TRACX
TRACX logo
Templates About
Sign up

Existing customer? Sign in

Privacy Policy

Last updated: August 12, 2025

TRACX ("TRACX", "we", "us", or "our") provides a marketing software-as-a-service platform that enables our customers to build forms, collect submissions, and manage related experiences. We act primarily as a data processor (also referred to as a data handler or service provider) on behalf of our customers, who are typically the data controllers determining the purposes and means of processing personal data collected through forms they create using our services.

This Privacy Policy explains how we handle personal data in connection with our website and services. If you are an end user who submits information through a form powered by TRACX, please note that your data is controlled by the organisation that created the form. TRACX processes that data solely to provide the service to that organisation and according to their instructions.

Who we are and where we operate

TRACX is based in the United Kingdom and processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where relevant, we also align with the EU GDPR for customers and data subjects in the EEA.

Scope

This Policy covers: (a) personal data we process as a processor on behalf of our customers in connection with form creation and submission handling ("Customer Data"), and (b) personal data we process as a controller for our own business operations (e.g., account signup, billing, website analytics) ("TRACX Data"). Where we act as a processor, our processing is governed by our agreement with the applicable customer, including any data processing addendum (DPA). In case of conflict, the DPA controls for Customer Data.

Roles and responsibilities

  • Customer (Controller): Defines what to collect in a form, the lawful basis, retention, access, and disclosure.
  • TRACX (Processor/Service Provider): Processes Customer Data only to provide, maintain, secure, and support the service, and only on documented instructions from the Customer.

Customer Data we process

When end users submit a form created by a customer, TRACX processes the information included in the submission. The specific data fields are determined by the customer and may include personal data such as names, contact details, and any other information requested by the customer. We also process limited technical metadata necessary to deliver the service (e.g., timestamps, IP address, device/ browser information) and operational logs for security and reliability.

How we use Customer Data

  • Service delivery: Host, store, transmit, and display submissions; provide features such as validation, notifications, integrations, and analytics configured by the customer.
  • Security and integrity: Detect, prevent, and investigate incidents, abuse, spam, or violations; maintain and improve service reliability.
  • Support: Provide customer support and technical assistance.
  • Compliance: Comply with applicable laws and our contractual obligations to customers.

We do not sell Customer Data, use it for our own advertising or cross-context behavioural advertising, or otherwise process it for our own independent purposes.

TRACX Data we process as a controller

We may collect information about customer administrators and visitors to our website, such as account details, billing information, support communications, and usage diagnostics. We use this information to operate our business, deliver and improve the service, communicate with you, and comply with law. We do not sell personal information.

Legal bases (UK/EEA)

Where we act as a controller, we rely on one or more of the following legal bases: performance of a contract (to provide our services), legitimate interests (to secure and improve our services, prevent fraud, and communicate service-related updates), and consent where required by law (e.g., for certain cookies). Where we act as a processor, our customers are responsible for establishing a lawful basis for their processing of Customer Data.

Retention

For Customer Data, we retain personal data for as long as instructed by the customer and necessary to provide the services, comply with legal obligations, resolve disputes, and enforce agreements. Customers control their retention settings and deletion of form submissions. For TRACX Data, we retain information for as long as needed for the purposes described in this Policy, unless a longer period is required by law.

International data transfers

We may transfer, store, and process personal data in countries other than where it was collected. When transferring personal data from the UK and/or EEA to countries that have not been deemed to provide an adequate level of protection, we implement appropriate safeguards such as the EU Standard Contractual Clauses with the UK Addendum (or the UK International Data Transfer Agreement, as applicable) and additional technical and organisational measures.

Security

We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. For more information, please see our security page at /security.

Sub-processors

We may engage third-party sub-processors to support the delivery of our services (e.g., infrastructure, email delivery, analytics). We require sub-processors to implement appropriate safeguards and process Customer Data only for the limited purposes of providing their services to us. A current list of key sub-processors is available on request.

Customer responsibilities

Customers are responsible for the content of forms, providing required notices to end users, obtaining any necessary consents, establishing a lawful basis for processing, and responding to data subject requests related to Customer Data. TRACX makes tools and capabilities available to help customers meet their compliance obligations.

Your privacy rights (UK/EEA)

If you are an end user who submitted information through a TRACX-powered form, please contact the organisation that created the form to exercise your rights. We will assist the customer in responding to such requests as required by applicable law and our agreements.

If you interact with TRACX directly (for example, as an account administrator), your rights may include:

  • Access to your personal data;
  • Rectification of inaccurate or incomplete data;
  • Erasure (deletion) where applicable;
  • Restriction of processing in certain circumstances;
  • Objection to processing based on legitimate interests;
  • Data portability where technically feasible; and
  • Withdrawal of consent where processing is based on consent.

You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO) at ico.org.uk (telephone: 0303 123 1113). We would appreciate the chance to address your concerns before you approach the ICO, so please contact us first.

Cookies and similar technologies

We use cookies and similar technologies to provide and improve our website and services. For details about the cookies we use and your choices, please see our Cookie Policy.

Children’s privacy

Our services are not directed to children and we do not knowingly collect personal data from children. Customers are responsible for configuring their forms in accordance with applicable laws regarding children’s data.

California (CPRA) and similar U.S. laws

For purposes of the California Consumer Privacy Act, as amended by the CPRA, TRACX acts as a service provider with respect to Customer Data and does not sell or share personal information for cross-context behavioural advertising. We process Customer Data only for the limited business purposes described above and as permitted by our agreement with customers. As a business with respect to TRACX Data, we provide the rights afforded under applicable law (e.g., access, deletion, correction) and do not sell personal information.

Governing law

This Policy and any dispute or claim arising out of or in connection with it shall be governed by and construed in accordance with the laws of England and Wales, without regard to conflict of law rules.

Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the "Last updated" date above. Material changes may also be communicated through the service or by email to account administrators.

Contact us

If you have questions about this Policy or how we process personal data, please contact us at [email protected] (FAO: Data Protection). If you are an end user, please contact the organisation that provided the form you used.

Data Processing Addendum

A Data Processing Addendum (DPA) reflecting our processor obligations and standard contractual clauses is available upon request for customers.