Zotrack
ModulesWhy usFAQBook a demoLoginStart trial
← Back to home

Security & Compliance

Last updated: 25 January 2026

Zotrack is designed with data protection and security in mind. This page provides a high-level overview of our security practices and compliance commitments.

GDPR Alignment

Zotrack is built for business use and aligns with GDPR principles.

Controller vs Processor

  • For workspace data (employee records, leave, expenses, invoices): your company is typically the controller and Zotrack acts as a processor.
  • For account/billing/marketing data: Zotrack is the controller.

Data Processing Agreement (DPA)

A DPA is available on request. Email support@zotrack.com.

Your rights

For workspace data, please contact your workspace admin or email support@zotrack.com for export or deletion requests.

See our Privacy Policy for full details on data subject rights.

Data Retention

We retain personal data for no longer than 12 months (1 year) from collection or last interaction, unless we must retain a limited subset for legal obligations, claims, or security investigations.

  • Customer workspace data: Retained for the duration of your subscription/contract. After termination, data is deleted or returned, and remaining copies in backups expire within our 12-month maximum retention window.
  • Security logs: Retained for no longer than 12 months, unless a specific incident requires limited extended retention.
  • Analytics data: Retained for no longer than 12 months.

See our Privacy Policy for complete retention details.

Subprocessors

We use subprocessors (such as cloud hosting and monitoring services) to provide the Service. All subprocessors are required to protect personal data appropriately.

Subprocessor list: Available on request by emailing support@zotrack.com.

Security Measures

We implement reasonable technical and organisational measures to protect your data, including:

  • Encryption in transit: All data is encrypted in transit using TLS.
  • Role-based access controls (RBAC): Users can only access data relevant to their role (Admin/Manager/Employee).
  • Tenant/workspace separation: Each customer workspace is logically isolated.
  • Monitoring and logging: We monitor for suspicious activity, failed login attempts, and abuse signals.
  • Backups and recovery: Regular backups are taken to ensure business continuity.

No system is 100% secure. You are responsible for keeping your credentials confidential and choosing strong passwords.

International Transfers

Personal data may be processed outside the UK/EEA. Where required, we use appropriate safeguards (such as standard contractual clauses or UK transfer mechanisms) and take steps to protect data during transfer.

Contact

For security, compliance, or data protection questions, please contact:

Email: support@zotrack.com

Address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Company registration: 16800287

For full legal details, see our Privacy Policy and Terms of Service.

Last updated: 25 January 2026