Last Updated: September 21, 2025. Trac Software Solutions Inc. (“Trac”, “we”, “us” or “our”) is committed to protecting privacy while enabling safe and auditable operations. This Privacy Policy explains what information the Trac Admin application (“Admin App”) collects, how we use it, and your choices.

Who This Policy Is For

The Admin App is intended for authorized personnel (e.g., operations, dispatch, supervisors) designated by their organization. If you are a rider, please refer to the Commuter App Privacy Policy.

Summary

• Accounts required: Admin users authenticated. We process limited account and audit information to provide secure access and traceability.
• No ads or profiling: We do not sell personal data or run ads.
• Operational audit: Actions (e.g., sending notices) are logged for security, compliance, and accountability.
• Third-party services: We use Firebase (Google) and Mapbox, and may use Crashlytics for crash reporting.

Information We Collect

Because Admin requires authentication and operational controls, we collect and process the following categories of information:

1) Account & Profile Information
Information used to create or provision your admin access: email address, display name, organization/tenant, role(s)/permissions, and account status. This may be provided by your organization, by you, or generated by our systems.

2) Authentication & Security Data
Sign-in timestamps, token/session metadata, platform/OS, and basic device identifiers used for security, troubleshooting, and fraud prevention.

3) Operational & Audit Logs
Records of admin actions and events, e.g., messages sent to riders (topics, title/body, time sent, who sent), driver alerts received/acknowledged, configuration changes, and other in-app actions necessary for traceability and compliance.

4) Admin-Generated Content
Content you create and submit through the Admin App (e.g., service notices/announcements to riders, internal notes). We store the content and related metadata to deliver, display, and audit it.

5) Feedback & Support
If you submit feedback or support requests, we process the information you provide (message text, optional contact details) and technical context (app version, platform).

6) Diagnostics (Crash & Error Logs)
We may use Firebase Crashlytics or similar tools to collect crash reports and limited device/app state at the time of a failure to improve reliability.

7) Location Data (Generally Not Required)
The Admin App generally does not require your precise location. If an optional feature requests location (e.g., centering a map), you will be asked for permission; if granted, location is used in real time for that feature and not stored by Trac.

How We Use Information

• Provide the Admin service: authenticate users, enforce roles, route messages, display driver alerts, and support operational workflows.
• Security & integrity: prevent unauthorized access, detect misuse, and maintain audit trails.
• Reliability & support: diagnose crashes and issues, respond to feedback, and improve performance and usability.
• Compliance: meet legal, contractual, and organizational audit obligations.

Legal Bases

Depending on your location, we process data under one or more of: (i) performance of a contract (providing Admin to your organization), (ii) legitimate interests (security, operations, troubleshooting), and/or (iii) compliance with legal obligations. Where required, we rely on consent (e.g., optional device permissions you can control).

How We Share Information

We do not sell or rent personal data. We may share information as follows:

• With your organization: Admin activity and related data may be accessible to your organization’s authorized administrators for oversight and audit.
• Service providers: We use reputable processors to operate Admin, including:
  • Firebase (Google) (Auth, databases, messaging/FCM, hosting), Firebase Privacy, Crashlytics Terms
  • Mapbox (maps/geospatial), Mapbox Privacy
  These providers may process technical data to deliver their services.
• Legal & safety: If required by law or to protect rights, property, or safety (subject to applicable legal process).
• Business transfers: In a merger, acquisition, or similar event, data may transfer as permitted by law and with appropriate safeguards.

Data Security

We use reasonable administrative, technical, and physical safeguards appropriate to the data we process. No system is perfectly secure; we encourage strong passwords, device hygiene, and prompt reporting of suspected incidents.

Data Retention

We retain admin account data for as long as your organization maintains an active Admin deployment or as necessary to provide the service. Crash and diagnostic data may be retained by Firebase for a few months by default to aid troubleshooting. Feedback/support correspondence is kept as needed to respond and maintain records. We may de-identify and retain aggregate operational statistics for service improvement.

International Transfers

Our processors may store or process data in Canada mostly, or other jurisdictions potentially. Where applicable, we implement appropriate safeguards for cross-border transfers consistent with legal requirements.

Your Choices & Rights

• Account & profile: Contact your organization’s administrator to update your account details, roles, or access.
• Permissions: You can control optional device permissions (e.g., location) via your device settings.
• Access, correction, deletion: Requests should be directed to your organization as the primary account controller. We will assist your organization in responding to valid requests consistent with applicable laws.
• Notifications: Admin messaging is part of operations; if you do not wish to receive certain operational notifications on a device, adjust the device’s notification settings or consult your organization about role-based topics.

Third-Party Links

External links within Admin (documentation, support portals) are provided for convenience. Their privacy practices are governed by their own policies.

Changes to This Policy

We may update this Privacy Policy to reflect changes in practices or legal requirements. We will revise the “Last Updated” date and, where feasible, provide notice in-app or via administrative channels. Continued use of Admin indicates acceptance of the updated policy.

Contact Us

Questions about this Privacy Policy or Admin data practices? Contact us at [email protected]. If your request concerns access to or deletion of account data, please include your organization name and contact your organization’s administrator so we can coordinate a response.