Data Security & Privacy
How Trackpilots protects the monitoring data your organisation collects — from transmission to storage to deletion.
Data Transmission — TLS/SSL Encryption
All data transmitted between the Trackpilots desktop agent, employee devices, and the cloud dashboard is encrypted using TLS 1.2 or higher. This applies to all monitoring data: screenshots, activity logs, attendance records, app usage data, and account credentials. No monitoring data is ever transmitted in plain text. The Trackpilots dashboard is served exclusively over HTTPS — HTTP requests are automatically redirected.
Screenshot Storage — Encrypted, Access-Controlled, Auto-Deleted
Screenshots are encrypted at rest using AES-256 encryption before being written to storage. Access to screenshots is restricted by role: only Admin accounts and designated Managers with explicit team access can view screenshot galleries. Employee accounts can view only their own screenshots. Storage is logically isolated per workspace — no data from one organisation is accessible to another. Screenshots are automatically and permanently deleted at the end of the configured retention period, with no manual action required.
Data Retention Periods
Retention periods are fixed by plan. Starter Pack: screenshots are retained for 3 months from capture date; activity data (app usage, attendance, productivity scores) is retained for 12 months. Basic (free) plan: activity data is retained for 3 months; screenshots for 1 month. All data beyond the retention window is permanently deleted automatically. Admins can configure shorter retention windows but cannot extend beyond plan limits. Data deletion is irreversible — Trackpilots does not maintain backup copies beyond the configured retention period.
GDPR Compliance
Trackpilots is designed to support GDPR-compliant deployment for organisations with employees in EU member states. Key GDPR provisions supported: employees can access their own monitoring data via the self-view dashboard (Article 15 — right of access); inaccurate records can be corrected by admins (Article 16 — right to rectification); data is deleted at end of retention period or on account closure (Article 17 — right to erasure); monitoring is configurable to work hours only, limiting scope to stated purpose (Article 5 — data minimisation). Organisations are responsible for providing the required pre-monitoring disclosure to employees and maintaining a lawful basis for processing under Article 6.
India DPDP Act 2023 Compliance
The Digital Personal Data Protection Act 2023 requires organisations processing personal data of Indian residents to provide clear notice of data collection, purpose, and retention, and to honour data principal rights. Trackpilots supports DPDP Act compliance through: pre-monitoring disclosure templates for employment contracts and acceptable-use policies; employee self-view access satisfying data principal access rights; configurable retention limits and automatic deletion; and role-based access control limiting who can access personal monitoring data. Organisations remain responsible for their own disclosure obligations to employees under the DPDP Act.
Role-Based Access Control
Trackpilots enforces three access tiers. Admin: full access to all team data, screenshots, reports, settings, and user management across the entire workspace. Manager: access limited to the team(s) explicitly assigned to that manager — they cannot view data from other teams. Employee: self-view only — employees can see their own attendance records, productivity summaries, and screenshots, but cannot view any other team member's data. Role assignments are managed by Admins and can be changed at any time. All access events are logged.
Uptime & Reliability
Trackpilots targets 99.9% platform uptime for the monitoring dashboard, agent connectivity, and data ingestion pipeline. The desktop agent operates independently and queues data locally when connectivity is interrupted, synchronising automatically when the connection is restored — ensuring no monitoring gaps due to temporary network outages. Planned maintenance windows are communicated in advance.
Data Requests & Privacy Enquiries
Employees or organisations with questions about their monitoring data, requests to access or delete data, or enquiries about Trackpilots' compliance with GDPR, the DPDP Act 2023, or any other privacy regulation can contact us at:
privacy@trackpilots.com
We aim to respond to all data requests within 72 hours.
Monitor your team securely — free for unlimited users
All plans include TLS encryption, role-based access, and automatic data deletion. No credit card required.