How do I install JS and SST?

Add our lightweight JavaScript tracker to your site via GTM or a direct script tag. For server-side tracking (SST), use our curl-based endpoint to send events from your backend. Both take under 5 minutes to set up with our guided onboarding.

Which AI platforms do you track?

Travatar tracks AI visibility across ChatGPT, Google Gemini, Perplexity, Claude, Copilot, and Grok. We monitor how these platforms mention your brand, cite your content, and recommend your products.

How do you classify AI agents vs crawlers?

We use server-side signal analysis to distinguish between LLM crawlers (like GPTBot, ClaudeBot), AI agents performing tasks on behalf of users, regular human visitors, and bad bots. Our classification uses User-Agent fingerprinting, behavioral analysis, and known bot registries.

Can I export data to my stack?

Yes. Travatar supports data export via webhooks, API, and direct integrations. You can push event data to your data warehouse, BI tools, or custom pipelines. All data is available in standard formats.

How quickly will I see results?

AI visibility data appears within your first weekly report cycle. Traffic classification begins immediately after deploying the JS tracker or SST endpoint. Most teams see actionable insights within the first 7 days.

Back to home

Privacy Policy

We are committed to protecting your privacy

1. GENERAL INFORMATION

This Privacy Policy explains how Travatar spółka z ograniczoną odpowiedzialnością processes personal data in connection with the website available at https://travatar.ai, the Travatar platform, and related services.
For the purposes of this Privacy Policy, "Travatar", "we", "us", or "our" means Travatar spółka z ograniczoną odpowiedzialnością.
This Privacy Policy is intended to help you understand what personal data we collect, why we collect it, on what legal basis we process it, how long we retain it, with whom we share it, and what rights data subjects may have under applicable law.
You may contact us regarding privacy matters at: [email protected].
Our Services are intended for business users and are not directed to consumers or children.
Travatar has not appointed a separate Data Protection Officer unless expressly stated otherwise. For all privacy and personal data matters, please contact us at [email protected].

2. WHOSE DATA WE PROCESS

Depending on the context, we may process personal data relating to:
1. visitors to the Travatar website,
2. users registering for or using a Travatar account,
3. customer representatives, employees, contractors, and business contacts,
4. recipients of our commercial or informational communications,
5. persons contacting us through forms, email, chat, or other channels,
6. persons whose data is included in support requests, reports, logs, integrations, or connected services,
7. visitors, end users, and other traffic sources in relation to customer websites monitored through the Services,
8. users of conversational, Copilot, chat-based, assistant-based, or AI-enabled functionalities.

3. OUR ROLES UNDER DATA PROTECTION LAW

Depending on the context, Travatar may act either as a controller or as a processor.
3.1. Travatar as controller
We act as a controller where we determine the purposes and means of processing personal data, including in relation to:
- operation of our website,
- account registration and administration,
- billing and payments,
- customer relationship management,
- professional services, including onboarding, enablement, support, customer success, and account support,
- service security,
- legal compliance,
- direct marketing of our own services, where permitted,
- analytics relating to our own website, platform, and business operations,
- operation of Copilot, conversational, and chat-based features where Travatar determines the purposes and means of such processing.
3.2. Travatar as processor
We generally act as a processor when we process personal data on behalf of our customers in connection with the Services, including where customers use Travatar to:
- monitor website traffic,
- distinguish human and non-human traffic,
- identify bots or malicious automation,
- detect fraud risks,
- analyze suspicious behavior,
- identify security threats,
- generate reports, analytics, and related outputs regarding visitors to customer websites,
- use conversational or AI-enabled features in connection with customer data and customer-controlled workflows.
Where Travatar acts as a processor, the relevant customer generally remains the controller, unless applicable law provides otherwise.

