Privacy Policy
Last updated: July 8, 2026
AssetTrackly ("we", "us") provides IT asset management software for nonprofits, schools, and NGOs. This policy explains what information we collect, how we use it, and the choices you have. The short version: your data is yours — we use it only to run the service, we never sell it, and we don't run ads or third-party tracking.
Information we collect
- Account information — your name, email address, organization name and type, and a securely hashed password. We can never see your actual password.
- Workspace data you enter — assets, serial numbers, grants, budgets, expenses, donations, donor contacts, team member names and emails, and related notes. This is your organization's operational data; you control it entirely.
- Billing information — if you subscribe to a paid plan, payment is processed by Stripe. Your card number never touches our servers; we store only your Stripe customer reference, plan, and subscription status.
- Service logs — records of emails we send you (delivery status) and an audit log of actions taken in your workspace (who added or changed what, and when), which exists to give your organization accountability over its own records.
We do not use advertising trackers, analytics cookies, or social media pixels. The only cookie we set is the one that keeps you signed in.
How we use your information
- To provide the service: storing your asset and grant records, generating reports, and syncing your team.
- To send transactional email: welcome messages, team invitations, password resets, trial reminders, payment receipts, and warranty alerts. These are operational, not marketing.
- To process subscription payments through Stripe.
- To keep the service secure: rate limiting, fraud prevention, and diagnosing failures.
We will never sell your data, share it with advertisers, or use your organization's records for any purpose other than serving you.
Where your data lives
Your data is stored on infrastructure provided by Railway (hosting, United States), delivered over encrypted HTTPS connections. Transactional email is sent via SMTP2GO, and payments are handled by Stripe. Each of these processors receives only the minimum data needed for its role.
How we protect it
- All traffic is encrypted in transit with HTTPS/TLS.
- Passwords are hashed with bcrypt and never stored or logged in readable form.
- Every workspace is isolated — your organization's data is never visible to another customer.
- Role-based permissions let you control what each team member can see and do.
- Login endpoints are rate-limited to block password-guessing attacks.
- The database is backed up automatically every night.
Data retention and deletion
Your data is retained for as long as your account is active. If you want your organization's account and all associated data permanently deleted, email us and we will remove it, typically within 30 days. Deleted data also cycles out of our rotating backups within 7 days of deletion.
Your rights
You may request a copy of the data we hold about your organization, ask us to correct it, or ask us to delete it. Admins can also export asset records to CSV at any time from within the app — no request needed.
Children
AssetTrackly is a workplace tool for organizations and is not directed at children. We do not knowingly collect personal information from anyone under 16. Schools using AssetTrackly track devices, and we encourage them not to enter student personal information into asset records.
Changes to this policy
If we make material changes, we'll update the date at the top of this page and notify account admins by email before the changes take effect.
Contact
Questions or requests: privacy@assettrackly.com