Security & Compliance

Your data security is our top priority

Our Security Commitment

Trackely uses layered controls - TLS for data in transit, access control, tenant isolation, and selective application-layer protection for high-risk secrets - to reduce risk to fleet and customer data. No web application can guarantee absolute security; we focus on defensible engineering and operational discipline.

Encryption

Browser and API traffic uses TLS (HTTPS). Selected application secrets, such as MFA configuration, are encrypted at the application layer before storage. Routine operational data relies on hosting-provider volume encryption and strict access policies rather than field-by-field encryption for every column.

Authentication

Secure password hashing, session management, and optional multi-factor authentication help protect customer accounts.

Infrastructure

Trackely runs on managed cloud infrastructure with patching, backups, and separation between environments. Exact certifications depend on deployment and any signed customer agreements.

Monitoring

Error tracking, rate limiting, and operational alerts help detect abuse and reliability issues. We avoid logging raw passwords, API keys, or full customer message bodies by default.

Security Features

Multi-Tenant Isolation

Application logic enforces tenant-scoped queries and role checks. Infrastructure compromise or misconfiguration remains a separate class of risk, which we mitigate through hosting practices and reviews.

Role-Based Access Control

Granular permissions ensure users only have access to the data and features they need for their role.

Audit Logging

Audit events exist for many security-relevant actions such as sign-in, exports, and settings changes. Coverage grows over time; not every UI click is recorded.

Regular Security Updates

We regularly update systems with security patches and vulnerability fixes as part of ongoing maintenance.

Secure API Access

API keys are hashed and can be revoked. API requests are authenticated and subject to abuse controls such as rate limiting.

Data Protection

We protect data through:

  • regular automated backups with point-in-time recovery;
  • data redundancy across multiple data centers where supported by providers;
  • product and documentation designed to support UK and EU GDPR workflows;
  • deletion and return workflows subject to contract terms, backups, and legal obligations;
  • controlled use of subprocessors and service providers as described in our legal documentation.

Compliance

We align product and documentation with the following frameworks. Formal certification or legal compliance status still depends on the customer context, legal review, and any signed agreements in place:

  • UK GDPR (General Data Protection Regulation)
  • EU GDPR (General Data Protection Regulation)
  • industry best practices for data security

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly:

Email:

security@trackely.co.uk

Please include details about the vulnerability and steps to reproduce. We appreciate responsible disclosure and will respond promptly.

Questions?

If you have any questions about our security practices, contact support@trackely.co.uk.