4. CATEGORIES OF PERSONAL DATA WE MAY PROCESS

Depending on the context and the Services used, we may process the following categories of personal data.
4.1. Account and contact data
- first name,
- last name,
- business email address,
- phone number,
- company name,
- job title or function,
- authentication-related data,
- account identifiers,
- identifiers linked to integrations, where applicable.
4.2. Billing and transactional data
- billing address,
- company identification and tax data,
- subscription details,
- selected Plan or accepted Offer,
- payment status,
- invoice data,
- transaction metadata.
Unless otherwise expressly required for a supported billing method, we do not require users to provide full payment card details directly to Travatar. Payments may be handled by external payment providers.
4.3. Technical and device data
- IP address,
- browser type and version,
- device type,
- operating system,
- language settings,
- approximate geolocation inferred from IP where applicable,
- referrer URL,
- timestamps,
- system activity and log data,
- unique identifiers or pseudonymous identifiers.
4.4. Usage and behavioral data
- pages viewed,
- navigation events,
- session data,
- requests,
- clicks,
- time spent,
- user paths,
- referrals,
- traffic source information,
- engagement patterns,
- technical indicators related to browser and device behavior,
- data used to distinguish human and non-human traffic,
- data used to identify anomalies, suspicious behavior, malicious automation, fraud indicators, abuse patterns, or attempts to imitate human behavior,
- token usage data,
- prompt counts,
- response counts,
- conversation counts,
- usage-based consumption data,
- AI usage metrics, and
- other metrics relating to usage of AI-enabled, conversational, or usage-based Services.
4.5. Integration and API data
Where a user connects external tools or services, we may process relevant account identifiers, tokens, configuration data, metadata, campaign data, advertising account identifiers, analytics data, and other information made available through the relevant integration or API.
4.6. Communications data
- emails,
- support requests,
- sales communications,
- onboarding communications,
- Offer-related communications,
- tickets,
- support attachments,
- related metadata.
4.7. Conversational and AI interaction data
Where conversational, assistant-based, Copilot, chat-based, or AI-enabled features are made available, we may process:
- Prompts,
- chat messages,
- conversation history,
- uploaded files and attachments,
- generated Outputs,
- contextual data,
- feedback signals,
- memory items,
- saved preferences,
- conversation settings,
- token-related usage records,
- prompt and response metadata,
- conversation usage records, and
- related metadata.

5. SOURCES OF PERSONAL DATA

We may collect personal data:
- directly from the data subject,
- from the User or customer using the Services,
- through use of the Website, System, or Services,
- through cookies and similar technologies, where applicable,
- through connected integrations, APIs, or third-party services authorized by the User,
- through communications and support interactions,
- from publicly available business sources where permitted by law.

6. PURPOSES AND LEGAL BASES OF PROCESSING

We may process personal data for the following purposes.
6.1. Website and account operation
Purpose: account creation, authentication, account administration, access management, provision of the Services, onboarding, service configuration, and contract performance.
Legal basis: performance of a contract or steps taken prior to entering into a contract.
6.2. Customer support and service communications
Purpose: responding to inquiries, support requests, complaints, operational notifications, onboarding, and communications related to the Contract, Plan, Offer, or Services.
Legal basis: performance of a contract and, where applicable, our legitimate interests in handling communications, support, and customer care.
6.3. Billing, accounting, and tax compliance
Purpose: invoicing, payment processing, accounting records, tax compliance, and financial administration.
Legal basis: compliance with legal obligations and, where applicable, performance of a contract.
6.4. Service security, abuse prevention, fraud detection, and bot detection
Purpose: protecting the Website, System, Services, users, customers, and third parties against abuse, suspicious behavior, malicious traffic, fraud, unauthorized access, harmful automation, bot activity, and attempts to imitate human behavior in a deceptive, harmful, or unauthorized manner.
This may include:
- security monitoring,
- anomaly detection,
- traffic classification,
- fraud detection,
- bot detection,
- preserving logs and evidence,
- investigation of suspicious events,
- implementation of protective or preventive measures,
- response to incidents.
Legal basis: our legitimate interests and, where applicable, the legitimate interests of our customers in ensuring security, integrity, fraud prevention, and the trustworthiness of digital services and traffic quality. Where required by law, we may also process data to comply with legal obligations.
6.5. Analytics, traffic intelligence, and service improvement
Purpose: understanding usage patterns, maintaining and improving the platform, developing new functionalities, testing, troubleshooting, measuring performance, and internal analytics.
Legal basis: our legitimate interests in operating, securing, and improving the Services.
6.6. AI Visibility, GEO, and related analysis
Purpose: providing features relating to AI-driven visibility, references, citations, discoverability, comparative analysis, content gaps, traffic classification, and related recommendations where such processing forms part of the Services.
Legal basis: performance of a contract, our legitimate interests, and where applicable processing on behalf of a customer under documented instructions.
6.7. Conversational, Copilot, chat, and memory features
Purpose: providing conversational AI features, generating responses and recommendations, maintaining continuity of user interactions, storing conversation history, supporting memory or contextual features where available, improving usability, enabling personalization of responses and recommendations, ensuring security, preventing abuse, troubleshooting, support, operation of the Services, measuring service usage, administering usage-based features, applying plan-based or offer-based limits, and supporting billing, charging, or service administration where applicable.
Legal basis: performance of a contract and, where applicable, our legitimate interests in operating, securing, improving, maintaining continuity of, administering, and supporting the Services.
6.8. Direct marketing of our own services
Purpose: sending product updates, newsletters, invitations, promotional information, and other marketing communications relating to our own services.
Legal basis: our legitimate interests where permitted for existing business relationships and consent where required by law.
6.9. Establishment, exercise, or defense of legal claims
Purpose: handling disputes, protecting rights, investigating incidents, pursuing or defending claims, and documenting relevant events.
Legal basis: our legitimate interests in legal protection and risk management.

