Data Security and Privacy Policy

Data and Privacy Policy

Trak will use commercially reasonable efforts consistent with, and no less rigorous than, best industry practices to ensure that appropriate facility and data security procedures and processes are in place to protect against destruction, corruption, loss or alteration of, unauthorized access to, or interference with, any of the customer’s production and other data, accounts, systems, confidential information or customer data created and generated through the use of the Trak software.

Data Storage and Isolation

Trak will not store the customer’s data on unencrypted portable media such as laptop computers, external hard drives, USB drives, or other portable devices. The customer’s data will be properly segregated from all third party data.

Data Access

Access to customer data is restricted to appropriate personnel. The appropriateness is established based on role and the principle of least privilege. Only DBAs, System Engineers and System Administrators may access production application environments containing customer data. Developers, Support personnel and Quality Assurance may require access to non-production environments containing customer data in order to ensure application performance or to troubleshoot a reported customer issue. Support access to troubleshoot data-specific issues is granted explicitly by the customer and provisioned temporarily using automated tools and mechanisms.

Data Transmission

Vulnerability Scans and Testing. Trak will perform regularly scheduled vulnerability assessments on the Trak software. Results from these assessments are internally escalated, planned, prioritized and remediated. Trak will use application and system logging processes, and these logs will be stored, protected and reviewed on a regular basis. Systems will be scanned regularly for vulnerabilities, which will be prioritized and patched according to corporate policy.

Disclosure Requests

If a third party should request that Trak disclose a customer’s data pursuant to a subpoena, summons, search warrant, court or governmental order, Trak will provide the customer with immediate notice and, to the extent permissible by law, a reasonable opportunity to oppose release of the data prior to releasing any such data. If any disclosure is finally directed by a lawful order, Trak will disclose only so much of the data as is necessary to meet the requirements thereof.

Data Location and Redundancy

By default, Trak document storage is provided on Amazon’s Simple Storage Service (S3) platform in US regions. Commitments to encryption, data security, confidentiality and availability are maintained at standards that meet or exceed those established with Trak.

Data Categories

Through The use of the Trak application data may be transferred and stored in order to provide the intended service. The following data categories apply to the types of information transferred and stored by the Trak platform.

  • Account Data – Trak requires the collection and use of account information in order to provide authentication and role based application security for the data subject. For the purposes of the application, this includes the username and a hash of the user’s password.
  • Application/Service Data – The subject’s inputs (documents, presentations, images, text, etc.) are stored throughout the course of Trak Use.
  • Usage Data – Trak will collect logs related to the activities performed by the subject within the application.
  • Cookies – Trak cookies contain relevant data to support the function of the application. While sensitive/personal data is not included in the cookie, it will contain information regarding the environment and session.

Trak performs regular reviews of the security in the Amazon platform. Trak understands the ‘Shared Responsibility Model’ and designs its security controls with these requirements in mind.

Other Services

Document Storage. Trak document storage leverages Amazon’s S3 by default. Providing this functionality on S3 allows customers significant storage scalability. No customer registration is required. Documents are stored in Trak application buckets within Amazon’s S3 platform. Access safeguards are applied to these buckets just as they are for any and all application environments.

Customers remain responsible for the security of the data uploaded to Trak. The data protection is facilitated in a shared responsibility approach between Trak and Amazon. Additional details can be found here. Annually, Trak obtains control requirements for meeting Amazon’s designed control objectives (User Control Considerations) and ensures that appropriate compensating controls are operating effectively in the environment.

Partner Plug-ins and Connectors

Trak may recommend various partner solutions for delivering strategic integrations with independent vendor applications. Safeguards for the tools built and implemented by Trak partner solutions are established and maintained by the partner. Trak does not include these plug-ins and connectors during control performance or application penetration testing. Any additional information related to the security of these partner plug-ins and connectors should be addressed to the partner.

Google G-Suite and Youtube

Disclosure: Trak Software's use and transfer to any other app of information received from Google Accounts will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Trak Software ("us", "we", or "our") operates the website (the "Service").

This section informs you of our policies regarding the collection, use, and disclosure of your data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from

Information Collection And Use

We collect several different types of information for various purposes to provide and improve our Service to you.

  • Youtube Oauth connection
  • Youtube performance stats
  • Google drive numerical data (Non- PII Only (Personal Identification Information)

How the application accesses, uses, stores or shares user data

This section outlines how the Service and shares information collected through the "Youtube" feature, and applies to youtube who have authorized the Service to connect to their email box.

The manner in which the application accesses user data

Oauth Connection via token. We will try to minimize such access to the minimum required in order to render the Service to you. This includes using filters that limit the scope of data we fetch from your Good Drive and Youtube account.

The manner in which the application uses user data

We use your Drive and Youtube data to display information in Trak.  This will include a timeline of your youtube videos, views, and engagement as well as imported information from a google drive sheet

The manner in which the application stores user data

Data are stored in a highly-secure server facility operated by Amazon Web Services & digital ocean, protected by a wide range of security measures, including passwords, security tokens, encryption and others.

The manner in which the application shares user data

The default setting of the Service is that no sharing with any 3rd-party. The Service does, however, allow you to explicitly share, or download and share, videos and data field with your collaborators and partnerships. If, however, you do not elect to share, or download and share your data, it will not be shared without your explicit consent.

User Data Removal Request:

Pursuant to the provisions of the EU General Data Protection Regulation (GDPR), registered users maintain the right to formally request the deletion of any personal data held by the platform. To initiate this process, kindly complete and submit the designated form provided for such requests. Please submit this form