Privacy Policy

Effective Date: 5/10/2025

Track Changes LLC (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and protect personal data when you use the Track Changes Heatmap Microsoft Word Add-in, available through Microsoft AppSource, and our website (trackchangesheatmap.com).

1. Data We Collect

We collect limited personal data necessary to manage access to premium features of the add-in:

  • Email address – used to identify your account, manage seats, and provide support.
  • Microsoft tenant ID – used to verify your subscription and link seats to your organization.
  • License status – includes plan tier (e.g., Free, Premium, Business), subscription type, and assigned status.

We do not collect document contents. Your data is never used for advertising, profiling, or reselling purposes.

2. Local Processing Only

The add-in runs entirely within Microsoft Word on your device. All heatmap generation, change detection, and data export occur locally. Your documents never leave your machine.

3. Data Storage and Security

We collect only essential user information: email address, Microsoft tenant ID, and license status.

Data is securely stored on:

  • Cloudflare’s infrastructure - data in transit is encrypted using TLS 1.3. Infrastructure follows zero-trust principles and employs encryption at rest.
  • Cockroach Labs (CockroachDB) - all data is encrypted in transit with TLS 1.2+ and at rest with AES-256.

Additional safeguards include:

  • Strict role-based access control and authentication
  • Regular infrastructure and code audits
  • End-to-end HTTPS with HSTS

We retain your email and license data only as long as required to provide service and meet legal or billing requirements.

4. Data Security

We follow best practices to ensure that our add-in and website remain secure and isolated. Your documents are never transmitted or at risk. Our architecture is designed to minimize exposure and maintain privacy by design.

5. No Third-Party Sharing

We do not sell, rent, or share your personal information with any third parties.

6. GDPR Compliance

We process only minimal personal data, in line with the principles of the General Data Protection Regulation (GDPR). Our processing is governed by:

  • Purpose limitation - Data is used solely for licensing and support.
  • Data minimization - Only essential information is collected.
  • Integrity and confidentiality - All data is encrypted and access-controlled.

Your Rights Under GDPR

If you are located in the European Union or the United Kingdom, you have the following rights regarding your personal data:

  • Right of Access - Request a copy of your personal data.
  • Right to Rectification - Request corrections to inaccurate or incomplete information.
  • Right to Erasure - Request deletion of your data in certain cases.
  • Right to Restrict Processing - Request limitations on how your data is used.
  • Right to Data Portability - Obtain your data in a machine-readable format.
  • Right to Object - Object to data use in certain situations, such as direct marketing (which we do not perform).
  • Right to Lodge a Complaint - Contact your local data protection authority if you believe your rights have been violated.

The legal basis for processing your personal data is your consent and our legitimate interest in providing, supporting, and improving the add-in. Where required by law (such as under GDPR), we obtain your explicit consent by presenting a clear privacy notice before you initiate Microsoft sign-in within the add-in or on our website. This ensures you understand what data is collected and why, prior to granting access.

Track Changes LLC is the data controller responsible for your personal data under this policy.

You may request access to, correction of, or deletion of your data at any time by contacting us at [email protected].

7. Cookies and Local Storage

We use cookies and browser local storage to enhance your experience on our website and within the add-in.

Cookies may be used for authentication, session management, and essential website functionality.

We also use a Google tag on our website for the limited purpose of measuring ad performance and conversion events (such as page views).

No document data, personal user content, or tracked change information is shared with Google or third parties.

  • We do not use behavioral advertising or retargeting.
  • No fingerprinting or ad personalization is performed.
  • Google's conversion tracking is used strictly to measure effectiveness of campaigns (e.g. visits to our demo page).

You may opt out of Google’s tracking cookies by visiting adssettings.google.com.

8. Data Retention and Disposal

User account and license metadata are retained only as long as necessary to provide service functionality.

Data is automatically deleted upon subscription cancellation or after a prolonged period of inactivity.

We support user-initiated deletion requests in compliance with GDPR and similar privacy regulations.

All deletions are permanent and applied at the database level. Encrypted backups are automatically purged after 30 days.

9. Disaster Recovery and Backup Strategy

We maintain a documented disaster recovery plan to ensure service continuity and rapid recovery in the event of failure or data loss.

Our database infrastructure is distributed across multiple geographic regions to ensure high availability, fault tolerance, and resilience against localized outages.

Backups are automatically created and encrypted by CockroachDB and are retained for 30 days. Point-in-time recovery is supported to minimize downtime and data loss.

Application infrastructure is managed using infrastructure-as-code and can be redeployed in a recovery scenario within hours. Recovery processes are reviewed and tested periodically.

10. Children's Privacy

Our service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it in accordance with applicable laws.

11. Policy Updates

We may revise this Privacy Policy to reflect product or legal updates. Changes will be posted here with an updated “Effective Date.” Continued use of the product constitutes acceptance of the revised terms.

12. Contact Us

If you have any questions about this Privacy Policy or how your data is handled in the Track Changes Heatmap Microsoft Word Add-in, please contact us at:

[email protected]