7. PROCESSING OF CUSTOMER DATA ON BEHALF OF CUSTOMERS

Where our customers use Travatar to monitor websites, analyze traffic, distinguish human and non-human traffic, detect suspicious activity, identify bots or malicious automation, prevent ad fraud, identify security threats, or generate related analytics and reports, Travatar may process personal data on behalf of those customers.
In such cases:
- the customer is generally the controller,
- Travatar acts as processor,
- the applicable rules are governed by the relevant contract, ToS, and DPA.
This may include processing technical, behavioral, session-based, and security-related signals relating to website visitors.

8. AUTOMATED ANALYSIS, CLASSIFICATION, AND PROFILING

Travatar may use automated methods, models, heuristics, scoring, rules, classification logic, and AI-enabled or other automated features to support:
- traffic quality analysis,
- distinction between human and non-human traffic,
- detection of suspicious activity, bots, fraud indicators, or abuse patterns,
- service analytics,
- recommendations,
- segmentation,
- security and operational workflows,
- conversational and Copilot features,
- prompt generation,
- brand and competitor analysis,
- AI Visibility and GEO-related analysis,
- and the generation of summaries, classifications, recommendations, and related outputs.
These processes may involve automated analysis, scoring, segmentation, classification, or profiling where personal data is used to evaluate, analyse, classify, or predict behavior, especially in the context of traffic analysis, security, fraud prevention, service personalization, recommendation features, conversational features, or other Service-related workflows.
Unless expressly stated otherwise, Travatar does not use such systems to make decisions producing legal effects concerning individuals solely on the basis of automated processing within the meaning of applicable data protection law. Automated analysis, scoring, classification, profiling, and AI-enabled outputs are generally intended for analytical, operational, support, personalization, security, fraud-prevention, or recommendation purposes.
Where the context of use does not already make this reasonably clear, Travatar may inform users that a given functionality involves AI-enabled or automated processing.
Where required by law, you may object to profiling or other processing based on legitimate interests by contacting us at [email protected].

9. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and similar technologies such as local storage, tags, pixels, SDKs, and software-based identifiers for the operation, security, performance, analytics, and improvement of the Website and Services.
These technologies may be used for:
- authentication,
- session management,
- remembering settings,
- security and abuse prevention,
- analytics,
- measuring traffic and performance,
- integrations,
- marketing, where applicable and permitted.
Some cookies and similar technologies are strictly necessary for operation or security. Other cookies, especially analytics or marketing cookies, may require consent under applicable law.
A detailed list of cookies, providers, purposes, and retention periods should be made available through the cookie consent tool or a dedicated cookie notice.
Users can manage cookie preferences through our cookie settings tool where available, and through browser settings. Disabling some cookies may affect certain features or functionality.

10. SERVER LOGS, SECURITY LOGS, AND CONVERSATION LOGS

We may collect and retain server logs, application logs, API logs, integration logs, security logs, usage logs, and conversation-related logs for purposes including:
- service operation,
- troubleshooting,
- system administration,
- performance monitoring,
- security monitoring,
- incident detection and response,
- fraud prevention,
- abuse prevention,
- evidentiary and legal protection purposes,
- support and service quality,
- continuity of conversational features.
Such logs may include:
- IP addresses,
- timestamps,
- request details,
- referrers,
- device and browser data,
- error details,
- authentication events,
- Prompt metadata,
- conversation metadata,
- Output metadata,
- other technical records reasonably necessary for operation and security.
Where necessary, logs may be used to investigate suspicious, harmful, or unlawful behavior and may be preserved longer where justified by security, fraud prevention, abuse prevention, legal obligations, or claims handling.

