TechTrax
HomeAbout Us

TechTrax Privacy Policy

Last updated: 12 May 2026

Effective date: 12 May 2026

This Privacy Policy describes how COA Holding Company ("TechTrax", "we", "us") collects, uses, stores, and shares information when you or your organization uses the TechTrax platform (the "Service") at https://app.tech-trax.com, https://dev.tech-trax.com, and related subdomains.

TechTrax is a multi-tenant SaaS platform for healthcare clinics. It includes two product modules: a Clinic Management System (CMS) for appointments, patient records, and clinical workflows, and a Customer Relationship Management (CRM) module with multi-channel messaging across WhatsApp, Facebook Messenger, and Instagram Direct Messages.

By using the Service, you agree to this Privacy Policy.

1. Who we are

  • Data controller: COA Holding Company
  • Service: TechTrax (operated by COA Holding Company)
  • Contact: info@tech-trax.com

For data protection inquiries, EU/UK/GDPR or California (CCPA) rights requests, write to info@tech-trax.com with the subject "Privacy Request".

2. Information we collect

2.1 From clinic administrators and staff

When a clinic administrator or staff member creates a TechTrax account or accepts a workspace invitation, we collect:

  • Full name, email address, phone number (optional), role
  • Hashed password (bcrypt, 12 rounds)
  • Profile picture, if uploaded
  • Workspace identifier and assigned permissions
  • Authentication session metadata (IP address, user agent, last login time)

2.2 From Meta platform connections (Facebook, Instagram, WhatsApp)

When a clinic administrator connects a Facebook Page, Instagram Business Account, or WhatsApp Business Account to their TechTrax workspace via Facebook Login, we receive and store:

  • public_profile: the connecting administrator’s name and profile picture, displayed only in our channel-settings UI to confirm successful connection
  • pages_show_list: the list of Facebook Pages the administrator manages, used solely so they can pick which page(s) to connect
  • Page access tokens for the selected Page(s), encrypted at rest with AES-256-GCM, used to send and receive messages on the clinic’s behalf
  • Page metadata: page name, page ID, Instagram Business Account ID where applicable
  • WhatsApp Business Account metadata: phone number ID, display phone number, WhatsApp Business Account ID

2.3 From end customers messaging the clinic

When an end customer sends a message to a clinic’s connected Facebook Page, Instagram Business Account, or WhatsApp Business number, Meta forwards the message to TechTrax via webhook. We receive and store:

  • The customer’s Meta-issued identifier for that page (page-scoped user ID / PSID, Instagram-scoped user ID / IGSID, or WhatsApp phone number)
  • The customer’s display name as provided by Meta (anonymized as "Facebook User #XXXXX" while our app is in development mode)
  • Message content (text, media URLs, reactions, delivery receipts, timestamps)
  • Profile picture, where Meta provides one

We do NOT receive or store customer Facebook account passwords, payment information, or any data outside the message thread the customer voluntarily sent to the clinic.

2.4 Patient records (CMS module only)

For clinics using the Clinic Management System module, the clinic itself inputs patient records into TechTrax. We act as a data processor for that information — the clinic is the data controller. Patient records may include name, date of birth, contact details, medical history, prescriptions, visit notes, and appointment records.

2.5 Technical data

  • Server logs (IP address, request path, timestamp, response code)
  • Browser session cookies and localStorage entries for authentication
  • Real-time websocket connection metadata
  • Push notification tokens (Firebase Cloud Messaging) for in-browser alerts

3. How we use information

We use the information we collect to:

  • Authenticate users and authorize access to clinic workspaces
  • Display the connecting administrator’s identity in our channel-settings UI (public_profile)
  • Send and receive customer messages on behalf of the clinic across WhatsApp, Facebook Messenger, and Instagram
  • Sync the status of WhatsApp message templates the clinic has registered with Meta (whatsapp_business_management)
  • Programmatically subscribe the clinic’s Facebook Page to webhook events so we can deliver inbound messages in real time (pages_manage_metadata)
  • Match inbound messages to existing customer records and group them into conversation threads
  • Surface conversation analytics to authorized clinic staff
  • Operate the appointments, patient records, queue management, and other CMS workflows when the clinic is using the CMS module
  • Send transactional notifications (email, in-app, push) related to appointments, message delivery, and account events
  • Detect and prevent abuse, debug issues, and improve the Service
  • Comply with legal obligations

We do NOT use any of this information for advertising, profiling, or to train machine-learning models. We do not sell information to third parties.

