Privacy Policy

1. What data we collect

We may collect the following categories of personal data:

A) Data you provide to us

• Account data: name, email address, password (stored as a secure hash), organisation details.
• Contact/support data: information you submit via contact forms, support requests, or email.
• Billing data: billing contact details, company details, VAT number (if provided). Card details are handled by our payment provider (we do not store full card numbers).

B) Data we collect automatically

• Usage data: pages/screens used, features used, timestamps, approximate location (from IP), device/browser information.
• Technical and security logs: IP address, login events, audit trails, error logs and security events.
• Cookies / similar technologies: session cookies, preference cookies, and other storage/access technologies used by the website or Service (see section 9).

C) Data from third parties

• Payment and subscription events from our billing provider (e.g., subscription active/cancelled, invoice status).
• Email delivery events from our email delivery provider (e.g., delivered/bounced; if enabled, opens/clicks).

2. How we use your data

We use personal data to:

• provide and operate the Service (create accounts, authenticate users, deliver features);
• process payments and manage subscriptions (invoicing, renewals, fraud prevention);
• communicate with you (service emails, support responses, account notices);
• improve the Service (debugging, analytics, feature development);
• secure the Service (monitoring, detecting abuse, preventing unauthorised access); and
• marketing (optional): newsletters and product updates where you opt in, with the ability to unsubscribe at any time.

3. Lawful bases (UK GDPR)

We rely on the following lawful bases, as appropriate:

• Contract: to provide the Service you sign up for (account, subscription, support).
• Legitimate interests: to operate, improve, secure and promote the Service in a proportionate way.
• Consent: for marketing emails and (where required) certain cookies/tracking technologies.
• Legal obligation: for tax/accounting, fraud prevention, and compliance with lawful requests.

4. Who we share data with

We share personal data only as needed with:

• Payment processing and billing providers (e.g., Stripe) to collect payments and manage subscriptions.
• Email delivery providers (e.g., Resend) to send transactional emails (password resets, receipts, notifications).
• Hosting and infrastructure providers (servers, storage, monitoring).
• Professional advisers (accountants, auditors, legal advisers) where necessary.
• Authorities where we are legally required to disclose information.

We do not sell your personal data.

5. International transfers

Our servers may be located in the UK/EEA, but some suppliers may process data outside the UK/EEA. Where international transfers occur, we use appropriate safeguards such as contractual protections and transfer mechanisms recognised under UK data protection law.

6. Data retention

We keep personal data only as long as necessary:

• Account data: for the life of your account, then deleted or anonymised within [X] months unless required for legal reasons.
• Billing records: typically kept for 6 years to comply with UK tax/accounting obligations (or longer if required).
• Support messages: typically [12–24 months] after last interaction.
• Security logs: typically [30–180 days], unless needed for investigations.

You can request deletion (see section 10), but some data may be retained where legally required.

7. Security

We use reasonable technical and organisational measures designed to protect personal data, such as access controls, encryption in transit (TLS), least-privilege access, and monitoring. No system is 100% secure, but we work to protect data against unauthorised access, alteration, disclosure or loss.

8. Cookies and similar technologies

We use cookies and similar storage/access technologies for:

• essential site functionality (sessions, authentication);
• preferences;
• performance and analytics (if enabled); and
• marketing (if enabled).

Where required, we will request consent and provide a way to manage your preferences. You may also control cookies through your browser settings, though this may affect site functionality.

9. Customer Data (when you use TRACKT-iQ for your organisation)

If you upload personal data into TRACKT-iQ about other individuals (e.g., employees, contractors, customers), that information is “Customer Data”.

• You are responsible for ensuring you have the right to provide that data and for complying with your own privacy obligations.
• We process Customer Data on your behalf to provide the Service and protect its security.

A Data Processing Addendum (DPA) can be provided on request.

10. Your rights

Individuals have rights under UK GDPR, including:

• access to your personal data;
• correction of inaccurate data;
• deletion (in some circumstances);
• restriction and objection (in some circumstances);
• data portability (in some circumstances); and
• withdrawal of consent (where processing is based on consent).

To exercise your rights, email hello@artisansoftwaresolutions.com.

Complaints

If you have concerns, please contact us first so we can investigate and respond. You can also complain to the UK Information Commissioner’s Office (ICO).

11. Marketing preferences

If you opt in to marketing emails, you can unsubscribe at any time using the link in the email or by contacting us. Service/administrative emails (e.g., security notices, receipts) may still be sent as they are necessary to provide the Service.

12. Children

TRACKT-iQ is not intended for children and we do not knowingly collect personal data from children.

13. Changes to this policy

We may update this policy from time to time. If changes are significant, we’ll post an updated version and may notify account holders through the Service or by email.