TrackHalal - Privacy Policy

TrackHalal is operated by Qistara Technologies Co., Ltd., a Taiwan-based company serving clients in Taiwan and other global markets. This Privacy Policy explains how we collect, use, store, share, and protect information when providing B2B halal compliance documentation services.

GDPR-Aware Processing

Where applicable, we process personal data under recognized legal bases such as contract performance, legitimate interests, consent, and legal compliance. Clients or individuals located in jurisdictions with privacy laws such as the GDPR may have additional rights described below.

Information We Collect

We collect information needed to provide compliance documentation and operational support, including:

Company information such as legal name, business address, registration details, contact persons, billing details, importer or representative details, and target markets.
Product and SKU information such as product names, labels, packaging images, HS codes, target countries, and batch or pack identifiers when supplied.
Ingredient data, formulas or ingredient lists, allergen information, processing notes, supplier names, and source-risk information relevant to halal documentation.
Supplier certificates, halal certificates, declarations, audit-related documents, expiry dates, issuer information, certificate scopes, and supporting evidence.
Communications, support requests, portal activity, payment status, and basic website or service analytics.

How We Use Data

We use data to deliver and improve TrackHalal services, including to:

Prepare submission-ready documentation, evidence packs, checklists, and importer handoff materials.
Review ingredient data, supplier certificates, company information, label materials, certificate scope, and expiry risk.
Communicate with the client's team, technical reviewers, importers, suppliers, and service providers involved in the engagement.
Manage authentication, client portal access, billing, support, engagement status, and service security.
Improve our templates, workflows, data quality, product reliability, and compliance documentation process.

Data Storage (Firebase/GCP)

TrackHalal uses Firebase and Google Cloud Platform infrastructure for hosting, authentication, database storage, file handling, logging, and related cloud services. Data may be stored or processed in Google-managed environments and regions according to our service configuration and Google Cloud controls.

Clients should avoid uploading unnecessary sensitive personal data. Where supplier certificates or compliance documents contain personal data, the client is responsible for ensuring it has the right to share those materials with TrackHalal for the engagement.

Data Sharing

We do not sell client data. We may share information only where needed for the service, including with:

Cloud infrastructure, authentication, analytics, payment, email, storage, and support service providers.
Technical reviewers, contractors, or advisors who are bound by confidentiality duties and need access for the engagement.
Importers, official representatives, certification bodies, authorities, or other third parties when the client instructs us to prepare or transmit materials for compliance purposes.
Legal, tax, accounting, insurance, or security advisors where needed to operate the business, enforce agreements, or comply with law.

Security

We use reasonable administrative, technical, and organizational safeguards designed to protect client information from unauthorized access, loss, misuse, or alteration. These safeguards may include access controls, cloud security controls, authentication, role-limited access, operational review, and secure service-provider infrastructure.

No system can be guaranteed completely secure. Clients should keep portal credentials confidential and notify TrackHalal promptly if they believe account access or shared documents may be compromised.

Client Rights

Subject to applicable law and contractual limits, clients and affected individuals may request access, correction, deletion, restriction, portability, or objection regarding personal data handled by TrackHalal. We may need to verify identity and may retain information where required for legal, accounting, dispute, compliance, security, or legitimate business purposes.

If the client provides personal data about employees, suppliers, importers, or other third parties, the client is responsible for providing any required notices and obtaining any required permissions.

Data Retention

We retain engagement records, supplier certificates, ingredient data, company information, communications, and deliverables for as long as needed to provide the service, maintain compliance history, resolve disputes, support renewals, meet legal or accounting obligations, and protect TrackHalal's legitimate business interests. Retention periods may vary by client agreement and document type.

Changes to Policy

We may update this Privacy Policy as our services, infrastructure, legal obligations, or operating practices change. The "Last updated" date above indicates the latest version. Continued use of TrackHalal services after an update means the revised policy applies from the effective date of that update.

Contact

For privacy questions, data-rights requests, or security concerns, contact Qistara Technologies Co., Ltd. at hello@trackhalal.app.