4. How we share information

We share information only as follows:

  • With Meta Platforms, Inc. when we send outbound messages or fetch template status through Meta’s WhatsApp Cloud API, Messenger Send API, or Instagram Messaging API. Meta receives only the data necessary to deliver the message (recipient identifier, message body, media).
  • With Google Cloud Platform, our infrastructure provider, for hosting, data storage, and media file storage in Google Cloud Storage.
  • With MongoDB Atlas, our database provider, for primary data storage (encrypted in transit and at rest).
  • With Firebase Cloud Messaging (Google) to deliver in-browser push notifications.
  • With service providers that help operate the Service (email delivery, error monitoring) under contract that restricts their use of the data to operating the Service.
  • With your clinic’s other authorized users within your workspace, according to the role-based permissions the workspace administrator has granted.
  • For legal compliance, when required by applicable law, court order, or to protect our rights or the safety of others.

We do not share information with advertisers or data brokers.

5. Data retention

  • Active workspaces: we retain workspace data for as long as the clinic’s subscription is active.
  • Cancelled or deleted workspaces: primary data is purged within 90 days of cancellation. Backups are rotated out within 180 days.
  • End-customer messages: retained for the lifetime of the workspace’s CRM module activation, after which they follow the workspace’s deletion schedule above.
  • Server logs: rotated and deleted after 90 days unless preserved for active security or legal investigation.

6. Your rights and how to exercise them

Depending on your jurisdiction (GDPR, CCPA, UK DPA, others), you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Request deletion of your information
  • Restrict or object to specific uses of your information
  • Port your information to another service
  • Withdraw consent at any time

To exercise any right, email info@tech-trax.com with the subject "Privacy Request". We will respond within 30 days.

Meta data deletion

If you are an end customer who messaged a clinic via Facebook, Instagram, or WhatsApp and want your message history removed from TechTrax, you can:

  • Email info@tech-trax.com requesting deletion, OR
  • Use Facebook’s data deletion request flow. Meta forwards data deletion requests to our callback at https://api.tech-trax.com/api/crm/webhooks/meta/data-deletion (development: https://api.dev.tech-trax.com/api/crm/webhooks/meta/data-deletion). We process Meta-originated deletion requests within 30 days and confirm completion to Meta.

7. Security

We protect information through:

  • TLS 1.2+ for all data in transit
  • AES-256-GCM encryption for sensitive credentials (Meta access tokens, third-party API secrets) at rest
  • bcrypt (12 rounds) password hashing
  • Strict multi-tenant data isolation enforced at the database query layer
  • Role-based access controls within each workspace
  • Time-limited signed URLs for media file access (Google Cloud Storage)
  • Regular dependency updates and vulnerability scanning

No system is perfectly secure. If you believe your account has been compromised, contact info@tech-trax.com immediately.

8. International transfers

TechTrax is operated from Egypt with infrastructure hosted in Google Cloud Platform regions. By using the Service, you consent to the transfer and processing of information in jurisdictions that may differ from your own. Where required by law, we rely on Standard Contractual Clauses and other approved transfer mechanisms.

9. Children's privacy

TechTrax is intended for use by businesses and adult professional users. The Service is not directed to children under 13 (or under 16 in the EU). If we learn that we have collected personal information from a child without verifiable parental consent, we will delete it.

Patient records uploaded to the CMS module by a clinic may include data about minors. In those cases the clinic is the data controller and must have obtained appropriate consent from the parent or legal guardian.

10. Cookies and similar technologies

We use only first-party cookies and localStorage entries strictly necessary for authentication and session management. We do not use third-party advertising or tracking cookies.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect the latest revision. Material changes will be communicated to workspace administrators via email at least 30 days before they take effect.

13. Contact

For all privacy questions, requests, or concerns:

  • Email: info@tech-trax.com
  • Subject line: "Privacy Request"
  • Data controller: COA Holding Company

For Meta-platform-specific data deletion, see Section 6 above.

Let's Clear Things Up

Everything you need to know about our devices, platforms, and smart clinic solutions.

TechTrax offers AI-powered healthcare solutions including hardware services, body intelligence platforms, and nutrient intelligence systems designed for clinics and wellness centers.

Our solutions are designed to integrate seamlessly into daily clinic operations, supporting structured consultations and enhancing operational efficiency without disrupting existing workflows.

TechTrax combines intelligent assessments, integrated devices, and AI-enabled platforms to provide clinicians with meaningful insights into patient health, enabling proactive management and data-informed care.

TechTrax is designed to seamlessly integrate with your existing clinic workflows. Our team works closely with you to ensure smooth implementation and minimal disruption to your daily operations.

Yes, we provide comprehensive training for all clinic staff. This includes onboarding sessions, documentation, and ongoing support to ensure your team can maximize the benefits of TechTrax.

Absolutely. TechTrax solutions are highly customizable to meet the unique needs of your clinic or wellness center. Contact us to discuss your specific requirements.

Make Every Movement Matter

Would Love to Hear From You

We’re here to support your journey toward smarter, data-driven healthcare. Whether you have questions, want a demo, or are exploring partnership opportunities, our team is ready to provide guidance and insights tailored to your needs.

Contact Us
Privacy Policy — TechTrax