Privacy Policy
Last Updated: June 28, 2026
Tramansys ("the Platform", "we", "us", or "the Operator") is committed to protecting the privacy and security of your data. This Privacy Policy explains how personal information is collected, used, disclosed, and safeguarded when you interact with our platform.
1. Important Legal Distinction: Data Controller vs. Data Processor
Under data protection laws (including UK GDPR and the Data Protection Act 2018), there are two distinct roles regarding your data:
- The Client (Employer) is the Data Controller: When an enterprise client or organisation creates a workspace and uploads employee details (Names, Emails, Roles, Training Logs), they determine the purpose and legal basis for processing that data.
- Tramansys is the Data Processor: We strictly store and process this workforce information on behalf of, and under the explicit direction of, the Client. We do not use employee data for marketing, profiling, or any purposes outside of maintaining the Client's training management records.
2. Information We Process
To provide a functional training matrix and tracking system, the Platform handles the following data points:
- Account Credentials: Email addresses and securely hashed passwords for registered Workspace Administrators and Users.
- Workforce Compliance Data: Employee names, corporate and personal backup email addresses, job roles, internal departments, certification names, completion dates, and expiration intervals uploaded by account managers.
- Billing Details: Payment data, billing addresses, and subscription tiers. All financial transactions are tokenised securely via Stripe; Tramansys never stores raw credit card details.
3. How We Use the Information
We process data strictly to fulfill our service delivery obligations, including:
- Generating and displaying your real-time horizontal Training Matrix Grid.
- Executing automated transactional email alerts (such as verification loops and expiration warnings) under the workspace parameters set by your administrator.
- Authenticating valid user sessions and securing workspace data boundaries.
- Collecting anonymous, server-side performance diagnostics and error telemetry (such as database query latencies and application exceptions) to proactively debug errors and optimise load times.
4. Cookies and Local Storage
Tramansys uses essential, first-party session cookies strictly for authentication and security purposes (e.g., maintaining Supabase session cookies, managing session timeouts). We do not run any advertising, tracking, or marketing cookies.
5. Third-Party Infrastructure Sub-Processors
We do not sell, rent, or trade personal data to third parties. To deliver a secure, high-availability cloud application, we partner with trusted infrastructure sub-processors who meet strict data security standards:
- Supabase, Inc. (Hosts our encrypted cloud database systems and manages user authentication session flows)
- Resend, Inc. (Manages the delivery infrastructure for our transactional and automated email notifications)
- Stripe, Inc. (Handles all subscription checkouts, invoicing, and payment parsing)
6. Data Transfers and International Adequacy
To run our cloud infrastructure, your information may be processed by our sub-processors outside the United Kingdom (UK) or European Economic Area (EEA). All such transfers are governed by recognised transfer mechanisms, including the UK International Data Transfer Addendum or Standard Contractual Clauses (SCCs), to guarantee equivalent safeguards.
EEA Data Transfer (Adequacy Decision):For users and organisations within the European Economic Area (EEA), any personal data uploaded to the Platform is transferred to and stored on our secure cloud servers located within the United Kingdom. This cross-border data flow is legally permitted under the European Commission's official UK Adequacy Decision, confirming that the United Kingdom maintains a level of data protection equivalent to that of the European Union, requiring no additional transfer mechanisms or complex agreements.
7. United States Specific Disclosures and Rights
US Processor Disclosure: For our US corporate clients, Tramansys acts strictly as a Data Processor. We collect, process, and retain employee training history, certificates, and compliance records solely under the instruction and authorisation of our corporate clients (the Data Controllers). We do not sell, rent, trade, or share employee training data or profile logs for commercial profit, monetisation, or third-party marketing purposes.
US Rights Statement:US users seeking to access, correct, restrict, or delete their operational profiles and training records should direct their requests to their respective employer's workspace administrator (the Data Controller). Because we operate strictly as a data processor, we will assist the workspace administrator in fulfilling these requests in accordance with applicable state privacy laws.
8. Data Retention and Deletion
We retain personal information only for as long as a workspace remains active.
- If a workspace administrator deletes an individual employee record, that data is instantly removed from our active database tables.
- Upon formal workspace closure or account termination, all associated user profiles, training records, and structural matrix assets will be permanently purged from our live production servers within thirty (30) days.
9. Your Data Protection Rights (GDPR)
Under UK GDPR and EU GDPR, you have rights including access to your data, correction, deletion, and restriction of processing.
- Since Tramansys acts as the Data Processor for workforce compliance data, any requests regarding these rights should be directed to the employer (the Data Controller) who maintains your workspace.
- For account data where we act as a controller (such as administrator registration info), you can request updates by contacting us directly.
10. Security Measures
We implement standard technical safeguards to protect your data, including end-to-end SSL/TLS encryption for all data in transit and robust row-level security (RLS) protocols at the database layer to ensure workspaces can never access or view another tenant's information.
11. Contact Us
If you have any questions about this Privacy Policy or data handling practices, please reach out via our system support channels or email us directly at [email protected].