← Back

Privacy Policy

Last Updated: December 3, 2025

At RedTrack, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our GPS tracking service ("Service"). Please read this privacy policy carefully.

            Your Rights Under GDPR: As a user in the European Economic Area (EEA), you have specific rights regarding your personal data, including the right to access, rectify, erase, restrict processing, data portability, and object to processing. See Section 9 for details.
        

1. Information We Collect

1.1 Personal Information You Provide

Account Information: Name, email address, password (encrypted)
Payment Information: Processed securely by Stripe (we do not store credit card details)
Device Information: Device names, unique identifiers (IMEI), and configurations
Communications: When you contact support or communicate with us

1.2 Information Collected Automatically

Location Data: GPS coordinates, timestamps, speed, altitude from your tracking devices
Usage Data: Login times, IP addresses, browser type, device type
Geofence Data: Custom boundaries and alerts you create
Session Data: Authentication tokens and session information

1.3 Information from Third Parties

Payment Processor (Stripe): Payment confirmation, subscription status
Email Service Provider: Email delivery status

2. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

Data Type	Legal Basis
Account & Contact Info	Contract Performance - necessary to provide the service
Location Data	Contract Performance & Consent - core service functionality
Payment Information	Contract Performance - necessary for billing
Marketing Communications	Consent - you can opt-out anytime
Security & Fraud Prevention	Legitimate Interest - protecting our service and users

3. How We Use Your Information

We use your information to:

Provide Service: Display location data, manage devices, send notifications
Process Payments: Handle subscriptions and billing through Stripe
Account Management: Authentication, password resets, account settings
Communications: Service updates, payment receipts, security alerts
Improve Service: Analytics, bug fixes, feature development
Security: Detect fraud, prevent abuse, ensure service security
Compliance: Meet legal obligations and respond to legal requests

4. Data Retention

Active Accounts

Account Information: Retained while your account is active
Location History: Last 365 days retained and accessible; older data may be archived or deleted
Device Configurations: Retained while devices are active
Subscription History: Retained for legal/tax requirements (7 years)

Deleted Accounts

Immediate Deletion: Account, devices, location data deleted within 24 hours
Billing Records: Retained for 7 years per tax law requirements
Backups: Purged from automated backups within 30 days

Logs and Audit Trails

Login History: 90 days
Admin Actions: 365 days
Email Logs: 90 days

5. Data Sharing and Disclosure

5.1 We Share Data With:

Stripe: Payment processing (PCI-DSS compliant)
Email Service Providers: Transactional emails only
Cloud Infrastructure: Hosting and storage providers

5.2 We Do NOT:

Sell your personal data to third parties
Share location data with advertisers
Use your data for unrelated marketing purposes

5.3 Legal Disclosure

We may disclose your information if required by law, court order, or governmental regulation, or to protect our rights, property, or safety.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the EU Commission
Adequacy decisions by the EU Commission
Data Processing Agreements with all processors

7. Security Measures

We implement industry-standard security measures to protect your data:

Encryption: TLS/SSL encryption for all data in transit
Password Security: Bcrypt hashing with salt
Access Controls: Role-based access, admin audit logs
Infrastructure: Secure cloud hosting with regular security updates
Monitoring: 24/7 security monitoring and threat detection
Backups: Regular encrypted backups

8. Cookies and Tracking

We use essential cookies for:

Authentication: Session management and login state
Security: CSRF protection and fraud prevention
Preferences: User settings and interface preferences

We do NOT use:

Advertising cookies
Third-party analytics (Google Analytics, Facebook Pixel, etc.)
Cross-site tracking

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

9.1 Right to Access (Article 15)

You can request a copy of all your personal data. Use our Data Export tool to download your data in JSON, CSV, or GPX format.

9.2 Right to Rectification (Article 16)

You can update your personal information through your account settings at any time.

9.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your account and all associated data. Visit Delete Account to permanently remove all your data.

9.4 Right to Restrict Processing (Article 18)

You can request restriction of processing while we verify disputed data or assess your objection to processing.

9.5 Right to Data Portability (Article 20)

You can receive your data in a structured, machine-readable format (JSON, CSV, GPX) via our export tool.

9.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

9.7 Rights Related to Automated Decision-Making (Article 22)

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

9.8 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: privacy@redtrack.uk
Use the automated tools linked above for access and erasure

We will respond to your request within 30 days. If your request is complex, we may extend this by an additional 60 days and will notify you.

10. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours (GDPR Article 33)
Notify affected users without undue delay (GDPR Article 34)
Provide details of the breach, potential consequences, and mitigation measures

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the new Privacy Policy on this page
Updating the "Last Updated" date
Sending an email notification for significant changes

13. Contact Information

If you have questions about this Privacy Policy or our data practices, contact us:

Data Controller: RedTrack

Email: privacy@redtrack.uk

Support: support@redtrack.uk

Website: https://track.redtrack.uk

14. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with applicable data protection laws.

For UK residents: Information Commissioner's Office (ICO)

For EU residents: European Data Protection Board - Find your local authority

← Back to RedTrack