Acctrak™ Privacy Policy

Effective Date: Jul 11, 2025

At Acctrak™ (“we”, “us”, “our”), we are committed to protecting the privacy and security of the personal information processed through our software platform. This Privacy Policy outlines how we collect, use, and safeguard data when businesses license Acctrak™ for internal use in claims and case management.

1. Role in Data Processing

Acctrak™ acts as a data processor. Our customers — the organizations that license and use Acctrak™ — act as data controllers, determining what data is collected and for what purposes. Acctrak™ processes this information solely on behalf of and under the direction of our customers, in accordance with applicable data protection laws.

2. Information We Process (On Behalf of Our Customers)

The data entered into Acctrak™ by our customers may include:

  • Contact Information: Names, phone numbers, email addresses, and addresses.
  • Employment Details: Job titles, departments, employee IDs, and employment status.
  • Claim and Case Management Data: Information related to internal claims, incident tracking, or return-to-work coordination.
  • Health Information: If relevant to internal processes and entered by the customer.

Acctrak™ does not determine the nature or scope of this information; all data input is managed by the customer in line with their internal policies and applicable laws.

3. Data Isolation and Access Controls

Each customer’s data is securely segregated and accessible only to authorized users within that organization. No other customer or third party can view, retrieve, or access your organization’s data.

Acctrak™ employees do not access customer data unless explicitly authorized for support or technical troubleshooting, and only under strict confidentiality and access control protocols.

4. Use of Data

Acctrak™ does not use customer data for analytics, AI training, marketing, or product development unless anonymized and explicitly authorized. Your data is never sold or shared outside of the scope of providing and maintaining our services.

5. Subprocessors

We partner with trusted subprocessors (e.g., cloud hosting providers, communication tools) to support service delivery. All subprocessors are contractually bound to uphold confidentiality and apply security safeguards equivalent to those outlined in this policy.

6. Cross-Border Data Transfers

If data is transferred between countries (e.g., Canada and the U.S.), Acctrak™ ensures compliance with all applicable data transfer and privacy regulations, including PIPEDA and equivalent standards.

7. Data Retention

Customer data is retained for the duration of the service agreement or as required by law. Upon termination or request, we will securely delete or return your data in accordance with contractual terms.

8. User Rights

End users whose data is stored in Acctrak™ may have rights under applicable laws, including:

  • Accessing their data
  • Requesting corrections
  • Requesting deletion or restriction of processing

These requests should be directed to the data controller (i.e., the business using Acctrak™). We support our customers in fulfilling such requests when required.

9. Cookies and Tracking Technologies

Within the Acctrak™ software platform (used by licensed customers and their authorized users), we only use essential cookies and session-based technologies necessary to:

  • Authenticate users and maintain secure sessions
  • Improve functionality and platform performance

We do not use advertising cookies or behavioral tracking within the software itself.

On the Acctrak™ microsite and promotional webpages, we may use cookies and analytics tools (such as Google Analytics, Meta Pixel, or LinkedIn Insights) to measure traffic, performance, and engagement for marketing purposes. Any such tools comply with applicable consent laws and can be managed through browser settings or cookie consent banners, where required.

10. Security Measures

Acctrak™ applies enterprise-grade security protocols to protect personal information, including:

  • Encryption of data in transit and at rest
  • Role-based access controls
  • Multi-factor authentication (MFA)
  • Regular vulnerability assessments and penetration testing
  • Continuous monitoring and incident detection

11. Incident Response

In the event of a security incident or data breach, we will act immediately to contain the risk, notify affected customers, and comply with all legal and contractual obligations.

12. Compliance Standards

Acctrak™ is operated in compliance with the following data privacy and security frameworks:

  • SOC 2 Type II: Acctrak™ adheres to the AICPA Trust Services Criteria for Security, Availability, and Confidentiality. Our controls are reviewed through independent audits.
  • PIPEDA: Acctrak™ complies with Canada’s Personal Information Protection and Electronic Documents Act, including principles of accountability, consent, safeguarding, and transparency.

13. Policy Updates

We may update this Privacy Policy periodically. If material changes are made, we will notify account administrators by email or via in-platform messaging.

14. Contact Information

For any questions or concerns about this Privacy Policy or your data, please contact: privacy@acctrak.com

15. Governing Law

This Privacy Policy is governed by the applicable privacy and data protection laws of Canada and the United States.