This document explains our policies and practices regarding your information and how we will treat it. Please read it carefully. By using the Service you accept and agree with the terms of the Training Tracker LLC Privacy and Security Policy (the "Policy").
Training Tracker Overview
Training Tracker is a cloud application used by organizations of all sizes to deploy and operate applications throughout the world. Our platform allows organizations to focus on management and business strategy while Training Tracker focuses on training compliance and record management. Training Tracker applies security best practices and manages platform security so customers can focus on their business.
Security Assessments and Compliance
PCI
We use PCI compliant payment processor Stripe for encrypting and processing credit card payments.
Physical Security
Training Tracker uses cloud providers such as Heroku and Amazon.
Heroku utilizes ISO 27001 and FISMA certified data centers managed by Amazon. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state-of-the-art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.
For additional information see: https://aws.amazon.com/security
Data Security
Our application on the Heroku platform runs within its isolated environment and cannot interact with other applications or areas of the system. This restrictive operating environment is designed to prevent security and stability issues. These self-contained environments isolate processes, memory, and the file system using LXC while host-based firewalls restrict applications from establishing local network connections.
For additional technical information see: https://devcenter.heroku.com/articles/dyno-isolation
Customer Security Best Practices
Encrypt Data in Transit
Enable HTTPS for applications and SSL database connections to protect sensitive data transmitted to and from applications.
Authentication
To prevent unauthorized account access, use a strong passphrase for your Training Tracker user account and store passwords securely to prevent disclosure.
Privacy
Privacy of the Training Tracker website is of great importance to us. Because we store important information used by our customers, we have established this Policy as a means to communicate our information gathering and dissemination practices. We reserve the right to change this Policy at any time. Customers may view the latest privacy policy at any time either by viewing it on our website or requesting that it be emailed.
Collected Information
In order to provide and allow you to use the Service offered on our Site (collectively, the "Service"), we collect several types of information from you that identify, reference, or could reasonably linked, directly or indirectly, with you or your device ("Personal Information"). In particular, we have collected the following categories of information from our customers in the last 12 months:
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. | YES |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | A name, signature, Social Security Number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information in this category may overlap with other categories. | YES |
| C. Protected classification under California or federal law | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | NO |
| D. Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES |
| E. Biometric information | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait or other physical patterns, and sleep, health, or exercise data. | NO |
| F. Internet or other similar network activity | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | NO |
| G. Geolocation data | Physical location or movements. | NO |
| H. Sensory data | Audio, electronic, visual, thermal, olfactory, or other similar information. | NO |
| I. Professional or employment-related information | Current or past job history or performance evaluations. | NO |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 24 C.F.R. Part 99)) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
| K. Inferences drawn from other personal information | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | NO |
The term "Personal Information" does not include:
- Publicly available information from government records;
- Deidentified or aggregate consumer information; or
- Information excluded from the California Consumer Privacy Act's ("CCPA") scope, like (i) health or medical information covered by HIPPA and CMIA; and (ii) personal information covered by certain sector-specific laws, including the FRCP, GLBA, FIPA, and the Driver's Privacy Protection Act of 1994.
The Personal Information we collect on or through the Service may include:
- Name, company name, address, phone number, and e-mail address;
- Billing information, such as billing name and address, credit card number; and
- The number of users within the organization that will be using the Service.
We collect Personal Information when you express interest in attaining additional information, or when you register for the Service. Customers can opt out of providing this additional information by not entering it when asked.
How We Use Your Information
We may use or disclose the Personal Information that we collect for one or more of the following business purposes:
- To set up the Service
- To contact customers to further discuss customer interest in our company and the Service we provide
- To send information regarding our company or partners, such as promotions and events
- To fulfill or meet the reason you provided the information
- To provide support, personalize, and develop the service
- To create, maintain, customize your account with us
- To process your requests, purchases, transactions, and payments and to prevent transactional fraud
- To provide you with support and to respond to your inquiries, including to investigate and address concerns and monitor an improve our responses
- For testing, research, analysis and product development
- To respond to law enforcement requests and as required by applicable law, court order, or other governmental regulations
- As described to you when collecting your personal information or as otherwise set forth in the CCPA
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets in which personal information held by us is among the assets transferred
- To enforce or apply agreements, including for billing and collection purposes
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our employees, clients, customers or others
- To our subsidiaries and affiliates
- To our contractors, service providers, and other third parties we use to support our business
- For any other purpose with your consent
We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purpose without providing you notice. We may disclose aggregated information about users, and other information that does not identify any individual, without restriction.
All financial and billing information that we collect through the Site is used solely to check the qualifications of prospective customers and to bill for the Service. This billing information is not used by Training Tracker LLC for marketing or promotional purposes.
Cookies
When you interact with the Service we strive to make that experience easy and meaningful. When you come to our Web site, our Web server may send a cookie to your computer. Cookies are files that Web browsers place on a computer's hard drive and are used to tell us whether customers and visitors have visited the Site previously.
