Trax Tech
Contact Sales
Trax Tech
Contact Sales
Trax Tech

Privacy Policy for Audit Operations Chrome Extension

Effective Date: July 1, 2026

Last Revised: July 1, 2026

The Audit Operations Chrome Extension (the “Extension”) is a product of Trax Group, Inc.  (“we”, “us” or “our”). We are committed to protecting your privacy. This Privacy Policy (this “Policy”) outlines the types of information we collect through the Extension, how that information it is used, how it is protected, and your rights with respect to that information.

This Policy has been prepared to comply with applicable privacy and data protection laws, including the General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), and other applicable U.S. state privacy laws, as well as the Google Chrome Web Store – Program Policies (“Google’s Policies”).

By using the Extension, you agree to the terms of this Policy and consent to our use of your information. If you have any questions or need more information about this Policy, please contact us using the contact information set forth in Section 11.

  1. Scope of this Policy
    This Policy applies solely to information collected through the Extension and its associated back-end services at https://audit-ops.traxtech.com/. This Policy does not govern: (a) information collected through other products or websites we provide that are not accessed through the Extension; (b) offline activities; or (c) third-party websites or services, even if linked to within the Extension.
  2. Google Chrome Web Store Limited Use Disclosure
    In compliance with Google’s Policies, the use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically:
    • Permitted Use:  We use data only to provide or improve the core functionality of the Extension and for user-facing features described in this Policy. 
    • Limited Transfers:  We do not transfer user data to third parties except as strictly necessary to operate the Extension, comply with applicable law, protect against malware, spam, phishing, or other fraud or abuse, or as described in this Policy. 
    • Limitation on Human Access: We do not allow humans to read your data unless, (a) we obtain your explicit consent, (b) the data is aggregated and anonymized and used for internal operations in accordance with applicable law, (c) it is necessary for security purposes, or (d) to comply with applicable law; 
    • No Prohibited Uses:  We do not transfer, use, or sell user data for any other purposes, including (a) for personalized advertising, interest-based advertising, or re-targeted advertising, (b) to any third party, such as advertising platforms, data brokers, or information resellers, or (c) to determine creditworthiness or for lending purposes.
  3. Information We Collect
    We collect your personal information, meaning information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you, such as your email address, name, company name, username, phone number, profile picture, unique identifier, and access token, either (a) when you provide it to us directly, or (b) when you login from a third-party (such as Microsoft), we retrieve from that third-party information you agreed that it could share with us through its application programming interface to identify and authenticate your account within the Extension.

    The Extension uses browser local storage (localStorage) to save session information such as your authentication token and email address. This data is stored locally on your device and is used solely to maintain your authenticated session and provide a consistent experience within the Extension. We do not use traditional browser cookies, tracking pixels, or web beacons.

    To provide its core functionality, the Extension requires the following browser permissions:

    • Identity: Used exclusively to facilitate Single Sign-On (SSO) login via Microsoft to authenticate your account.
    • Storage: Used to save user preferences and session states locally on your device to ensure a consistent experience.
    • Side Panel: Used to display the Extension interface alongside your browser content for seamless auditing tasks.
    • Host Permissions: We only access https://login.microsoftonline.com/* for authentication and https://audit-ops.traxtech.com/ to provide our audit services.
    • We only access the following hosts: https://login.microsoftonline.com/ for Microsoft SSO authentication, https://graph.microsoft.com/* to retrieve basic user profile information (name and email) as part of the authentication process, and https://audit-ops.traxtech.com/ to provide our audit services.
  4. How We Use Your Information

    We use the information we collect from you to:

    • Operate and maintain the Extension;
    • Provide our services to you;
    • Improve, personalize, and expand the Extension;
    • Understand and analyze usage of the Extension;
    • Develop new products, services, and features;
    • Communicate with you through e-mail and otherwise, including customer service, updates, and promotional purposes; and
    • Detect and prevent fraud.

    In an ongoing effort to better understand our users, the Extension, and our products and services, we may analyze certain information in anonymized and aggregate form to operate, maintain, manage, and improve the Extension and/or such products and services. This aggregate information does not identify you personally.

    To the extent permitted by law, we may also disclose your information: (a) when required by law, court order, or other government or law enforcement authority or regulatory agency; or (b) whenever we believe that disclosing such information is necessary or advisable, for example, to protect the rights, property, or safety of us or others, including you.

    We do not sell or share your personal information. To the extent we collect sensitive personal information, we only use it for the limited purposes set forth above.

