Security & Compliance

This page is a lightweight overview of Trackely’s security posture and compliance approach. It complements the detailed Security and GDPR pages.

Core controls

• Multi-tenant isolation enforced in API routes and database queries.
• Audit logs for create/update/delete operations (where implemented).
• Password hashing and optional MFA for high-risk accounts.
• Rate limiting on API endpoints (best-effort for multi-instance).

Data protection

• Encryption in transit (TLS) and at rest (provider-managed where available).
• Least privilege via roles and per-route policy checks.
• Export and retention workflows aligned with UK GDPR.

Responsible disclosure

Report vulnerabilities to security@trackely.co.uk.