Privacy Policy

How we collect, use, and protect your data

Effective Date
2026-01-11
Controller
EdIT Solutions Sweden AB
Org. No.
559033-6037
Governing Law
Sweden (English version prevails)
Domains Covered
isotrax.com, *.isotrax.com, editsolutions.com

1. Scope

This Privacy Policy explains how Isotrax collects, uses, shares, and protects personal data in connection with our Transport Management System (TMS), including planning, pricing, invoicing, and the mobile driver app.

2. Roles under GDPR

Customer

Typically Data Controller over data you input into Isotrax.

Isotrax

Data Processor for customer data under the DPA, and Controller for our own business operations.

3. Categories of Personal Data

Category Data collected
Admin/dispatch usersName, business email, phone, role, login data
System usersName, email, phone, role, login data
DriversName, phone, login, device/app identifiers, GPS location (where enabled)
External accessesName/email or technical identifiers
Customer recipientsDelivery contact name, address, phone where provided
Billing & paymentsPayment status, invoice references via Paddle (no full card data stored)
Technical dataIP address, device/browser info, logs, timestamps
Cookies/analyticsSession cookies, Google Analytics (see Cookie Policy)

4. Purposes & Legal Bases

  • Provide and operate the service – contract performance: Art. 6(1)(b)
  • Security & fraud prevention – legitimate interests: Art. 6(1)(f)
  • Support & communications – contract/legitimate interests
  • Billing & compliance – legal obligations, e.g., accounting laws
  • Analytics to improve product – consent for analytics where required

5. Data Retention

Account & profile dataLifetime of account + 90 days after termination
Operational logs90 days rolling
Backups35 days rolling, then purged
Analytics data (GA)Up to 14 months with IP anonymization
GPS history (drivers)12 months by default (customer-configurable)
Invoices & accounting7 years (Swedish accounting requirements)

We may retain data longer where required by law or to establish/defend legal claims.

6. Data Sharing & International Transfers

We use carefully selected subprocessors to deliver the service:

DigitalOcean
Hosting (EU/US)
GraphHopper
Routing/optimization
OpenStreetMap
Geocoding (address → coordinates)
Microsoft
Email delivery

For transfers outside the EU/EEA, we implement appropriate safeguards (e.g., Standard Contractual Clauses). Customers seeking EU-only processing should select EU hosting.

7. Security

We apply technical and organizational measures including encryption in transit, role-based access controls, network isolation, backups, monitoring, and least-privilege access.

8. Your Rights (EU/EEA)

You may request: access, rectification, erasure, restriction, data portability, and object to processing.

For requests, contact: [email protected]. Where we act as processor, we will forward requests to the relevant controller (your company).

9. Cookies & Analytics

See our Cookie Policy. You can manage preferences via our cookie banner and browser settings.

10. Communications & Marketing

We may send service-related communications (e.g., notices, invoices). Marketing emails (if/when implemented) will be based on consent or legitimate interest with opt-out options.

11. Children

Isotrax is a B2B service and not directed to children.

12. Changes

We may update this Policy; we will post changes with a new Effective Date and notify materially impactful changes via the service.

13. Contact