11. RECIPIENTS OF PERSONAL DATA

We may disclose personal data to the following categories of recipients where necessary:
- hosting and cloud infrastructure providers,
- analytics and telemetry providers,
- payment processors,
- accounting, finance, tax, legal, and consulting providers,
- customer support and CRM providers,
- email and communication providers,
- authentication providers,
- AI model, inference, or conversational technology providers,
- integration partners and API providers,
- advertising and marketing integration providers where connected by the User,
- IT, security, and operational service providers,
- subprocessors supporting delivery of the Services,
- public authorities, courts, regulators, or law enforcement bodies where required by law or reasonably necessary to protect rights, security, or the integrity of the Services.
Where third parties process data on our behalf, we require them to provide appropriate safeguards and to process data in accordance with applicable law and relevant contractual obligations.

12. INTERNATIONAL TRANSFERS

Personal data may be transferred outside the European Economic Area where necessary in connection with our service providers, subprocessors, integrations, AI providers, advertising integration providers, or technical infrastructure.
Where such transfers take place, we rely on an appropriate transfer mechanism under applicable law, such as:
- an adequacy decision, or
- standard contractual clauses and, where required, supplementary measures.

13. GOOGLE API SERVICES

Where Travatar uses or enables integrations involving Google APIs, including Google Sign-In or Google Ads-related integrations, Travatar's use and transfer of information received from Google APIs will comply with applicable Google API Services requirements, including any applicable Google API Services User Data Policy and Limited Use requirements, where such requirements apply to the relevant integration or feature.
Google API-based integrations may be used to authenticate users, connect supported Google services, retrieve authorized account or campaign information, and enable related platform functionalities within the Services.

14. META ADS DATA DELETION

Where a User connects a Meta Ads or related Meta account to Travatar, the User may request deletion of integration-related data associated with that connection in accordance with the deletion process made available by Travatar.
Information on how to request deletion of Meta integration-related data is available at: https://travatar.ai/data-deletion
Unless a longer retention period is required by law, security requirements, fraud prevention, abuse prevention, or claims handling, Travatar will process such requests in accordance with the applicable integration settings, contractual terms, and technical deletion processes.

15. ADDITIONAL THIRD-PARTY INTEGRATIONS

Travatar may access, retrieve, use, or otherwise process data from third-party integrations only to the extent such integrations have been enabled, connected, configured, authenticated, or otherwise authorized by the User, or are necessary to provide the Services requested by the User under the Contract.
Travatar may from time to time enable, support, develop, or make available integrations with additional third-party services, platforms, APIs, connectors, advertising systems, analytics providers, AI systems, collaboration tools, communication tools, workflow tools, developer tools, coding environments, machine-to-machine interfaces, protocol-based integrations, or similar external services or environments.
In connection with such integrations, Travatar may process personal data and related data made available through the relevant integration, where applicable, including account identifiers, authentication data, tokens, permissions, configuration data, metadata, logs, usage data, campaign data, analytics data, communication-related data, files, messages, prompts, outputs, and other data necessary to enable, maintain, secure, support, improve, or lawfully provide the relevant functionality within the Services. Where a particular third-party provider requires additional disclosures, notices, deletion procedures, contractual terms, or compliance statements, Travatar may make such information available in this Privacy Policy, in a dedicated integration notice, in technical documentation, within the System, or through another appropriate communication channel.

