Privacy Policy
MS Consolidated Pty Ltd (ACN 688 688 011) as trustee for the MS Trust (ABN 20 330 986 807), trading as TrakOps — Last updated: 4 July 2026
This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use TrakOps (the "Service") or visit our website. We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles, and, where they apply, the EU/UK General Data Protection Regulation ("GDPR") and US state privacy laws (including the California Consumer Privacy Act, "CCPA").
A note on your engineering data: files, designs, and technical data you upload to the platform ("Customer Data") are handled under our Terms of Service and Data Processing Addendum. We process Customer Data only to provide the Service. This Privacy Policy primarily covers personal information such as account, billing, and usage information. Where you are a business and your Customer Data contains personal information about others, you are the controller and we are your processor.
1. What we collect
- Account information: name, email address, company/team name, password (hashed), plan tier.
- Billing information: payments are processed by Stripe. We receive transaction records, billing address, and the last four digits/card type — we do not store full card numbers.
- Usage and device information: log data, IP address, browser and device type, pages and features used, approximate location derived from IP, collected via cookies and similar technologies (see section 7).
- Communications: support requests, emails, and feedback.
- Customer Data: content you upload, processed only to provide the Service.
We do not knowingly collect information from anyone under 18, and the Service is not directed at children.
2. How we use personal information
We use personal information to: provide, operate, and secure the Service; create and manage accounts; process payments and manage subscriptions (including renewal reminders); provide support; monitor performance and improve the Service; send service communications and, with your consent or as otherwise permitted, marketing you can opt out of at any time; detect and prevent fraud, abuse, and security incidents; and comply with legal obligations.
Legal bases (GDPR): performance of our contract with you; our legitimate interests (service improvement, security, fraud prevention); consent (marketing, non-essential cookies); and legal obligation (tax and accounting records).
3. How we share personal information
We do not sell personal information. We share it only with:
- Service providers (processors): listed in section 4 below, each bound by contract to protect your information and use it only to provide services to us.
- Professional advisers and authorities where required by law, court order, or to protect rights, safety, or security.
- Business transfers: if the business is sold or restructured, information may transfer to the successor, subject to this Policy.
4. Our service providers and where your data is stored
Our primary database and file storage is provided by Supabase, hosted in Tokyo, Japan (AWS ap-northeast-1). Our other providers are:
- Vercel — application hosting and content delivery (United States and global edge network)
- Stripe — payment processing (United States)
- Resend — transactional email delivery (United States)
- Anthropic — AI-powered features (United States). Customer Data processed through AI features is transmitted to Anthropic's API under its commercial terms, which do not permit use of that data to train Anthropic's models. It is used solely to deliver the feature to you.
- GitHub — source code hosting (does not process customer personal information)
- GoDaddy — domain registration and DNS (does not process customer personal information)
International transfers. Because we store data in Japan and use providers in the United States, your personal information will be transferred outside Australia (and, for EU/UK individuals, outside the EU/UK). Japan benefits from an EU adequacy decision. For transfers to the United States and other countries, we rely on adequacy frameworks or Standard Contractual Clauses with our providers, and take reasonable steps to ensure recipients handle personal information consistently with the Australian Privacy Principles.
5. Security
We protect personal information and Customer Data using encryption in transit and at rest, access controls, and the measures described in our Security & Confidentiality Statement. No system is perfectly secure; we will notify you and regulators of eligible data breaches as required by law (including the Australian Notifiable Data Breaches scheme and, where applicable, GDPR Articles 33–34).
6. Retention
We keep personal information for as long as your account is active and as needed for the purposes above, then delete or de-identify it. Typical periods: account records — life of account plus 2 years; billing/tax records — 7 years as required by Australian law; support correspondence — 2 years; Customer Data — deleted after termination per the Terms of Service (30-day export window, then deletion from production within 60 days and expiry from backups within 90 days thereafter).
7. Cookies and analytics
We use essential cookies only — those required for login sessions, security, and the operation of the Service. Our hosting platform may collect aggregated, privacy-preserving performance metrics that do not use cookies or track you across sites. We do not use advertising cookies, marketing pixels, or cross-site tracking. You can control cookies via your browser settings; blocking essential cookies may prevent the Service from working. If we introduce analytics tools in future, we will update this Policy and obtain consent where required.
8. Your rights
Depending on where you live, you may have the right to access, correct, delete, or receive a copy of your personal information; object to or restrict certain processing; withdraw consent; and opt out of marketing.
- Australia: you may request access and correction under the Privacy Act. Complaints can be made to us first, then to the Office of the Australian Information Commissioner (oaic.gov.au).
- EU/UK (GDPR): rights of access, rectification, erasure, restriction, portability, and objection; you may complain to your local supervisory authority.
- California and other US states: rights to know, delete, correct, and opt out of "sale"/"sharing" (we do not sell or share personal information for cross-context behavioural advertising) and not to be discriminated against for exercising rights.
To exercise any right, contact contact@trakops.com.au. We will verify your identity and respond within the timeframe required by applicable law (generally 30 days, or 45 days under CCPA).
9. Changes and contact
We may update this Policy and will notify you of material changes by email or in-app notice. Continued use after the effective date constitutes acceptance, except where consent is required.
Privacy contact: TrakOps, 418 Reservoir Road, Lavington NSW 2641, Australia — contact@trakops.com.au