1. Who We Are
Trackpac Ltd ("Trackpac", "we", "our") provides an IoT management platform, allowing users to connect, monitor, and manage any type of IoT device through our web dashboard and connected services.
2. Data We Collect
We only collect the personal data necessary to provide and improve our IoT management services:
a. User Account Data
- • Name and email for login and account management (handled via Auth0)
- • Retention: Until you close your account
b. Contacts You Add
- • Name, phone number, and/or email if you add a contact to your account
- • Retention: Until you delete the contact or close your account
- • Purpose: Used only to send alerts or notifications you configure
c. Device Data (Telemetry)
- • Data collected from connected devices: location, temperature, movement, device identifiers, or other sensor data
- • Retention: Up to 2 years or until the device is removed from your account
3. How We Use Your Data
- •To provide and maintain the Trackpac IoT management service
- •To send alerts and notifications to you or your contacts
- •To monitor, improve, and secure our platform
✓ We do not sell your personal data
4. Legal Basis for Processing
Contractual Necessity
To provide the Trackpac service (account info, device telemetry, contacts)
Consent
Optional marketing communications (emails/SMS)
Legitimate Interest
Internal platform improvement and security monitoring
5. Sharing Your Data
We only share your data when necessary to provide our services:
Auth0
For secure authentication (handles IP addresses and login timestamps)
Cloud Provider (AWS UK/EU)
For data storage
SMS/Email Providers
- • AWS SNS/SES for sending notifications and alerts
- • Mailgun for email notifications
GDPR Compliance: All third-party providers are GDPR-compliant and handle personal data only to deliver the services requested by users. No other sharing occurs without your consent.
6. Data Retention
📊
Account Info
Retained until account closure
📞
Contacts
Retained until deletion or account closure
📱
Device Telemetry
Retained 2 years or until device removal
7. Your Rights
Under GDPR, you have the right to:
✓Access your personal data and contacts
✓Request correction of inaccurate data
✓Request deletion of your account, contacts, or device data
✓Export your data in a portable format
✓Withdraw consent for marketing communications at any time
8. Security
🔒
Encryption
All data encrypted in transit and at rest
🚪
Access Control
Restricted to authorized staff only
📊
Monitoring
Audit logs and breach monitoring
9. Data Breach
In the unlikely event of a data breach:
1.We will investigate and assess risks to individuals
2.Notify the supervisory authority within 72 hours if required
3.Inform affected users promptly
10. Changes to This Policy
We may update this policy occasionally. Changes will be posted on our website with an updated effective date.
Questions About This Policy?
If you have any questions about our privacy practices or this policy, we're here to help.
Contact Privacy Team