Privacy Policy

• Account and profile: name, email, phone, company, role.
• Usage: features used, timestamps, audit and activity logs.
• Device/browser: IP address, user agent, approximate location from IP on web.
• Location from the mobile app: GPS when the app is active and you grant OS permission, for proof validation, routes, and geofencing.
• Operational content: delivery addresses, photos, signatures, messages between team members.
• Payment: billing details processed by Stripe; we do not store full card numbers on TrustTrack servers.

To provide and secure the Service, process payments, send transactional email and push notifications, generate reports, run anomaly and optimization features where enabled, and improve reliability. We may use aggregated or de-identified analytics to understand product usage.

We use subprocessors such as payment providers (e.g. Stripe), cloud infrastructure (e.g. Alibaba Cloud), object storage, email delivery (SMTP/transactional providers), and mobile push (e.g. Expo notification services). We do not sell personal data for advertising. Sharing is limited to operating the Service or complying with law.

Production workloads are designed for deployment in Alibaba Cloud (e.g. Jakarta) with TLS in transit and encryption at rest where supported. CDN or edge locations may cache public assets. Details belong in your security whitepaper and DPA for enterprise customers.

Active accounts: per Organization settings where available. Cancelled accounts: grace period then deletion as described in Terms and admin tools. Backups and logs may be retained for a limited window for disaster recovery and security.

Depending on jurisdiction, you may have rights to access, correct, delete, export, or object to certain processing. Contact us at the email below. Data export may be available via in-app CSV tools; broader portability may be provided on request.

Precise location is collected from the mobile app when permitted and used for operations described above. End-customers on public tracking links see delivery status as configured by your Organization — not necessarily driver identity. We do not sell raw GPS feeds to third parties.

We use cookies and local storage for sessions, preferences, and security. Optional analytics cookies, if introduced, will be disclosed in our Cookie Policy with appropriate controls.

The Service is not directed to children under 18.

Data may be processed in multiple countries where we or subprocessors operate. We use appropriate safeguards (e.g. SCCs) where required — document your actual transfer mechanisms with counsel.

We implement administrative, technical, and organizational measures including access controls, encryption in transit, logging, and patching. No method is 100% secure; report suspected issues promptly.

We may update this Policy with notice as required by law (e.g. email to Organization owners for material changes).

Privacy inquiries: privacy@trust-track.xyz