp.dev (the “ App ”). The Marketing Site and the App form part of the “ Service ” as that term is defined in our Terms of Service and Privacy Policy . This Cookie Policy addresses only the cookies and similar technologies set on the Marketing Site and the App; other delivery surfaces of the Service (such as the self-hostable dashboard, the HTTP API, and the MCP endpoint) do not set browser cookies and are outside the scope of this policy.

This Cookie Policy should be read together with our Privacy Policy , which describes how we process personal data more generally, and forms part of the framework alongside our Terms of Service and Data Processing Agreement . Where this Cookie Policy uses capitalised terms that are not defined here (for example “Service”, “User”, “Account Data”, or “Sub-processor”), those terms have the meaning given to them in the Terms of Service and Privacy Policy.

1.1 Who is responsible (controller)

For the personal data processed through the first-party cookies and similar technologies we set on the Marketing Site and the App, the controller is NexusMedia Denis Werbicki (d/b/a TrackYourApp), ul. Dziatwy 18B/32, 03-109 Warsaw, Poland. Strictly necessary cookies rely on the ePrivacy “strictly necessary” exemption and do not require consent; any resulting processing of personal data relies on our legitimate interests in operating and securing the Service and/or on the performance of our contract with you, as detailed in the Privacy Policy . Non-essential cookies are set on the basis of your consent (see Section 2). The Privacy Policy also sets out the full legal bases, retention periods, your data-subject rights, and how to lodge a complaint with a supervisory authority (in Poland, the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, “UODO”), ul. Stawki 2, 00-193 Warsaw).

1.2 What cookies and similar technologies are

A “ cookie ” is a small text file that a website or application stores on your device (computer, tablet, or phone) when you visit it. Cookies are widely used to make websites and applications work, to make them work more efficiently, and to provide information to the operator of the site. In this policy, references to “cookies” also include the following related technologies, which perform comparable functions:

• Local storage and session storage — browser storage mechanisms that let a site keep information on your device (for example interface preferences or session state) without using a traditional cookie.

• Pixels, tags, and beacons — tiny elements embedded in pages or emails that can register that a page or message was accessed.

• Software development kits (SDKs) and similar identifiers — code and identifiers used to recognise a device or session.

1.3 First-party and third-party cookies

Cookies set by the domain you are visiting (trackyourapp.dev or app.trackyourapp.dev) are “ first-party cookies ”. Cookies set by another domain — such as a service provider whose technology is used on the Service — are “ third-party cookies ”. Cookies may be “ session ” cookies, which are deleted when you close your browser, or “ persistent ” cookies, which remain on your device until they expire or are deleted.

1.4 Scope

This Cookie Policy applies to the Marketing Site and the App. It does not apply to any third-party website, application, or service that you may reach through a link on the Service (for example Shopify, Google, or Paddle), each of which has its own cookie and privacy practices that we do not control.

2. Consent and legal basis

In plain terms. Cookies that are strictly necessary to run the Service are always on — they don’t need your permission. We only set non-essential cookies (preferences, analytics, marketing) after you opt in through our cookie banner, and you can change your mind at any time. In the EU/UK/Switzerland the banner is the way to accept or decline — browser signals are not how you decline there. We don’t sell or share your data or use advertising cookies. On the Marketing Site, Framer (our website platform) may set some of its own cookies.

2.1 Prior consent for non-essential cookies

In line with the EU General Data Protection Regulation (GDPR) and the ePrivacy rules, we set non-essential cookies (that is, all cookies other than strictly necessary ones — see Section 3) only after you have given your prior, specific, informed, and freely given consent through our cookie banner or preference centre. Until you make a choice, non-essential cookies are not activated, and you are able to decline them as easily as you can accept them. Because consent has a finite validity, we will re-request your consent at least every 12 months and whenever the cookies we use materially change, so that you are periodically asked to renew or update your choices.

2.2 Strictly necessary cookies do not require consent

Strictly necessary cookies — those without which the Service cannot function or without which a service you have expressly requested cannot be provided — do not require your consent and cannot be switched off through our banner. They are used only to operate the Service (for example to keep you signed in, to maintain your session, and to protect against cross-site request forgery). See the strictly-necessary table in Section 3.1.

