TrackSure Cloud

TrackSure – Privacy-First Server-Side Analytics & Conversion API for WordPress

★★★★★

TrackSure is a privacy-friendly, server-side tracking and analytics plugin for WordPress. It combines first-party analytics and Conversion API (CAPI) into a single dashboard — track visits, WooCommerce sales, funnels, and attribution while staying GDPR/CCPA-ready.

Documentation | Support | GitHub | Get Pro

Why TrackSure?

Many advertisers lose conversion data to iOS 14+, cookie blockers, and ad blockers. TrackSure helps fix this with server-side tracking that delivers more complete conversion reporting to improve ROAS and get visibility into customer touchpoints.

🚀 Key Features

For Advertisers (Meta, Google, TikTok, Pinterest): – Server-Side Tracking (CAPI): Helps bypass some client-side restrictions with direct server-to-server tracking. – Improve ROAS Reporting: Feed ad platforms more complete data to help optimize campaigns. – Event Deduplication: Combines browser and server events. – Supported Platforms: Meta (Facebook/Instagram) CAPI, Google Analytics 4 Measurement Protocol, TikTok Events API (Pro), Pinterest API (Pro).

For Everyone (Complete Analytics): – First-Party Analytics: Own your data. Stored securely in your WordPress database. – Traffic Source Detection: Automatic tracking for organic search, social media, email, and referrals. – Visitor Journeys: See touchpoints from first visit to final conversion. – Content Performance: Track which posts and pages drive engagement.

eCommerce & Attribution: – Auto-Tracking: Works with WooCommerce, Easy Digital Downloads, FluentCart, and SureCart. – Revenue Attribution: See which blog post, ad, or email contributed to sales. – Funnel Analysis: Visualize checkout flows.

Privacy & Compliance: – GDPR/CCPA Ready: Built-in consent manager integration (Cookiebot, CookieYes, OneTrust). – Cookieless Option: Track without cookies using localStorage. – Data Ownership: No data sent to third parties unless you explicitly enable ad platforms.

⚡ Why Choose TrackSure?

TrackSure vs. Pixel-Only Plugins: Pixel-only systems may lose data to browser blockers. TrackSure uses server-side tracking to help capture more events, so your ad platforms receive more complete data for optimization.

TrackSure vs. Google Analytics: TrackSure is first-party software—your data stays on your server, so you retain control over it.

🔌 Integrations

• eCommerce: WooCommerce, Easy Digital Downloads, FluentCart, SureCart, MemberPress (Pro).
• Forms: Contact Form 7, Gravity Forms, WPForms, Fluent Forms, Elementor Forms.
• Builders: Elementor, Divi, Beaver Builder, Gutenberg (Block Editor).
• Ads: Meta (Facebook/Instagram), Google Ads, TikTok, Pinterest, LinkedIn, Snapchat, Microsoft Ads.

Who Can Benefit From TrackSure?

TrackSure works for ANY WordPress website:

✅ eCommerce stores (WooCommerce, EDD, FluentCart, SureCart) ✅ Blogs and content publishers ✅ Business and corporate websites ✅ Lead generation and service sites ✅ Membership and course platforms (Pro) ✅ Marketing agencies managing client sites ✅ Portfolio and creative sites ✅ Non-profit and donation sites (Pro) ✅ Booking and appointment sites (Pro) ✅ Anyone who wants privacy-friendly analytics

🚀 Getting Started

1. Install TrackSure Cloud from the plugin directory.
2. Activate and visit TrackSure → Settings.
3. Configure your tracking and privacy preferences.
4. (Optional) Add Meta Pixel ID or GA4 Measurement ID for server-side syncing.
5. View analytics instantly in your dashboard.

Data Retention: – Raw events: 90 days (configurable) – Aggregated metrics: Forever (no personally identifiable information)

External Data Sharing: TrackSure only sends data to Meta, Google, TikTok, or other platforms if you explicitly enable them and provide API credentials. You control what data is shared.

External services

This plugin connects to external third-party services to provide its functionality. Below is a complete list of all external services used, when they are called, what data is transmitted, and links to their terms of service and privacy policies.

