Privacy Policy

1. Who we are

Trackely is a logistics software platform. For questions about this policy or data protection matters, contact support@trackely.co.uk or legal@trackely.co.uk.

2. Controller and processor roles

Trackely may act as either a controller or a processor depending on the context.

• Trackely as processor: for most customer operational data such as orders, route information, driver activity, recipient details, proofs of delivery, and customer notification records that a business customer chooses to place into the platform.
• Trackely as controller: for our own account registration, billing, support, abuse prevention, security monitoring, legal compliance, and service administration data.

If you are an end customer receiving a delivery or a driver monitored by an employer, the primary controller for that operational data is usually the Trackely customer using the platform, not Trackely itself.

3. The personal information we use

Business users and admins

• name, company, email address, and contact details;
• login credentials, MFA-related data, and role/permission settings;
• billing, plan, subscription, tax, and account-administration data;
• support communications, audit logs, and account activity history.

Drivers and operational workers

• identity and contact details;
• route assignments, stop actions, checks, issue reports, and proof-of-delivery records;
• device identifiers, app usage data, and optional push-notification tokens;
• location data and movement history where the customer enables driver tracking.

Recipients and end customers

• name, delivery address, delivery notes, and contact details where supplied;
• tracking token interactions, delivery preferences, rebook choices, and customer-notification history;
• proof-of-delivery data connected to a stop or order, such as signatures, notes, photos, and timestamps.

Website visitors and prospects

• contact form submissions and sales enquiries;
• cookie preferences, session data, and site usage information;
• marketing attribution or analytics data if non-essential tools are enabled with consent.

4. Where we get personal information from

We may collect personal information:

• directly from you when you sign up, log in, request support, or contact us;
• from our customers who input operational and delivery data into Trackely;
• from integrations and imports configured by our customers, such as WMS, ERP, CSV, or API feeds;
• automatically from use of the service, devices, cookies, and security tooling.

5. Why we use personal information and our lawful bases

Depending on context, we use personal information to:

• provide access to Trackely and its core logistics functionality;
• support route planning, dispatch, tracking, proof of delivery, and issue management;
• send service, security, and operational communications;
• manage subscriptions, billing, support, and customer success;
• secure the service, investigate misuse, prevent fraud, and enforce our terms;
• comply with legal obligations, law-enforcement requests, and regulatory duties;
• improve performance, quality, and reliability through product analytics and diagnostics.

Our lawful bases may include:

• performance of a contract;
• legitimate interests, where appropriate and balanced against rights and freedoms;
• legal obligation; and
• consent, where consent is the correct basis.

Our customers are responsible for selecting and documenting their own lawful bases for personal data they control in Trackely.

6. Driver tracking and workplace monitoring

Trackely can process live or historical location information for delivery operations, ETA prediction, tracking pages, proof of service, and route management. Because worker monitoring can be intrusive, customers must make sure they use driver tracking lawfully, fairly, and transparently and complete any assessment or notice required for their employment context.

7. AI-assisted features

Some Trackely features use AI or automated analytics to generate summaries, recommendations, prioritisation, risk flags, or customer-facing content suggestions. These outputs are intended to assist users, not replace human review or legal judgment.

We do not describe these features as solely automated decision-making that produces legal or similarly significant effects on individuals in the ordinary course of service use.

8. Who we share personal information with

We may share personal information with:

• cloud hosting, database, storage, and infrastructure providers;
• identity, authentication, and security vendors;
• mapping, routing, and geolocation providers;
• email, SMS, push-notification, and other communications providers;
• payment and billing providers;
• support, monitoring, and diagnostics providers;
• integration partners chosen or configured by our customers;
• courts, regulators, advisers, insurers, or authorities where disclosure is required or appropriate by law.

We do not sell personal information. Where we act as a processor, sharing is limited to what is needed to provide the service on our customer's behalf.

9. International transfers

Some providers may process data outside the UK. Where a restricted transfer takes place, we aim to rely on an appropriate transfer mechanism such as adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum, or another lawful safeguard.

10. Retention

We keep personal information only for as long as reasonably necessary for the purpose it was collected, the customer's retention settings, our legal obligations, or to defend legal claims.

Retention periods vary by category. For example:

• account and billing records may be retained for the life of the account and relevant statutory periods;
• operational route, stop, and proof-of-delivery records may be retained for customer history and dispute handling;
• security and diagnostic logs may be retained for shorter, security-focused periods;
• backup copies may persist temporarily until overwritten on the normal backup cycle.

11. Security

We use technical and organisational measures designed to protect personal information, such as transport encryption, access control, tenant separation, audit logging, secure authentication, infrastructure protections, and operational controls. No system can be guaranteed completely secure, and customers remain responsible for secure configuration of their own accounts, users, devices, and integrations.

12. Your rights

Depending on the context and applicable law, individuals may have rights including access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making.

If Trackely acts only as a processor for the relevant information, requests should normally be directed first to the Trackely customer acting as controller. We will assist controllers where required under law or contract.

13. Cookies and similar technologies

We use necessary cookies for authentication, security, and session continuity. If we use non-essential analytics or marketing cookies, consent should be obtained where required under PECR and data protection law. More detail is available in our Cookie Policy.

14. Complaints

If you have a privacy concern, contact us first at support@trackely.co.uk or legal@trackely.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office if you believe data protection law has been breached.