Privacy Policy
How we collect, use, and protect your data
1. Scope
This Privacy Policy explains how Isotrax collects, uses, shares, and protects personal data in connection with our Transport Management System (TMS), including planning, pricing, invoicing, and the mobile driver app.
2. Roles under GDPR
Customer
Typically Data Controller over data you input into Isotrax.
Isotrax
Data Processor for customer data under the DPA, and Controller for our own business operations.
3. Categories of Personal Data
| Category | Data collected |
|---|---|
| Admin/dispatch users | Name, business email, phone, role, login data |
| System users | Name, email, phone, role, login data |
| Drivers | Name, phone, login, device/app identifiers, GPS location (where enabled) |
| External accesses | Name/email or technical identifiers |
| Customer recipients | Delivery contact name, address, phone where provided |
| Billing & payments | Payment status, invoice references via Paddle (no full card data stored) |
| Technical data | IP address, device/browser info, logs, timestamps |
| Cookies/analytics | Session cookies, Google Analytics (see Cookie Policy) |
4. Purposes & Legal Bases
- Provide and operate the service – contract performance: Art. 6(1)(b)
- Security & fraud prevention – legitimate interests: Art. 6(1)(f)
- Support & communications – contract/legitimate interests
- Billing & compliance – legal obligations, e.g., accounting laws
- Analytics to improve product – consent for analytics where required
5. Data Retention
| Account & profile data | Lifetime of account + 90 days after termination |
| Operational logs | 90 days rolling |
| Backups | 35 days rolling, then purged |
| Analytics data (GA) | Up to 14 months with IP anonymization |
| GPS history (drivers) | 12 months by default (customer-configurable) |
| Invoices & accounting | 7 years (Swedish accounting requirements) |
We may retain data longer where required by law or to establish/defend legal claims.
6. Data Sharing & International Transfers
We use carefully selected subprocessors to deliver the service:
For transfers outside the EU/EEA, we implement appropriate safeguards (e.g., Standard Contractual Clauses). Customers seeking EU-only processing should select EU hosting.
7. Security
We apply technical and organizational measures including encryption in transit, role-based access controls, network isolation, backups, monitoring, and least-privilege access.
8. Your Rights (EU/EEA)
You may request: access, rectification, erasure, restriction, data portability, and object to processing.
For requests, contact: [email protected]. Where we act as processor, we will forward requests to the relevant controller (your company).
9. Cookies & Analytics
See our Cookie Policy. You can manage preferences via our cookie banner and browser settings.
10. Communications & Marketing
We may send service-related communications (e.g., notices, invoices). Marketing emails (if/when implemented) will be based on consent or legitimate interest with opt-out options.
11. Children
Isotrax is a B2B service and not directed to children.
12. Changes
We may update this Policy; we will post changes with a new Effective Date and notify materially impactful changes via the service.