When You Enable Meta Pixel / Conversion API:

• Service: Meta (Facebook) Graph API
• Purpose: Send conversion events (purchases, add-to-cart, page views) to Facebook for ad optimization
• What data is sent: Event name, timestamp, hashed user email/phone (if available), product SKU, revenue, IP address, user agent, pixel ID
• When it’s sent: Automatically when a tracked event occurs (product view, purchase, etc.) and Meta destination is enabled in settings
• Service provider: Meta Platforms, Inc.
• Terms of Service: https://www.facebook.com/legal/terms
• Privacy Policy: https://www.facebook.com/privacy/policy
• Data Processing Agreement: https://www.facebook.com/legal/terms/dataprocessing

When You Enable Google Analytics 4:

• Service: Google Analytics 4 Measurement Protocol
• Purpose: Send analytics events to Google Analytics for website traffic analysis
• What data is sent: Event name, page URL, referrer, session ID, client ID, IP address, user agent, device information
• When it’s sent: Automatically when page views or custom events occur and GA4 destination is enabled in settings
• Service provider: Google LLC
• Terms of Service: https://marketingplatform.google.com/about/analytics/terms/us/
• Privacy Policy: https://policies.google.com/privacy

When Loading Google Tag Manager Script (If Enabled):

• Service: Google Tag Manager CDN
• Purpose: Load gtag.js library for browser-side Google Analytics tracking
• What data is sent: Standard HTTP request data (IP address, user agent, referrer) when loading the script
• When it’s sent: On every page load when GA4 browser tracking is enabled
• Service provider: Google LLC
• Script URL: https://www.googletagmanager.com/gtag/js
• Terms of Service: https://marketingplatform.google.com/about/analytics/terms/us/
• Privacy Policy: https://policies.google.com/privacy

When Loading Facebook Pixel Script (If Enabled):

• Service: Facebook Connect CDN
• Purpose: Load fbevents.js library for browser-side Facebook Pixel tracking
• What data is sent: Standard HTTP request data (IP address, user agent, referrer) when loading the script
• When it’s sent: On every page load when Meta Pixel browser tracking is enabled
• Service provider: Meta Platforms, Inc.
• Script URL: https://connect.facebook.net/en_US/fbevents.js
• Terms of Service: https://www.facebook.com/legal/terms
• Privacy Policy: https://www.facebook.com/privacy/policy

Cloudflare IP Detection (Always Active):

• Service: Cloudflare IP Ranges API
• Purpose: Fetch current list of Cloudflare proxy IP addresses to accurately detect real visitor IPs behind Cloudflare CDN. A bundled static list is included as fallback.
• What data is sent: Standard HTTP request headers only (no user data transmitted)
• When it’s sent: Once per day (cached for 24 hours) to refresh the Cloudflare IP list. The plugin includes a bundled fallback list and works without this request.
• Service provider: Cloudflare, Inc.
• API URLs: https://www.cloudflare.com/ips-v4 and https://www.cloudflare.com/ips-v6
• Terms of Service: https://www.cloudflare.com/website-terms/
• Privacy Policy: https://www.cloudflare.com/privacypolicy/

IP Geolocation (When Tracking Is Enabled):

• Service: ipapi.co (primary), ip-api.com (secondary fallback), WordPress.com Geo API (tertiary fallback)
• Purpose: Determine the country, region, and city of visitors based on their IP address for geographic analytics reporting
• What data is sent: The visitor’s IP address is sent to one of the geolocation providers. No other user data is transmitted.
• When it’s sent: When a new visitor session is recorded and the IP has not been looked up recently. Results are cached for 24 hours per IP.
• Service providers and policies:
  • ipapi.co (primary) – https://ipapi.co/privacy/ and https://ipapi.co/terms/
  • ip-api.com (fallback) – https://ip-api.com/docs/legal
  • WordPress.com Geo API (fallback) – https://automattic.com/privacy/ and https://wordpress.com/tos/

Important Notes:

• No automatic data sharing: TrackSure does NOT send any data to third-party services unless you explicitly enable and configure them in TrackSure Settings → Destinations.
• Consent-aware: If you use a cookie consent plugin (Cookiebot, CookieYes, etc.), TrackSure will respect user consent choices and only fire pixels after consent is granted.
• First-party analytics: TrackSure’s core analytics features store all data in your WordPress database. No external services are used for analytics unless you enable Google Analytics 4 or other destinations.
• You control the data: You choose which platforms to enable, what events to track, and what user data to include (emails, phones, etc.).

For more information about data privacy and compliance, see the Privacy & GDPR Compliance section below.

Source Code & Build Instructions

The admin interface is built with React 18 and TypeScript, compiled with Webpack 5. The compiled files in admin/dist/ are generated from the source code in admin/src/.

