Provider
LeaseTrack is a CommTrack solution provided by CommTrack Pty Ltd. Customer contracts, billing and support are handled through CommTrack unless agreed otherwise.
Product boundary
LeaseTrack is an asset finance portfolio management system. It is not a bank, ERP, accounting firm, audit firm, legal adviser or tax adviser.
Customer data
Customers control the portfolio records they enter or import. LeaseTrack processes that data to operate the service and produce operational reports.
Access control
The service uses named user accounts, organisation roles and tenant-scoped database controls. Admin-level functions are separated from normal operational access.
Operational evidence
Release, backup, monitoring, incident response and change-control artefacts are maintained internally and can support customer review where appropriate.
Procurement pack
For institutional review, CommTrack can prepare a customer-specific pack with security, privacy, architecture, subprocessor and acceptance material.
Product scope
Designed for asset finance control.
LeaseTrack provides a structured workspace for agreements, funded assets, facilities, repayment obligations, rate resets, import evidence and operational reporting. It is intended to help finance teams maintain a controlled source of portfolio information outside spreadsheets.
Draft journals, schedules and finance outputs are support tools. Customers should review them against their accounting policies, source documents and approval processes before using them for financial reporting.
Data handling
Structured portfolio data, with customer control.
LeaseTrack may process user details, organisation details, role assignments, lender and entity records, asset and facility details, balances, currencies, interest-rate settings, repayment schedules, audit events and billing metadata. Payment-card information is handled by the payment provider and is not stored directly by LeaseTrack.
Privacy
Personal information is handled in line with the public Privacy Policy and applicable Australian privacy obligations.
Subprocessors
Core providers include hosting, database/authentication and billing providers. A customer-specific list can be provided during procurement.
Retention
The working posture is export-before-delete, with customer-specific retention terms agreed through contract or written instruction.
Document storage
LeaseTrack is currently designed around structured finance data rather than a confidential document-room workflow.
Security posture
Controls that support finance team use.
LeaseTrack uses modern SaaS infrastructure, named user authentication, MFA capability, role-based application permissions, organisation-scoped data access and audit logging for sensitive workflows. Development and production environments are separated so customer-facing production is not affected by ordinary development changes.
Identity and access
Users sign in with individual accounts. Owner and Admin roles control company settings, users, imports and full organisation exports.
Tenant isolation
Customer records are scoped to an organisation and protected by application permissions and database row-level access controls.
Auditability
Application audit logs support access review, export review and investigation of core portfolio changes.
Change control
Production releases follow a branch, test and deployment process with retained release evidence.
Assurance boundary
LeaseTrack does not currently claim SOC 2, ISO 27001, Essential Eight maturity certification or external assurance. Customer-specific questionnaires can be answered with available evidence and clear open items.
Operations
Recovery, support and incident handling.
CommTrack maintains internal runbooks for backup and restore, release rollback, monitoring review, incident response and customer offboarding. Current recovery targets are internal operating targets unless written into a customer agreement.
Backup and restore
Internal planning uses a 24-hour recovery point target and one-business-day service restoration target, subject to retained evidence and customer agreement.
Incident response
The incident process covers triage, containment, evidence preservation, customer communication, recovery and post-incident review.
Exports
Owner and Admin users can export organisation-level information where permitted. Normal users can export operational reports they can access.
Assisted setup
CommTrack can help customers prepare CSV imports, validate mappings and train users during onboarding.
Legal context
Plain-language regulatory position.
LeaseTrack supports customer finance operations, but customers remain responsible for their own legal, regulatory, accounting, audit, procurement and record-keeping obligations. The customer agreement, Privacy Policy and Terms of Service govern the service unless a separate written agreement applies.
Institutional customers may ask for information aligned to privacy, supplier risk, operational resilience and information security review. CommTrack can provide customer-safe evidence without sharing secrets, raw logs or internal-only security details.
Customer pack
Detailed evidence can be prepared for serious customer review.
The public website should stay concise. For procurement, CommTrack can assemble a dated customer pack covering architecture, data flows, access controls, MFA, subprocessors, backup and recovery, incident response, retention, vulnerability management, finance validation boundaries and customer acceptance records.
Customer-specific by design
The pack should be prepared for the actual customer, with irrelevant internal notes removed and customer-specific contacts, agreed exceptions, acceptance criteria and contract terms added.
Need security or procurement information?
Contact CommTrack to request a customer review pack or discuss setup support for a finance portfolio pilot.