Standing alone, cookies do not identify you personally. They merely recognize your browser. Unless you choose to identify yourself to the Service, either by responding to a promotional offer, opening an account or registering for a demo, you remain anonymous to Training Tracker LLC. Cookies come in two flavors: session and persistent-based. Session cookies exist only during an online session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you've closed your browser or turned off your computer. They include such information as a unique identifier for your browser.
Training Tracker LLC uses session cookies containing encrypted information to allow the system to uniquely identify you while you are logged in. This information allows Training Tracker LLC to process your online transactions and requests. Session cookies help us make sure you are who you say you are after you've logged in and are required in order to use the Service application. We are especially careful about the security and confidentiality of the information stored in persistent cookies. For example, we do not store account numbers or passwords in persistent cookies. Users who disable their Web browsers' ability to accept cookies will be able to browse our Marketing Website but will not be able to successfully use our Service.
Third Party Cookies: We may from time to time engage third parties to track and analyze non-personally identifiable usage and volume statistical information from visitors to our Service to help us administer our Service and improve its quality. Such third parties may use cookies to help track visitor behavior. Such cookies will not be used to associate individual visitors to any personally identifiable information. All data collected by such third parties on behalf of Training Tracker LLC is used only to provide us with information on Service usage and is not shared with any other third parties.
Third Party Services and Sharing Personal Information
Training Tracker may disclose your personal information to a third party for a business purpose (or sell your personal information, subject to your right to opt-out of those sales (see Opt-Out Rights). When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. The CCPA prohibits third parties who purchase the personal information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales. We share your personal information with the following categories of third parties:
- Sendgrid
- Heroku
- Google Analytics
- Benchmark One (separate agreement to Benchmark One terms)
- Gmail
- Calendly
- Papertrail (Heroku add-on)
- Amazon Web Services
- Stripe
- Rollbar
- Product Fruit
The third-party services and your provision of information to and storage of your data with such services are subject to those third-parties' applicable terms and policies.
Disclosures of Personal Information for a Business Purpose
In the preceding 12 months, we have not disclosed personal information for a business purpose.
Sale of Personal Information
In the preceding 12 months, we have not sold personal information.
Your Rights and Choices
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request we will delete (and direct our service providers to delete) your personal information from our records unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, or take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform the Services.
- Detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.)
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provide it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights, please submit a verifiable consumer request to us by emailing us at Hello@TrainingTrackerSoftware.com.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12 month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person we collected personal information on.
- Describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable request does not require you to create an account with us.
Response Timing and Format
We endeavor to respond to verifiable consumer requests within 45 days of receipt. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response to you by mail or electronically, at your option. Any disclosures we provide will only cover the 12 month period preceding the verifiable consumer request's receipt. If applicable, we will also provide reasons we cannot comply with your request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information. We do not charge a fee to process or respond to a verifiable consumer request unless it is excessive, repetitive, or unfounded. If we determine a fee is warranted, we will provide you with an estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
If you are 16 years of age or older, you have the right to direct us not to sell your personal information (the "right to opt-out"). We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the "right to opt-in") from either the consumer who is between 13 and 16 years or age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time. To exercise the right to opt-out, you may submit a request by sending an email to Hello@TrainingTrackerSoftware.com with the title "Do Not Sell My Personal Information". You may opt back in to personal information sales at any time by sending an email to Hello@TrainingTrackerSoftware.com.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you with a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level of quality of goods or services.
Children Under the Age of 13
The Service is not intended for children under 13 years of age, and no one under age 13 may provide any information to or through the Service. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on or through the Service, including any information about yourself (such as name, address, email or telephone number). If we learn that we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information.
Your California Privacy Rights
California Civil Code Section §1798.83 permits users of the Service who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to Hello@TrainingTrackerSoftware.com with "Request for California Privacy Information" in the subject line and in the body of your message. We will provide the requested information to you in your email address in response.
International Users
If you are accessing the Service from the European Union, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure that differ from United States laws, please be advised that through your continued use, which is governed by the law of the United States and this Policy, you will be transferring your personal information into the United States and you consent to that transfer.
Correcting & Updating Your Information
If customers need to update or change registration information they may do so by editing the user or organization record. To update a User Profile, log on to the Service and update the user account section. To update billing information please e-mail Hello@TrainingTrackerSoftware.com or call 866-571-2108. To discontinue the Service, email or call the number above.
Changes to Training Tracker LLC's Privacy Policy
It is our policy to post any changes made to the Policy on this page. If we make material changes to how we treat users' personal information, we will notify you at the address we have on file for you. You are responsible for ensuring we have an up-to-date active and deliverable email address for you. Do not assume that the Policy has not changed since you last used the Service. The date the Policy was last revised is identified at the bottom of the page.
Contact Us
Questions regarding this Policy or the practices of this Service should be directed to Training Tracker LLC by:
- E-mailing such questions to Hello@TrainingTrackerSoftware.com
- Sending regular mail addressed to Training Tracker LLC, 296 Beech Street, Oxford WI 53952.
- Calling at 866-571-2108.
Last Modified: 2025-05-09