Full source code is available on GitHub: https://github.com/tracksure-cloud/tracksure

To build from source:

1. Navigate to the admin/ directory
2. Run npm install to install dependencies
3. Run npm run build for a production build, or npm run dev for development mode with watch

Build tools used:

• Node.js (v18+)
• npm
• Webpack 5 (config: admin/webpack.config.js)
• TypeScript 5 (config: admin/tsconfig.json)
• ts-loader for TypeScript compilation

Key source directories:

• admin/src/ — React/TypeScript source code (pages, components, contexts, hooks)
• admin/dist/ — Compiled production JavaScript (generated by Webpack)
• assets/js/ — Frontend tracking scripts (non-compiled, human-readable)
• includes/ — PHP backend (non-compiled, human-readable)

Privacy Policy

TrackSure stores the following data in your WordPress database:

Tracking Data (90-day retention): – Page URLs visited – Referrer URLs – UTM campaign parameters – Device type (desktop/mobile/tablet) – Browser and OS information (user agent) – IP address (can be anonymized) – Session duration and engagement metrics

For E-commerce (if using WooCommerce/FluentCart/EDD/SureCart): – Product views – Cart actions – Order completion (order ID, total, items) – Customer email and phone (hashed when sent to Meta/GA4)

External Data Sharing (Optional):

TrackSure is privacy-first by default. All tracking is disabled upon installation until you explicitly enable it.

Note on Privacy Settings: – Tracking Disabled by Default: No data is collected or processed until you manually enable tracking in Settings. – IP Anonymization: Default is false to ensure accurate location reporting for regions where anonymization is not legally required. Since tracking is opt-in, no IP addresses are processed until you enable the plugin. You can toggle “Anonymize IP” in Settings > Privacy at any time.

Supported Third-Party Services:

TrackSure connects to the following services only when you enable them and provide API credentials.

1. Meta (Facebook/Instagram) – Available in Free & Pro – Method: Server-to-Server via Meta Graph API (CAPI) – Data Sent: Event data (PageView, ViewContent, AddToCart, Checkout, Purchase), Hashed user data (email, phone, IP, User Agent) – Purpose: Ad optimization and attribution

2. Google Analytics 4 (GA4) – Available in Free & Pro – Method: Server-to-Server via Measurement Protocol – Data Sent: Event parameters, Client ID, User Agent, IP – Purpose: Analytics reporting

3. Pro-Only Integrations (Add-ons) – Google Ads: Sends offline conversion adjustments via Google Ads API. – TikTok: Sends web events via TikTok Events API. – Pinterest: Sends conversion events via Pinterest API. – Snapchat: Sends conversion events via Snapchat Conversions API. – Microsoft Ads: Sends offline conversions via Microsoft Ads API. – LinkedIn: Sends conversion events via LinkedIn CAPI.

You must obtain user consent before enabling these destinations (GDPR/CCPA requirement).

Your Responsibilities:

• Disclose TrackSure’s tracking in your privacy policy
• Obtain consent before tracking (if required by law)
• Configure data retention periods appropriately
• Enable IP anonymization if required

Data Deletion:

Users can request data deletion via WordPress Privacy Tools or TrackSure Settings → Privacy.

Support

Free Support:

• Documentation
• Community Forum
• GitHub Issues

Pro Support:

• Email support with 24-hour response time
• Priority bug fixes
• Feature requests
• Implementation consulting

Get Pro Support

Trademarks & Third-Party Services

TrackSure integrates with various third-party analytics and advertising platforms. All trademarks, service marks, and company names mentioned in this plugin are the property of their respective owners.

Third-Party Platforms: – Meta, Facebook, Instagram, and Facebook Pixel are trademarks of Meta Platforms, Inc. – Google, Google Analytics, Google Ads, and GA4 are trademarks of Google LLC. – TikTok is a trademark of ByteDance Ltd. – Pinterest is a trademark of Pinterest, Inc. – Snapchat is a trademark of Snap Inc. – LinkedIn is a trademark of Microsoft Corporation. – Twitter (X) is a trademark of X Corp. – Reddit is a trademark of Reddit Inc. – Microsoft Ads is a trademark of Microsoft Corporation.

Integration Requirements: – Users must have active accounts with third-party platforms to use their respective features – API access requires platform-specific credentials and compliance with their terms of service – Data transmission follows each platform’s API specifications and privacy policies – Users are responsible for compliance with each platform’s terms of service

TrackSure is an independent plugin and is not officially affiliated with, endorsed by, or sponsored by any of the companies mentioned above. All product names, logos, brands, and trademarks are property of their respective owners.

Data Privacy: TrackSure sends conversion data to enabled platforms only with user consent. No data is transmitted to third parties unless explicitly configured by the site administrator.