Security & Compliance

This page is a lightweight overview of Trackely's security posture and compliance approach. It complements the detailed Security and GDPR pages.

Core controls

• Multi-tenant isolation enforced in API routes and database queries.
• Audit logs for create, update, and delete operations where implemented.
• Password hashing and optional MFA for high-risk accounts.
• Rate limiting on API endpoints as part of our abuse-control posture.

Data protection

• Encryption in transit (TLS) and at rest where supported by providers.
• Least privilege via roles and per-route policy checks.
• Export, retention, and legal documentation designed to support UK GDPR workflows.

Responsible disclosure

Report vulnerabilities to security@trackely.co.uk.