Privacy Policy

This Privacy Policy explains how IT Trackr ("we", "us", "our") collects, uses, stores, and protects personal data in connection with the IT Trackr platform and website (ittrackr.com). It is issued in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

IT Trackr acts as the data controller for personal data collected directly from you (such as your account information). For personal data you enter about your own employees or contacts (such as names used in asset assignment), you are the data controller and IT Trackr acts as a data processor on your behalf.

If you have any questions about this policy, contact us at privacy@ittrackr.com.

We collect and process the following categories of personal data:

We use your personal data only for the purposes described above. Specifically, we use it to:

• Create and manage your account
• Provide, maintain, and improve the IT Trackr service
• Process subscription payments and manage billing
• Send transactional emails (account confirmation, password reset, support replies, expiry alerts)
• Respond to support requests and enquiries
• Detect and prevent fraud, abuse, or security incidents
• Understand how visitors use our website (via Google Analytics)
• Comply with legal obligations

We do not use your data for advertising, profiling, or automated decision-making. We do not sell your data to any third party.

We share personal data only with trusted third-party service providers ("processors") who process data on our behalf and under our instructions, subject to contractual data protection obligations. These are:

• Supabase Inc. — database, authentication, and file storage. Data processed in EU AWS data centres.
• Stripe Inc. — payment processing. Subject to PCI DSS compliance.
• Resend Inc. — transactional email delivery.
• Vercel Inc. — application hosting and deployment.
• Google LLC — website analytics via Google Analytics 4. Collects anonymised usage data (pages visited, session duration, general location). Data may be processed in the United States under applicable transfer mechanisms. See Google's Privacy Policy.

We do not share personal data with any other third parties unless required to do so by law or a court order.

Some of our third-party processors are based outside the UK or EEA. Where personal data is transferred internationally, we ensure appropriate safeguards are in place in accordance with UK GDPR Article 46, including Standard Contractual Clauses (SCCs) or reliance on adequacy decisions where applicable.

Supabase stores data in EU AWS regions. Vercel and Resend may process data in the United States under applicable transfer mechanisms.

We retain personal data only for as long as necessary for the purposes set out in this policy:

• Account and asset data — retained for the duration of your account. Deleted within 30 days of account closure.
• Support ticket data — automatically deleted 30 days after the ticket is closed.
• Billing records — retained for 7 years to comply with UK financial record-keeping requirements.
• Usage and technical logs — retained for up to 90 days for security and diagnostic purposes.

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you (Subject Access Request).
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data where there is no lawful reason to continue processing it.
• Right to restriction — request that we restrict processing of your data in certain circumstances.
• Right to data portability — receive your data in a structured, machine-readable format and transfer it to another controller.
• Right to object — object to processing based on legitimate interests or direct marketing.
• Rights related to automated decision-making — we do not carry out automated decision-making or profiling.

To exercise any of these rights, contact us at privacy@ittrackr.com. We will respond within one calendar month.

If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns before you contact the ICO. Please contact us first at privacy@ittrackr.com.

We implement appropriate technical and organisational measures to protect personal data against accidental loss, destruction, alteration, unauthorised disclosure, or access. These include:

• TLS encryption for all data in transit
• AES-256 encryption for data at rest
• Row-level security policies at the database level
• Two-factor authentication support for user accounts
• Access controls limiting staff access to personal data
• Automatic daily database backups

See our Security page for full details.

We use essential, functional, and analytics cookies. Analytics cookies are set by Google Analytics to help us understand how visitors use our website. We do not use advertising or tracking cookies. See our Cookie Policy for full details.

IT Trackr is a business-to-business service not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately at privacy@ittrackr.com.

We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email at least 14 days before they take effect. The updated policy will always be available at ittrackr.com/privacy. Continued use of the service after the effective date constitutes acceptance of the updated policy.

For any questions, requests, or concerns regarding this Privacy Policy or your personal data:

IT Trackr — Data Controller
Email: privacy@ittrackr.com
Contact form: ittrackr.com/contact