Your Privacy & Security
Last Updated: October 4, 2025
At TRAK, security is our top priority. We implement industry-leading practices to protect your data and ensure the integrity of our platform.
Our Security Commitment
We understand that you're trusting us with your critical business workflows and sensitive information. We take that responsibility seriously and have built security into every layer of our platform.
Data Encryption
In Transit
All data transmitted between your browser and our servers is encrypted using TLS 1.3 (Transport Layer Security). TRAK will only communicate via HTTPS.
At Rest
Your data is stored securely on our servers, and only stored when necessary for TRAK to function. Critical identifying/authenticating information will be stored in an encrypted/hashed form where applicable.
Local Storage
We utilise service workers and IndexedDB for enhanced performance. This locally stored data is kept secure on your device and can be cleared at any time in the user settings, or manually via developer tools.
Authentication and Access Control
Cookie Policy: We use authentication cookies for keeping you signed in. Where applicable, TRAK may use cookies to store data relevant to the functionality of the app.
Secure Authentication
- Request, IP and CSRF validation for each request
- Strong password requirements and hashing
- Session management with automatic timeout
- Secure token-based authentication
Access Controls
- Role-based access control (RBAC) within organisations
- Company verification system for organisation access
- Granular permissions for data and feature access
- Audit logs tracking all access and changes
Data Privacy and Access
Who Can See Your Information
Your personal information and identifying details are strictly controlled:
- TRAK Developers: Access is limited to authorised developers for platform maintenance and support. Where a ticket is made, TRAK administrative staff may be able to see the details of the user that lodged the support request.
- Your Organisation: Only verified members of your company can view your profile and associated data
- Public Profiles: If you choose to make your profile public, basic information may be visible to other TRAK users
Company Verification
We employ a rigorous verification process to ensure that only legitimate members of your organisation can access company data and collaborate with your team.
Infrastructure Security
Network Security
Firewalls, intrusion detection systems, and DDoS protection safeguard our infrastructure from external threats.
Regular Updates
We will continue to improve TRAK user's security as technology improves through regular scheduled updates.
Monitoring
Security monitoring and alerting systems are in place to detect and respond to security threats.
Backups
Automated backups with redundancy ensure your data is never lost.
Incident Response
In the unlikely event of a security incident:
- Our security team responds immediately to contain and resolve the issue
- Affected users are notified promptly in accordance with legal requirements
- We conduct thorough post-incident analysis to prevent future occurrences
- Transparent communication throughout the resolution process
Your Responsibility
Security is a shared responsibility. You can help protect your account by:
- Using a strong, unique password
- Never sharing your login credentials
- Logging out on shared devices
- Reporting suspicious activity immediately
- Using a private browser on public devices
- Keeping your contact information up to date
Security Best Practices
For Administrators
- Regularly review user access and permissions
- Remove access for former employees promptly
- Enable organisation-wide security policies
- Monitor audit logs for unusual activity
For All Users
- Be cautious of phishing attempts
- Verify URLs before entering credentials
- Report security concerns to our team
- Keep your devices and browsers updated
Vulnerability Disclosure
We welcome reports from security researchers and users who discover potential vulnerabilities. If you find a security issue, please report it responsibly:
- Email us at admin@trak.net.au
- Provide detailed information about the vulnerability
- Allow us reasonable time to address the issue before public disclosure
- We appreciate responsible disclosure and may offer recognition for valid reports
Continuous Improvement
Security is not a one-time effort. We continuously:
- Review and update our security practices
- Train our team on the latest security threats
- Invest in new security technologies
- Engage with the security community
- Conduct regular security assessments