TrackProject is currently available by invitation only.
Request access·Book a demo·Sign in
TrackProject
Trust & Compliance · Trust

Trust Center

Our commitments to the Customers, regulators and partners who rely on TrackProject every day.

Versionv4.0Last updated2026-06-25Last audit2026-05-12
UK GDPREU GDPRCCPA / CPRAISO/IEC 27001:2022ISO/IEC 42001 (AI)SOC 2
Contact security Report vulnerability Request data export Request account deletion

99.9%

Targeted availability

AES-256

Encryption at rest

All tenants

Row Level Security

Enforced

AI tenant isolation

Trust badges

Frameworks our controls map to. Certification status is published in the Compliance Center.

UK GDPR

Aligned

Processor model, DPA, UK IDTA.

EU GDPR

Aligned

Processor model, DPA, SCCs 2021/914.

CCPA / CPRA

Aligned

Rights workflows, no sale of personal information.

ISO/IEC 27001:2022

Controls mapped

ISMS in operation. Certification roadmap.

ISO/IEC 42001 (AI)

Controls mapped

AI management system aligned with ISO 42001.

SOC 2

Controls mapped

Security, Availability, Confidentiality.

Cyber Essentials

Aligned

Five core technical controls.

NIS2

Aligned

Incident response & supply-chain controls.

EU AI Act

Aligned

Limited-risk AI features with transparency.

DORA

On roadmap

ICT third-party controls for financial entities.

HIPAA

On roadmap

BAA scope under evaluation.

FedRAMP

On roadmap

US-region deployment under evaluation.

Platform status

Live system status, incident history and scheduled maintenance windows are published at status.track-project.com. Workspace administrators can subscribe to incident updates by email or webhook.

Security practices

Defence-in-depth security covering authentication, encryption, Row Level Security, tenant isolation, audit logging, vulnerability management and continuous monitoring. See the Security Center for the full control set.

Privacy commitments

Customers own their data. We process it only to deliver the service, never sell it, never use it to train shared AI models, and provide self-service export and deletion.

AI commitments

Permission-aware, tenant-isolated, auditable and explainable AI. We do not train shared models on Customer data and we require human verification for material decisions. See Enterprise AI Governance for the full programme.

Compliance roadmap

TrackProject is built to map cleanly to leading frameworks. Current status, evidence and target dates are published in the Compliance Center.

Infrastructure overview

Multi-region cloud hosting in the UK and EU with global edge delivery, isolated production and staging environments, automated backups and disaster-recovery testing. See the System Architecture page for the data-flow diagram.

Availability

We target 99.9% monthly availability for the production service. Enterprise customers may execute a written SLA with service credits and tighter RPO/RTO targets.

Incident transparency

Post-mortems for material incidents are published on the status page with root-cause analysis and follow-up actions. Affected Customers are notified directly within 72 hours of confirmation.

Responsible disclosure

Security researchers are welcomed and protected under our Responsible Disclosure programme. Reports go to security@track-project.com.

Last security review

The most recent platform-wide security review concluded on 2026-05-12. Continuous controls run 24/7. Next scheduled review: 2026-09-25.

Questions about this document? Contact legal@track-project.com · Security: security@track-project.com

© 2026 TrackProject Ltd. Version 4.0 · Last updated 2026-06-25.

Version history

  • v4.02026-06-25Expanded with Responsible Disclosure section and tightened incident-transparency wording.
  • v3.12026-03-15Added Security Dashboard, Architecture and Integrations pages.
Trust Center Security Center AI Governance Responsible AI Architecture Integrations Compliance Subprocessors