Enterprise-grade security

Security at Trakkr.

Enterprise-grade infrastructure. Industry-standard encryption. Your data is protected so you can focus on your brand.

[email protected]
[01]Infrastructure

Built on certified infrastructure.

Your data is protected by industry leaders.

Database

Supabase

PostgreSQL database with row-level security

SOC 2 Type IIHIPAA
Backend

Google Cloud

Cloud Run serverless containers

SOC 2ISO 27001GDPR
Edge

Cloudflare

Global CDN and DDoS protection

SOC 2ISO 27001PCI DSS
All vendors SOC 2 certified
[02]Data Protection

Every layer protected.

How we protect your data.

Encryption in transit
TLS 1.3
All data encrypted between your browser and our servers
Encryption at rest
AES-256
Database and backups encrypted using industry-standard encryption
Data isolation
Row-Level Security
Each customer's data is isolated at the database level
Access control
Role-based (RBAC)
Fine-grained permissions for team members and clients
Authentication
MFA available
Two-factor authentication for enhanced account security
Secure sessions
JWT + HTTP-only
Secure session management with automatic expiration
[03]Privacy

Your data, your rights.

Privacy-first by design.

Minimal data collection - only what's necessary
GDPR-compliant data handling practices
Data processed in secure, certified regions
No data sold to third parties - ever
Data export available on request
Data deletion within 30 days on request
Transparent sub-processor list
Privacy policy regularly updated
Full details in our privacy policyRead privacy policy
[04]FAQ

Honest answers to common questions.

Security FAQ.

Our infrastructure providers (Supabase, Google Cloud, Cloudflare) are SOC 2 certified. We inherit their security controls and are evaluating our own certification timeline as we scale.

Your data is stored on Supabase's infrastructure, backed by Google Cloud's SOC 2 and ISO 27001 certified data centers. We use regional isolation to ensure data stays in appropriate jurisdictions.

Yes. Contact [email protected] and we'll process your deletion request within 30 days per GDPR requirements. We'll confirm once complete.

No. We never sell your data. We use essential sub-processors only to provide the service (listed in our privacy policy). Your brand data is never used to train AI models.

We have incident response procedures in place. In the unlikely event of a breach, we'll notify affected users within 72 hours as required by GDPR, with full transparency about what happened and what we're doing.

Questions about security?

We're happy to discuss our security practices, answer questionnaires, or address specific concerns.

[email protected]We typically respond within 24 hours