2.3 Withdrawing consent

You can withdraw your consent at any time , and withdrawing consent is as easy as giving it. You may do so by reopening the cookie banner or preference centre (see Section 4), or by clearing or blocking cookies through your browser settings. Withdrawing consent does not affect the lawfulness of any processing carried out before you withdrew it. After you withdraw consent, we will stop setting the affected non-essential cookies, although cookies already stored on your device may remain until they expire or you delete them.

2.4 How to accept or decline in the EEA, UK, and Switzerland

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the legally operative way to accept or decline non-essential cookies is our cookie banner or preference centre — not a browser setting. Automated browser signals such as “Do Not Track” (DNT) are not, under the GDPR and the ePrivacy regime, a recognised or legally required mechanism for giving or withholding consent to cookies, and we do not treat them as your consent decision. To set, change, or withdraw your cookie choices in these regions, please use the banner or preference centre described in Section 4.

2.5 U.S. state privacy laws and opt-out preference signals

For visitors covered by U.S. state privacy laws — including the California Consumer Privacy Act as amended by the CPRA and the comprehensive privacy laws of Colorado, Connecticut, Texas, and other states — the Global Privacy Control (GPC) is a browser or extension signal that those laws recognise as a valid method of opting out of any “sale” or “sharing” of personal information and of targeted advertising. Where such a law applies to a visitor, we honour the GPC signal as a valid opt-out request. Because we do not sell or share personal information, do not use it for cross-context behavioural advertising, and do not set advertising cookies (see Section 3.4 and our Privacy Policy ), a GPC signal has no adverse effect to override in relation to the cookies we set — but we recognise it as a matter of course. The legacy “Do Not Track” (DNT) browser header is not currently a standardised, legally recognised opt-out mechanism, and we do not treat it as an opt-out request. Residents of California and other U.S. states with comprehensive privacy laws also have rights to know/access, delete, and correct personal information, and to opt out of sale, sharing, and targeted advertising; we do not discriminate against consumers for exercising these rights. These rights and the request mechanism are set out in our Privacy Policy .

2.6 Canada (PIPEDA and Quebec Law 25)

For users in Canada, we obtain meaningful consent for non-essential cookies consistent with the Personal Information Protection and Electronic Documents Act (PIPEDA). For residents of Quebec, and consistent with Quebec’s Law 25, any technology used to identify, locate, or profile an individual is deactivated by default and is activated only with the individual’s consent through our cookie banner. Our privacy officer can be reached at privacy@trackyourapp.dev , consistent with the designation set out in our Privacy Policy .

2.7 Cookies set by Framer on the Marketing Site

The Marketing Site is built and served through Framer. Framer, as our website platform provider, may set its own strictly necessary cookies to deliver and secure the site (for example for load balancing and content delivery). These are described in Section 3.1 and Section 5.

3. Categories of cookies we use

In plain terms. We group cookies into four categories: strictly necessary (always on), preferences, analytics/performance, and marketing. The tables below list the cookies we know about. Vendor-specific details set by third parties can change; we review and update this policy periodically so it stays accurate.

The tables below describe the cookies and similar technologies in each category. Cookie names, providers, and durations set by third parties can change without notice on their side; we review and update this policy periodically (see Section 6).

3.1 Strictly necessary cookies

These cookies are essential to operate the Service, keep you signed in, and protect the Service’s security and integrity. They do not require consent and cannot be disabled through our banner. Blocking them in your browser may cause parts of the Service — in particular the App — to stop working.