  5. Your Privacy Laws
    1. All Users
      You may request to have your information removed from our databases at any time, or you may update your preferences (how and why we contact you) by notifying us at privacy@traxtech.com. We may decline to accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
    2. California Residents – CCPA/CPRA Rights
      Right to Know: The right to know and request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the personal information is collected, our business purpose for collecting or selling/sharing personal information, and the categories of third parties with whom we share personal information, if any.
      1. Right to Deletion: The right to request deletion of personal information we have collected from you, subject to certain exceptions.
      2. Right to Correction: The right to request correction of inaccurate personal information.
      3. Right to Non-Discrimination / Protection from Retaliation: We will not discriminate against you for exercising any of your rights under the CCPA/CPRA. California Residents – CCPA/CPRA Rights
        If you are a California resident, you have the following rights under the CCPA/CPRA:
        To exercise any privacy right, please submit a verifiable consumer request to privacy@traxtech.com or call us at 1-800-755-0110.
      4. Please note that you may only make a CCPA/CPRA-related data access or data portability disclosure request twice within a 12-month period.
      5. If you contact us to exercise your rights, you will need to provide us with:
        • Enough information to identify you (e.g., your full name, address and customer or matter reference number),
        • Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill), and
        • A description of what right you want to exercise and the information to which your request relates.
      6. We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information or is someone authorized to act on such person’s behalf.
      7. Any personal information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.
    3. European Economic Area (“EEA”), United Kingdom, and Switzerland Residents – GDPR Rights
      If you are located in the EEA, the United Kingdom (“UK”), or Switzerland, the GDPR or equivalent legislation may apply to our processing of your personal information. In such cases, you have the right to:
      • Access your personal information;
      • Rectify inaccurate or incomplete personal information;
      • Erase your personal information (right to be forgotten) under certain circumstances;
      • Restrict processing of your personal information in certain circumstances;
      • Data portability – receive a copy of your data in a structured, machine-readable format;
      • Object to processing based on legitimate interests or for direct marketing;
      • Withdraw consent at any time where processing is based on consent; and
      • Lodge a complaint with a supervisory authority in your country of residence.

      Where the GDPR applies, we process your personal information on the basis of: (i) your consent; (ii) performance of a contract with you; (iii) compliance with a legal obligation; or (iv) our legitimate interests (such as improving the Extension, marketing our services, and protecting the Company’s rights), where those interests are not overridden by your rights.

      To the extent we transfer personal information of EEA/UK residents to countries outside the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner’s Office, or other legally recognized transfer mechanisms.

      To exercise your GDPR rights, contact us at: privacy@traxtech.com.

  6. Secure Handling of Data
    We take commercially reasonable steps to protect your information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. All personal or sensitive data, including authentication credentials (SSO), is transmitted exclusively over secure connections using modern cryptography (HTTPS/TLS). However, no security system is impenetrable. We cannot guarantee the security of our databases or the databases of the third parties, nor can we guarantee that the information you supply will not be intercepted while being transmitted over the internet.  
  7. Third-Party Privacy Policies
    This Policy does not cover how any third party collects or uses your information. The Chrome Web Store may collect certain information in connection with your use of the Extension, such as personal information, payment information, geolocational information, and other usage-based data. We have no control over the privacy practices of a third party, and any such collection or use of your information by a third party will be subject to that third party's applicable privacy policies. We recommend reviewing the privacy policies of any applicable third-party for detailed information about their practices and instructions on how to opt-out of certain use or sharing of your information, if possible.
  8. Data Retention and Account Deletion
    We retain your personal information only as long as your account is active or as needed to provide the Extension. Thereafter, we will keep your personal information for as long as is necessary: to respond to any questions, complaints or claims made by you or on your behalf; to show that we treated you fairly; or to keep records required by applicable law. We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information. 
  9. Children
    Protecting children’s privacy online is important to us. We encourage parents and guardians to monitor their children’s online activity. We have no actual knowledge of selling or sharing the personal information of consumers under 16 years of age. In addition, the Extension is not intended for children under 13 years of age and we do not knowingly collect personal information from children under 13. No one under age 13 may provide any information to or through the Extension. If you are under age 13, do not use or provide any information to the Extension or provide any information about yourself to us.

    If we learn that we have inadvertently collected personal information from a child under 13 without parental consent, we will promptly delete that information. If you believe we may have collected information from or about a child under 13, please contact us immediately at: privacy@traxtech.com.

  10. Changes to This Policy
    This Policy is effective as of the date stated at the top of this Policy. We may update this Policy periodically. We advise you to review this page for any changes. Updates are effective immediately upon posting. By accessing the Extension after we make any changes to this Policy, you are deemed to have accepted such changes.

  11. Contact Us
    If you have any questions about this Policy or our privacy policies, please contact us.