ComplyTrack

Privacy Policy

Last updated: April 20, 2026

1. Introduction

This Privacy Policy explains how Johann David Ong, a sole proprietor trading as "ComplyandTrack" ("we", "us"), collects, uses, and protects your information when you use our Service. Johann David Ong is the data controller responsible for your personal data.

2. Information We Collect

  • Account information: name, email address, and password (hashed).
  • Compliance data: license names, numbers, jurisdictions, due dates, CE hours, and notes you enter.
  • Usage data: log data, device information, IP address, and analytics about how you interact with the Service.
  • Cookies: session cookies for authentication and limited analytics.

3. How We Use Information

  • To provide, maintain, and improve the Service;
  • To send renewal reminders and transactional emails you request;
  • To process payments and manage subscriptions;
  • To detect, prevent, and address fraud or abuse;
  • To comply with legal obligations.

4. Legal Bases (GDPR)

Where GDPR applies, we process personal data under the bases of contract performance, legitimate interests (improving and securing the Service), consent (where required), and legal obligation.

5. Sharing of Information

We do not sell your personal data. We share information only with:

  • Service providers (hosting, email delivery, analytics) bound by confidentiality obligations;
  • Paddle.com Market Limited ("Paddle") — our Merchant of Record. Paddle handles all orders, payment processing, billing, tax compliance, invoicing, subscription management, and refunds. Personal data such as name, email, billing address, and payment details is shared with Paddle for these purposes. See Paddle's Privacy Policy and Buyer Terms;
  • Legal authorities when required by law, subpoena, or to protect rights and safety;
  • Successors in the event of a merger, acquisition, or asset sale.

6. Data Retention

We retain your data while your account is active. After account deletion, we delete or anonymize personal data within 30 days, except where retention is required by law (e.g., billing records).

7. Security

We use encryption in transit (TLS), encryption at rest, role-based access controls, and regular security reviews. No system is perfectly secure; you use the Service at your own risk.

8. Your Rights

Depending on your location, you may have the right to access, correct, delete, export, or restrict processing of your personal data, and to object to certain processing. To exercise these rights, email privacy@complyandtrack.life.

9. International Transfers

Your data may be processed in countries other than your own. We rely on appropriate safeguards such as standard contractual clauses where required.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect data from them.

11. Changes

We may update this Policy from time to time. We will notify you of material changes by email or in-app notice.

12. Contact

Questions? Contact Johann David Ong at privacy@complyandtrack.life.