This website uses cookies

This website uses cookies to analyse traffic and remember website choices and settings. You can review your cookie preferences at any time by visiting our cookie policy Learn more

Necessary
Statistics
Accept all cookies
Accept necessary cookies only
Request a callback

Security Procedures

Last updated: 22/05/2026

This document summarises the technical and organisational measures maintained by Caterlytix to protect Trac and data processed through the platform.

1. Overview

Caterlytix shall implement and maintain appropriate technical and organisational measures to protect Personal Data and ensure the confidentiality, integrity, availability, and resilience of Trac.

Such measures shall be appropriate to the risks presented by the processing, taking into account:

  • the nature, scope, context, and purposes of processing;
  • the likelihood and severity of risks to individuals;
  • the state of the art and cost of implementation.

2. Access control

Caterlytix shall implement controls designed to ensure that:

  • access to systems is restricted to authorised personnel only;
  • role-based access controls are applied;
  • access rights are granted on a least-privilege basis;
  • authentication mechanisms are enforced for users and administrators;
  • access rights are reviewed and removed when no longer required.

Caterlytix shall ensure that API credentials, tokens, keys, and other access mechanisms are securely generated, stored, and managed.

3. Data protection

Caterlytix shall apply measures designed to:

  • protect data in transit using industry-standard protocols;
  • apply appropriate safeguards to protect data at rest;
  • control and log access to data;
  • prevent unauthorised or unlawful processing;
  • reduce the risk of accidental loss, destruction, or damage.

4. API and integration security

Trac uses API-based integrations.

Caterlytix shall:

  • enforce authenticated access to APIs;
  • apply access controls based on defined permissions and data scopes;
  • implement rate limiting and usage controls where appropriate;
  • monitor API usage for abnormal or unauthorised activity;
  • restrict access where usage presents a risk to platform security, performance, or compliance.

Users and Integration Partners acknowledge that API usage is subject to technical limits and any applicable Fair Usage Policy.

5. Infrastructure security

Trac is hosted within managed cloud infrastructure.

Caterlytix shall take reasonable steps to:

  • implement appropriate network security controls;
  • restrict access to infrastructure environments;
  • apply security updates and patches in a timely manner;
  • protect against unauthorised network access;
  • manage external threats and vulnerabilities.

6. Monitoring and logging

Caterlytix shall:

  • monitor system activity and access to Trac;
  • maintain logs of access to systems and data where appropriate;
  • use monitoring to detect potential security incidents;
  • retain logs for a reasonable period to support investigation and compliance.

7. Incident management

Caterlytix shall maintain procedures for:

  • identifying security incidents;
  • assessing severity and impact;
  • responding to and mitigating incidents;
  • restoring normal operations;
  • notifying affected customers or partners where required.

Personal Data breaches will be handled in accordance with the Data Processing Addendum and applicable Data Protection Laws.

8. Personnel security

Caterlytix shall ensure that personnel with access to Trac or relevant data:

  • are subject to confidentiality obligations;
  • have access restricted according to job role;
  • receive appropriate security awareness guidance;
  • are required to follow applicable internal security procedures.

9. Third-party providers and subprocessors

Caterlytix may engage third-party providers to support Trac.

Caterlytix shall:

  • select providers using reasonable care;
  • ensure appropriate contractual safeguards are in place;
  • require subprocessors to protect Personal Data;
  • remain responsible for subprocessors as required by applicable agreements.

10. Data segregation

Caterlytix shall implement logical controls designed to support:

  • separation of customer data within Trac;
  • appropriate segregation between tenants;
  • controlled access based on permissions and roles.

11. Business continuity and backups

Caterlytix shall maintain reasonable backup and business continuity procedures for platform resilience.

Backups are maintained for Caterlytix’s business continuity purposes and do not create a customer-specific backup or restore obligation unless expressly agreed in writing.

12. Continuous improvement

Caterlytix may update and enhance its security measures from time to time, provided that such changes do not materially reduce the overall level of security provided.