16. RETENTION PERIODS

We retain personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting, tax, security, fraud prevention, abuse prevention, evidence, support, and claims-related purposes.
Retention periods may depend on:
- the type of data,
- the type of Service used,
- the selected Plan,
- the accepted Offer,
- technical settings,
- retention settings,
- legal obligations,
- security requirements,
- complaint or claims handling,
- the current configuration of the System,
- the applicable usage model,
- usage-based charging logic,
- AI-related service configuration, and
- the commercial or technical structure of the relevant Service.
As a general rule:
- account and contract data are retained for the duration of the contractual relationship and thereafter for the period necessary to comply with legal obligations and handle claims,
- billing and tax data are retained for the period required by applicable law,
- support and communication data are retained for as long as reasonably necessary to handle the matter and related follow-up,
- security logs and related data are retained for as long as necessary for security, abuse prevention, incident handling, fraud prevention, compliance, and defense of claims,
- marketing data based on consent is retained until consent is withdrawn or no longer needed,
- data processed on behalf of customers is retained in accordance with the applicable contract, DPA, customer instructions, plan settings, accepted Offer, and technical deletion cycles,
- conversation history, Prompt logs, Outputs, memory-related data, and contextual history may be retained for as long as necessary to provide the relevant functionality, maintain continuity of the Services, ensure security, investigate abuse, comply with legal obligations, and defend claims, unless the User deletes such data where deletion functionality is made available or unless a different retention period applies under the selected Plan, accepted Offer, technical settings, or applicable law.
We do not guarantee that conversation history, memory-related data, or contextual history will remain permanently available unless expressly stated otherwise in the applicable Plan, accepted Offer, or separate written agreement.
Where personal data is processed in connection with active Services, Travatar may apply different retention periods depending on the type of data, the type of Service used, the selected Plan, the accepted Offer, technical settings, retention settings, security needs, legal obligations, fraud-prevention, abuse-prevention, claims handling, and the current configuration of the System. Certain categories of granular behavioral, session-level, event-level, tracking-related, or similar operational data may be retained only for a limited operational period and may thereafter be deleted, anonymised, aggregated, summarised, or otherwise reduced where no longer necessary for the purposes for which they were processed.
Where a User requests account deletion or erasure of personal data, terminates the Services, fails to renew a Service, remains in payment default, or otherwise ceases to use the relevant Service, Travatar may carry out deletion, return, restriction, anonymisation, aggregation, or other handling of relevant data through its standard technical and organizational deletion and offboarding processes. Verified erasure requests will be handled without undue delay, subject to applicable law, legal retention obligations, backup rotation, security requirements, fraud-prevention, abuse-prevention, claims handling, unresolved payment-related matters, technical deletion cycles, and other lawful grounds permitting or requiring continued retention.
Unless expressly stated otherwise in the applicable Plan, accepted Offer, separate written agreement, or specific retention settings, Travatar does not guarantee identical retention periods or permanent availability for all categories of personal data, customer data, conversation history, memory-related data, contextual history, logs, or outputs.

17. DATA SUBJECT RIGHTS

Where Travatar acts as controller, data subjects may have the following rights, subject to the conditions and limitations provided by law:
- right of access,
- right to rectification,
- right to erasure,
- right to restriction of processing,
- right to data portability,
- right to object, especially where processing is based on legitimate interests,
- right to withdraw consent at any time where processing is based on consent,
- right not to be subject to a decision based solely on automated processing producing legal effects, where applicable,
- right to lodge a complaint with the competent supervisory authority.
To exercise your rights, contact us at [email protected].
Where Travatar acts as processor on behalf of a customer, requests concerning visitor data or customer-controlled data may need to be addressed to the relevant customer as controller, though we may assist as required by law and contract.

18. DATA SECURITY

Travatar implements appropriate technical and organizational measures designed to protect personal data and reduce the risk of unauthorized access, disclosure, loss, destruction, alteration, or other unlawful processing.
Such measures may include, where appropriate:
- access controls,
- encryption in transit and, where appropriate, at rest,
- logging and monitoring,
- pseudonymization where appropriate,
- incident response procedures,
- secure development and infrastructure practices,
- backup and resilience measures,
- role-based access restrictions,
- contractual controls over processors and subprocessors,
- retention controls,
- security controls applicable to conversational and AI-enabled features.
In line with data protection by design and by default principles, Travatar seeks to limit access to personal data to authorized personnel and authorized subprocessors or service providers who reasonably need such access for the provision, maintenance, security, support, compliance, or lawful operation of the Services. Travatar also seeks to limit the retention and scope of personal data where no longer necessary for the relevant purposes, and may delete, anonymise, aggregate, summarise, or otherwise reduce certain categories of data in accordance with applicable law, technical requirements, and operational needs.
No method of transmission or storage can be guaranteed to be fully secure. Users should also implement appropriate safeguards on their side, including secure credentials, secure configurations, and up-to-date technical protections.

19. PERSONAL DATA BREACHES

Where required by law, Travatar will notify relevant parties of personal data breaches in accordance with applicable legal requirements.
Where Travatar acts as processor, we will notify the relevant customer without undue delay after becoming aware of a breach affecting data processed on behalf of that customer, as required by the applicable contract and law.

20. CHILDREN

Our Website and Services are not directed to children. We do not knowingly collect personal data from children in connection with our Services. If we become aware that such data has been collected inappropriately, we will take appropriate steps to delete it.

21. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time, particularly where required due to:
- changes in law,
- changes in the Services,
- changes in our processing practices,
- changes in vendor or integration structure,
- security or compliance updates,
- changes in conversational, memory-related, or AI-enabled features.
The current version of this Privacy Policy will be made available on our Website or within the System. Where required by law, we will provide additional notice.

22. CONTACT AND COMPLAINTS

If you have questions about this Privacy Policy or about how we process personal data, please contact: [email protected]
If you believe your data protection rights have been infringed, you have the right to lodge a complaint with the competent supervisory authority.
Effective date: 09.04.2026