Strictly necessary cookies

• laravel_session — TrackYourApp (App, first-party) — Maintains your session state in the App so that pages and actions are tied to your visit. Essential for the App to function. — Session (default 120 minutes) — Strictly necessary (HTTP cookie)

• XSRF-TOKEN — TrackYourApp (App, first-party) — Stores a cross-site request forgery (CSRF) token used to verify that requests to the App genuinely come from you. Essential security cookie. — Session (default 120 minutes) — Strictly necessary (HTTP cookie)

• Sanctum authentication cookies (e.g. trackyourapp_session / Laravel Sanctum stateful cookies) — TrackYourApp (App, first-party) — Authenticate you and keep you signed in to the App across requests using Laravel Sanctum stateful cookie authentication. Essential for sign-in and access to your account. — Session / persistent (up to the configured session lifetime) — Strictly necessary (HTTP cookie)

• Framer essential cookies (e.g. load-balancing / content-delivery cookies) — Framer (Marketing Site platform) — Deliver, route, and secure the Marketing Site (for example load balancing and content delivery). Set by Framer to operate the site. — Session / short-lived persistent — Strictly necessary (third-party, platform)

3.2 Preferences cookies

These cookies (and equivalent local-storage entries) remember choices you make so that the Service behaves the way you expect. This includes remembering your cookie-consent choice itself, so that we do not ask you again on every visit and so that a recorded opt-out is honoured on your return rather than reset on a short cycle. Non-essential preference cookies are set only after consent, except where a given entry is itself required to honour your consent or opt-out decision.

Preferences cookies

• Cookie-consent preference (e.g. tya_cookie_consent , stored as a cookie or in local storage) — TrackYourApp (first-party) — Records your cookie-consent and opt-out choices so the banner is not shown again and so we apply your preferences on future visits. — Persistent (12 months) — Preferences (necessary to honour your consent)

• Interface preferences (e.g. dashboard/UI settings stored in local storage) — TrackYourApp (App, first-party) — Remembers interface choices in the App (for example view or display settings) to improve your experience. — Persistent until cleared — Preferences (local storage)

3.3 Analytics / performance cookies

These cookies help us understand how visitors use the Marketing Site and the App so that we can measure and improve performance. They are non-essential and are set only after you consent . We use Google Analytics (provided by Google LLC) for our own visitor analytics. The Google Analytics cookies listed below are set only if and after you accept analytics cookies through our banner, and are not set if you decline or withdraw consent. We have configured Google Analytics to use these cookies for measurement only; we do not use them for advertising and we do not sell or share the data. Note that Google Analytics data accessed through a User’s connected integration is a separate matter: it relates to visitors of the User’s own App Store listing and is governed by the Privacy Policy and Data Processing Agreement , not by cookies we set on the Service.

Analytics / performance cookies

• _ga — Google LLC (Google Analytics 4) — Distinguishes unique visitors to measure how the Marketing Site and App are used. Set only after consent. — 2 years — Analytics / performance (consent required)

• _ga_<container-id> (e.g. _ga_XXXXXXXXXX ) — Google LLC (Google Analytics 4) — Persists the Google Analytics 4 session and campaign state for your visit. Set only after consent. — 2 years — Analytics / performance (consent required)

3.4 Marketing cookies

Marketing cookies are used to build a profile of your interests and show you targeted advertising, or to measure advertising campaigns, often across sites. We do not use marketing or advertising cookies. We do not sell personal information and we do not share personal information for cross-context behavioural advertising. If this ever changes, we will update this policy and obtain your prior consent before setting any marketing cookie.

Marketing cookies

• None. We do not use marketing or advertising cookies.

4. Managing your cookies

In plain terms. You control non-essential cookies through our cookie banner or preference centre, and you can also block or delete cookies in your browser. Strictly necessary cookies keep the Service working, so blocking them may break parts of it. You can also opt out directly with certain third parties.

4.1 Our cookie banner and preference centre

When you first visit the Service, our cookie banner lets you accept or decline non-essential cookies by category. In the EEA, the UK, and Switzerland this banner or preference centre is the operative way to accept or decline non-essential cookies (see Section 2.4). You can reopen the banner or preference centre at any time to review and change your choices, or to withdraw consent (see Section 2.3). Your choice is stored as described in Section 3.2 so that we can apply it on your return.

