Privacy Policy

1. Who We Are

Trackr ("Trackr", "we", "our", or "us") is a personal tracking app for iOS published by Garson Tech. This policy explains what information Trackr collects, how it's used, and the choices you have. Contact: garsontech@gmail.com.

2. Information We Collect

2.1 Account information

When you sign up we collect:

• Email address — used as your login identifier and to send password resets.
• Display name — optional. If you sign in with Apple or Google, we receive whatever your name is set to on that account (you can hide it via Apple's "Hide My Email" / private name relay).
• Authentication identifier — a stable user ID issued by Firebase Authentication. We don't see your Apple ID or Google account credentials.

2.2 Content you create

• Trackers — the names, icons, and field definitions of the forms you build.
• Entries — every value you log: numbers, text notes, selected options, dates, toggles.
• Photo attachments — images you attach to entries. Each is resized to a maximum dimension of 1600 points and compressed before upload.
• Reminder schedules — the days and times you ask Trackr to remind you.

2.3 Subscription information

If you subscribe to Trackr Pro, Apple's App Store processes the payment. Apple shares with us only a signed receipt that we use to confirm your subscription is active. We store the resulting state (free, trialing, active, expired) and the expiry date. We never see your payment method.

2.4 Information we don't collect

• We don't collect your location.
• We don't collect your contacts or calendar.
• We don't fingerprint your device or use IDFA for advertising.
• We don't include third-party analytics, advertising, or social-tracking SDKs.

3. How We Use Information

• Run the app. Your account information identifies you; your content powers the tracker views, charts, and reminders.
• Sync across your devices. Local data on your iPhone is mirrored to your private account so it stays in sync if you reinstall or sign in on another device.
• Generate AI summaries (Pro, opt-in per tracker). When enabled on a tracker, a weekly snapshot of that tracker's entries is sent to Google Cloud's Vertex AI service to generate a short narrative summary. See Section 5 for details.
• Verify legitimate app instances. Apple's App Attest service issues us a token that proves the request is from a real Trackr install on a real device. This prevents abuse of our AI and sync endpoints.
• Honor your subscription. We use Apple's receipt to gate Pro features (unlimited trackers, AI summaries, photos, full history).

4. Where Your Data Lives

• On your device — Trackr is local-first. All data is stored locally in an on-device SwiftData store. The app works fully offline.
• Firebase Authentication — handles your sign-in. Operated by Google LLC under Google's security and privacy controls.
• Cloud Firestore — your synced trackers and entries. Access is restricted by security rules that only let your authenticated account read or write your own data.
• Firebase Cloud Storage — your photo attachments. Same per-user access restriction.
• Google Cloud Vertex AI — receives AI summary requests only when you've enabled AI summaries on a tracker. Vertex AI does not use your data to train or improve Google's foundation models.
• Apple App Store — handles subscription billing.

5. AI Features (Pro, Opt-In)

Trackr Pro can generate weekly AI summaries for each tracker you enable it on. When a summary is generated:

• The request goes from your device directly to Google Cloud Vertex AI (gemini-2.5-flash). It is not sent to the Google AI / Gemini Developer API or any other third-party AI service.
• Before sending, we strip user identifiers (email, name) from the request. The model sees the tracker's name and field labels plus the numeric and textual values of your entries in the requested window.
• Photo bytes are never sent — image fields are replaced with a "<photo>" placeholder.
• Vertex AI does not use data sent through its API to train or improve Google's foundation models. See Vertex AI data governance.
• Each tracker is limited to one successful summary per 24 hours. Generated summaries are cached on your account and rendered offline.
• You can turn AI summaries off per tracker at any time in Settings → AI summary. Turning it off stops all future AI calls for that tracker.

6. Information Sharing

We share information only as described here:

• Service providers processing data on our behalf to make the app work: Google (Firebase Authentication, Firestore, Cloud Storage, App Check, Vertex AI) and Apple (App Store, Sign in with Apple, App Attest).
• Legal requirements if we believe in good faith that disclosure is required by law.
• Business transfers if Trackr is acquired or merged, in which case we'll notify you and the acquiring entity will be bound by this policy.

We do not sell or rent your personal information.

7. Data Retention

We retain your account data for as long as your account is active. If you delete a tracker, its associated entries, photos, AI summary cache, and scheduled reminders are removed from your device, Firestore, Cloud Storage, and the iOS notification center. If you delete your entire account (email garsontech@gmail.com), all of your data is removed from our systems within 30 days, except where retention is required by law (for example, tax records related to your subscription).

8. Your Rights

You can, at any time:

• Access — every piece of data we hold about you is visible to you in the app.
• Correct — edit any tracker, entry, or profile field directly in the app.
• Delete — delete individual trackers (cascade-deletes their entries, photos, reminders, and AI cache) or request full account deletion by emailing garsontech@gmail.com.
• Export — request a JSON export of your trackers and entries by emailing garsontech@gmail.com.
• Withdraw consent — sign out at any time. Optional features (AI summaries, photo attachments) can be disabled per tracker.

If you're in the EU/UK (GDPR), California (CCPA/CPRA), Brazil (LGPD), or another jurisdiction with similar laws, you may have additional rights including objection to processing, restriction of processing, and lodging a complaint with your local data-protection authority.

9. Security

• All connections between Trackr, Firebase, and Vertex AI use TLS encryption in transit.
• Firestore and Cloud Storage data is encrypted at rest by Google.
• Access to your data on our servers is restricted by Firebase security rules that enforce request.auth.uid == uid — only your authenticated account can read or write your data.
• App requests are attested by Apple's App Attest, preventing abuse from non-Trackr clients.
• No security system is perfect. If we discover a breach affecting your account, we will notify you within 72 hours of discovery.

10. Children's Privacy

Trackr is not directed at children under 13 (or 16 in some EU jurisdictions). We don't knowingly collect personal information from children. If you believe a child has signed up, please contact us so we can delete the account.

11. International Transfers

Trackr's infrastructure runs on Google Cloud servers in the United States. If you use Trackr from outside the U.S., your data will be transferred to and processed there under Google's data-protection terms, which include EU Standard Contractual Clauses where applicable.

12. Changes to This Policy

We may update this policy from time to time. When we make material changes, we'll update the "Last updated" date at the top and, for significant changes, notify you in the app before they take effect. Continuing to use Trackr after the change becomes effective means you accept the updated policy.

13. Contact

Questions, requests, or complaints about this policy or your data: garsontech@gmail.com.