Privacy Policy
This policy explains how Tracklark handles personal data. It is designed to address EU/EEA/UK data protection requirements and to clarify how we limit our responsibilities.
Introduction
This Privacy Policy explains how personal data is processed in connection with Tracklark, a software-as-a-service platform for order delivery tracking and related services, provided by Lyktr. It is intended to meet the requirements of the EU General Data Protection Regulation (GDPR) and applicable data protection laws in the EU, EEA, and United Kingdom.
Who we are and our roles
Tracklark is operated by Lyktr, established in Gothenburg, Sweden. For data protection purposes, Lyktr acts as the data controller for personal data relating to its own customers, users, and website visitors. When Tracklark processes personal data submitted by customers in connection with shipment tracking or customer-facing communications, Lyktr acts as a data processor on behalf of those customers. In such cases, customers are responsible for compliance with applicable data protection laws and for providing appropriate privacy information to their own customers or end recipients.
Scope of this policy
This policy applies to personal data processed when you visit our websites, create or use a Tracklark account, interact with our product interfaces, or communicate with us. It does not govern how our customers process personal data relating to their own customers, which is subject to those customers’ own privacy policies.
Categories of personal data we process
Depending on your interaction with the service, we may process the following categories of personal data: account and contact details (such as name, email address, role, and organization); authentication data (such as password hashes and access tokens); workspace, tenant, and configuration data; shipment references (such as order numbers and tracking identifiers); carrier and logistics event data associated with those references; communications with support; and technical or usage data such as IP address, device identifiers, browser type, pages viewed, session metadata, and diagnostic logs.
Purposes of processing
Personal data is processed for the following purposes: providing, operating, and securing the Tracklark service; authenticating users and administering accounts; displaying shipment tracking information as configured by our customers; sending transactional messages initiated by our customers; providing customer support; preventing fraud, abuse, and misuse; monitoring performance and reliability; analyzing usage and improving product functionality; complying with legal obligations; and administering our business operations.
Legal bases for processing (EEA/UK)
Where GDPR applies, processing is based on one or more of the following legal bases: performance of a contract, where processing is necessary to provide the service; legitimate interests, such as operating, securing, and improving the service, provided those interests are not overridden by your fundamental rights and freedoms; compliance with legal obligations; and consent, where required by law, including for the use of certain cookies, analytics, or session recording technologies. Our customers are responsible for establishing an appropriate legal basis for any personal data they submit to the service relating to their own customers or end recipients.
Analytics, session recording, and product insights
We use analytics and product insight tools, such as Google Analytics and Hotjar, to understand how our websites and interfaces are used, to improve usability, performance, and user experience, and to identify technical issues. These tools may collect information such as IP address, device and browser characteristics, pages visited, interactions, and session behavior. Where required by applicable law, such tools are activated only after you have provided consent through our cookie or consent management interface. We configure these tools to limit the collection of personal data, for example through IP anonymization, suppression of keystroke data, and filtering of sensitive fields.
Cookies and similar technologies
We use cookies and similar technologies to operate and secure our websites and services, to remember preferences, and to analyze usage. Some cookies are strictly necessary for the service to function and do not require consent. Other cookies, including analytics or session recording cookies, are used only where you have given consent, where required by law. You can manage or withdraw your consent at any time through our cookie settings.
Sharing of personal data
Personal data may be shared with trusted service providers and sub-processors who assist us with hosting, cloud infrastructure, authentication, analytics, monitoring, communications, and customer support. We may also share data with carriers and logistics partners where necessary to provide tracking functionality as configured by our customers, or where required by law or lawful authority. All service providers are contractually required to process personal data only on documented instructions and in compliance with applicable data protection laws.
International data transfers
Some service providers or infrastructure used by Tracklark may be located outside the European Economic Area or the United Kingdom. Where personal data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, together with supplementary technical and organizational measures where required, or other lawful transfer mechanisms recognized under applicable data protection laws.
Data retention
Personal data is retained only for as long as necessary to fulfill the purposes described in this policy. Account and configuration data is generally retained for the duration of the customer relationship. Technical logs and usage data are retained for limited periods appropriate to security and operational needs. Shipment reference data is retained in accordance with customer configurations and contractual requirements. Aggregated or anonymized data that no longer identifies individuals may be retained indefinitely.
Security
We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures take into account the nature of the data and the risks involved. However, no system can be guaranteed to be completely secure. Users are responsible for maintaining the confidentiality of their access credentials.
Your rights
Where applicable under GDPR or other data protection laws, you have the right to request access to your personal data, request rectification or erasure, restrict or object to processing, and request data portability. Where processing is based on consent, you may withdraw that consent at any time. You also have the right to lodge a complaint with a supervisory authority, including the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).
Children
The Tracklark service is intended for business use and is not directed to children under the age of 16. We do not knowingly collect personal data from children.
Updates to this policy
This Privacy Policy may be updated from time to time to reflect changes in the service, legal requirements, or data processing practices. Updated versions will be made available through our websites or service interfaces and will take effect when published.
Contact information
If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at support@tracklark.com. Lyktr is established in Gothenburg, Sweden.