Privacy Policy — EU-Hosted, No Trackers, GDPR

What we collect

When you create a Trackords account we store the following personal data:

Your email address — used for sign-in, password reset, and renewal reminder emails.
Your display name — shown in the workspace and in audit log entries.
A bcrypt hash of your password (cost factor 12). We never store the raw password.
The records you create (subscription names, expiry dates, vendors, identifiers, file attachments and any free-text notes you add).
Your IP address and user agent, recorded in the audit log for security events (sign-in, password change, record edits).

Analytics

Trackords uses Google Analytics 4 to count pageviews and understand which features people use. GA only loads after you click "Accept all" on the cookie banner — until then, no requests are made to Google and no analytics cookies are set. If you click "Decline", GA never loads on your device.

We send Google an anonymised IP so individual visitors cannot be located precisely.
GA sets first-party cookies (_ga, _ga_HP1YH435LB) used only to deduplicate visits — no cross-site tracking, no behavioural profile shared with other Google products.
You can change your mind at any time via the small "Cookie settings" pill in the bottom-right of every page.
We may add display advertising in the future. If we do, the cookie banner will be updated to make that clear and the same Accept / Decline choice will gate the ad scripts.

We do not use Facebook Pixel, Mixpanel, Amplitude, Hotjar, FullStory, or any session-recording or fingerprinting tools.

What we do not collect

No session recordings, no heatmaps, no fingerprinting.
No advertising trackers or remarketing cookies today. (If that changes, this page and the cookie banner are updated first.)
No payment data — Trackords is free; we never ask for a credit card.
No location data beyond the IP address used for audit logs (and even that is anonymised before it reaches Google Analytics).

Where your data lives

Trackords is hosted entirely in the European Union on Strato shared hosting. The database and uploaded files never leave the EU. We do not use third-country sub-processors (no transfers to the US, UK or elsewhere).

How it is protected

Passwords are hashed with bcrypt at cost factor 12 — slow enough that brute-force is impractical.
Every form submission carries a per-session CSRF token, verified before any state change.
File uploads are stored outside the public web root and validated by MIME type.
Every database query is scoped by your account ID — workspaces cannot leak data into each other.
Every record edit, login attempt and account change is recorded in an immutable audit log, visible only to workspace administrators.
The site is served only over HTTPS with a Let's Encrypt certificate; HTTP requests are 301-redirected.

Who can see your data

Only people you invite to your workspace can see your records. Each workspace is a separate tenant at the database level — there is no shared table.

Within Trackords itself, the operators can technically read database rows during incident debugging. We do not browse user records as a matter of course and we never share data with third parties.

How to export or delete your data

Export: click the CSV export button on the Records page to download every record in your workspace.
Delete a single record: open it and click Delete. The record and any attachments are removed; the audit log retains a "record_deleted" entry without the contents.
Delete your entire account: email info@trackords.com. Within seven business days we permanently delete your user record, every record in your workspace, every file attachment and every audit entry tied to your account. We do not retain backups of deleted data.

Email

We send three categories of email:

Transactional — verification, password reset, security alerts. You cannot opt out without deleting your account, because these are required for the service to function.
Renewal reminders — emails about records you create. You can mute these per-record by setting status to Cancelled or Archived.
Admin notifications — when a new user signs up to the platform, the Trackords team receives a short heads-up. This is for spam-monitoring only and does not contain user-submitted records.

Email is sent via Strato SMTP from info@trackords.com. We do not use a third-party mailer (no SendGrid, no Mailgun, no Resend).

Cookies

Trackords sets cookies in two situations:

Always: a session cookie named trackords_session when you sign in. It is HttpOnly, Secure, and SameSite=Lax. Expires after two hours of inactivity. Strictly necessary — no consent required under EU rules.
Only after you click "Accept all" on the cookie banner: Google Analytics first-party cookies (_ga, _ga_HP1YH435LB) to deduplicate visits. If you decline or never click the banner, GA never loads and these cookies are never set.

Your consent choice itself is stored in localStorage (not a cookie) so we can remember whether to show the banner again. Clearing your browser storage resets the choice and the banner reappears on your next visit.

Your rights under GDPR

If you are in the EU/UK, you have the right to:

Access the personal data we hold about you (we hold only what's listed above).
Correct it (use the Settings page or email us).
Have it erased (account deletion via email).
Restrict processing (set your workspace to Archived).
Lodge a complaint with your national data protection authority. In the Netherlands, that is the Autoriteit Persoonsgegevens.

Changes to this policy

If we materially change this policy we will update the page and bump the "Last reviewed" date below. We do not email customers about minor wording changes; we will only email about substantive changes that affect what we collect or who can see it.

Contact

Privacy questions, data-subject requests, or anything that does not fit a button on this site: info@trackords.com.