4.2 Browser settings

Most browsers let you view, delete, and block cookies, and to clear local storage, through their settings. Because these controls differ by browser, please refer to your browser’s help pages — for example Google Chrome, Mozilla Firefox, Apple Safari, or Microsoft Edge. Note that if you block strictly necessary cookies, the App may not function correctly (for example you may be unable to sign in or stay signed in). Browser-level “Do Not Track” settings are not treated as a consent or opt-out decision for cookies in the EEA, UK, or Switzerland — to decline non-essential cookies in those regions, use our banner or preference centre. Where U.S. state privacy laws apply, a Global Privacy Control signal is honoured as described in Section 2.5.

4.3 Third-party opt-outs and links

Where third-party cookies are used with your consent, you can also exercise controls directly with the relevant provider. Useful resources include:

• Framer — Framer’s privacy and cookie information: https://www.framer.com/legal/privacy-statement/ .

• Google (if Google Analytics is ever enabled) — Google’s cookie/analytics information and the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout .

• Paddle — Paddle’s privacy information: https://www.paddle.com/legal/privacy .

• Cross-industry opt-outs (EU/EEA) — https://www.youronlinechoices.eu/ .

Third-party links are provided for convenience; we do not control and are not responsible for those third parties’ practices.

5. Third-party cookies

In plain terms. A few third parties may set cookies in connection with the Service: Framer (our website platform), Google (Google Analytics, set only after you consent), and Paddle (during checkout). Each has its own privacy and cookie policy.

Certain features of the Service rely on third parties who may set their own cookies. These providers act as independent controllers of the cookies they set through their own technologies and under their own privacy and cookie policies. The main third parties relevant to cookies are:

• Framer — the platform on which the Marketing Site is built and hosted. Framer may set strictly necessary cookies to deliver and secure the site (see Section 3.1). Framer’s privacy statement: https://www.framer.com/legal/privacy-statement/ .

• Google LLC — we use Google Analytics on the Service; its cookies are set only after you consent to analytics cookies (see Section 3.3). Separately, Google OAuth and Google Analytics integrations that a User connects operate through those services and are addressed in the Privacy Policy and Data Processing Agreement . Google’s privacy policy: https://policies.google.com/privacy .

• Paddle.com Market Ltd — our Merchant of Record and payment processor. When you proceed to checkout, Paddle’s checkout may set cookies that are strictly necessary to process your payment securely and prevent fraud. These operate under Paddle’s own terms and privacy policy: https://www.paddle.com/legal/privacy .

For a full list of the providers we rely on to deliver the Service (our Sub-processors), please see the sub-processor list in our Privacy Policy and Annex III of our Data Processing Agreement .

6. Changes to this Cookie Policy; contact

In plain terms. We may update this policy from time to time. The “Last updated” date shows the current version. If you have questions, email us at privacy@trackyourapp.dev.

6.1 Changes to this Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in the cookies and similar technologies we use, in the providers we rely on, or in legal and regulatory requirements. When we make changes, we will revise the “Last updated” date at the top of this page, and, where the changes are material, we may provide additional notice (for example by re-presenting the cookie banner or notifying you within the Service). We encourage you to review this policy periodically. Your continued use of the Service after an update takes effect, together with any consent choices you make through the banner, governs our use of cookies going forward.

6.2 Contact

If you have any questions about this Cookie Policy or our use of cookies and similar technologies, please contact us at privacy@trackyourapp.dev . For the full description of your data-subject rights (including under the GDPR, U.S. state privacy laws, PIPEDA, and Quebec Law 25) and how to exercise them, and for supervisory-authority complaint information (in Poland, UODO), please see our Privacy Policy .

TrackYourApp

Full-funnel analytics for Shopify app developers.
Rankings are a means. Revenue is the metric.

© 2026 TrackYourApp

Company

TrackYourApp

Full-funnel analytics for Shopify app developers.
Rankings are a means. Revenue is the metric.

© 2026 TrackYourApp

Company

TrackYourApp

Full-funnel analytics for Shopify app developers.
Rankings are a means. Revenue is the metric.

© 2026 TrackYourApp

Company

TrackYourApp

Full-funnel analytics for Shopify app developers.
Rankings are a means. Revenue is the metric.

© 2026 TrackYourApp

Company