Privacy Policy — Trac Admin

How we handle data for authorized administrators and operations staff.

Last Updated: October 15th, 2025

Trac Software Solutions Inc. (“Trac,” “we,” “us,” “our”) is committed to privacy while enabling secure, auditable operations. This Admin Privacy Policy explains what information the Trac Admin application collects, how we use it, and your choices. The Admin App is intended for personnel authorized by their organization to perform operational or supervisory tasks. If you are a rider, please refer to the Commuter App Privacy Policy.

  1. Information We Collect

    2. Because Admin requires authentication and operational controls, we process limited personal and operational information. This includes account and profile information such as email address, display name, organization or tenant, and rolebased permissions. It also includes authentication and security data such as signin timestamps, session metadata, platform or operating system, and device details used to prevent unauthorized access and troubleshoot issues. Operational and audit logs record administrative actions and events within the Admin App, including messages sent to riders, alerts acknowledged, configuration changes, and other activity necessary for traceability and compliance. If you submit service notices or other content through the Admin App, we process that content and the metadata needed to deliver, display, and audit it. If you contact us for feedback or support, we receive the information you choose to provide together with technical context so we can respond. We may also receive anonymized crash and error reports from Crashlytics or similar tools to improve reliability. Location is generally not required for Admin. If an optional map feature requests location, you will be asked for permission, and if granted, location is used in real time for that feature and is not stored by Trac.

  2. How We Use Information

    3. We use this information to provide the Admin service to your organization, authenticate users, enforce roles and permissions, route messages, display operational alerts, and support workflows. We also use it to maintain security and integrity, prevent misuse, and preserve audit trails required for organizational accountability. In addition, we use it to diagnose problems, improve reliability and performance, and comply with legal or contractual obligations.

  3. Legal Bases

    4. Depending on your location, we rely on one or more legal bases to process information, including performance of a contract with your organization, our legitimate interests in securing and operating the Admin App, and compliance with legal obligations. Where a feature relies on consent, such as optional device permissions, you can grant or withdraw that permission through your device settings.

  4. How We Share Information

    5. We do not sell or rent personal data. Information may be shared with your organization’s authorized administrators to provide oversight and audit. We also use reputable service providers to operate Admin, including Firebase (Google) for authentication, databases, and messaging, Mapbox for maps and geospatial features, and Crashlytics for crash reporting; these providers may process technical data necessary to deliver their services. We may disclose information as required by law or to protect rights, property, or safety. In the event of a business transaction such as a merger or acquisition, information may transfer to a successor with appropriate safeguards.

  5. Data Security

    6. We maintain reasonable administrative, technical, and physical safeguards appropriate to the information we process. No system is perfectly secure. We encourage strong passwords, secure devices, and prompt reporting of suspected incidents. For personal data processed through the Admin App, Trac acts as a service provider or data processor on behalf of the client organization, which remains the data controller responsible for compliance with applicable privacy laws.

  6. Data Retention

    7. We retain admin account data while your organization maintains an active Admin deployment or as necessary to provide the service. Audit logs are retained for a period that supports operational accountability and legal or contractual requirements. Diagnostic and crash data may be retained for a limited time to troubleshoot issues. Support correspondence is kept as needed to address requests and maintain service records.

  7. International Transfers

    8. Our processors may store or process information in Canada or other jurisdictions. Where applicable, we implement safeguards suitable for crossborder transfers.

  8. Your Choices and Rights

    9. Account details, roles, and access are controlled by your organization. Requests to access, correct, or delete account information should be directed to your organization’s administrator, and we will assist them as needed. You may manage optional device permissions, such as location, through your device settings.

  9. ThirdParty Links

    10. Any external links provided within the Admin App (for example, documentation or support portals) are offered for convenience and are governed by the third party’s policies. We do not control those practices.

  10. Changes to this Policy

    11. We may update this policy from time to time. We will revise the “Last Updated” date and, where feasible, provide notice within the Admin App or via administrative channels. Continued use after an update signifies acceptance.

  11. Contact

    12. Questions about Admin data practices can be sent to [email protected]. If you are not satisfied with how we handle your personal information, you may contact the Office of the Privacy Commissioner of Canada or your provincial privacy regulator for further guidance.