Privacy Policy
Trackers – Track Anything Effective Date: April 9, 2026 Last Updated: May 11, 2026
1. Introduction
This Privacy Policy explains how Trackers – Track Anything ("the App", "we", "us", "our") collects, uses, stores, and protects your personal information when you use our mobile application.
By using the App, you agree to the collection and use of information as described below. If you do not agree, please stop using the App.
The principle behind this policy is: we collect only what is required to operate the features the App offers.
2. Information We Collect
2.1 Information You Provide
- Email address — collected during account creation or Google Sign-In, used for authentication, account identification, password reset, and support.
- Tracker content — names, categories, units, values, history entries, groups, notification rules, and any other content you create inside the App. This is your own data, stored to provide sync between your devices.
- Settings — your notification preference, theme choice, and language preference. Theme is stored on your device only; the master notification flag and locale are also synced to your account for multi-device consistency.
2.2 Information Collected Automatically
- Push notification tokens — collected by Expo Notifications and Firebase Cloud Messaging when you sign in. Stored as an array on your account so notifications can reach all your devices. Removed when you sign out.
- Last access timestamp (
lastAccessAt) — updated when you open the App. Used by our Cloud Functions to skip background processing for inactive accounts (an inactivity guard) and reduce server cost. - Device identifiers — collected by the Firebase SDK for crash reporting (via Firebase Crashlytics) and abuse prevention.
- IP addresses — collected by the Firebase SDK during network requests for abuse prevention and operational diagnostics.
2.3 Information We Do Not Collect
When you sign in with Google, we do not persist your name, profile photo, locale, or other Google profile data. Only your email address is retained.
We do not collect contacts, location, microphone, camera, or any other device sensor data.
3. How We Use Your Information
| Purpose | Data used |
|---|---|
| Authentication | Email address |
| Core sync (Firestore) | Tracker / group / history content, settings, locale |
| Local + push notifications | Tracker data + notification tokens + rules |
| Inactive-user optimization | lastAccessAt |
| Crash reporting | Device IDs, IP, crash traces (Firebase Crashlytics) |
| Abuse prevention | IP, device IDs |
We do not sell your personal data. We do not use your tracker content for advertising or any third-party purpose.
4. Third-Party Services
| Service | Provider | Purpose | Privacy Policy |
|---|---|---|---|
| Firebase Auth | Authentication | https://firebase.google.com/support/privacy | |
| Cloud Firestore | Data storage and sync | https://firebase.google.com/support/privacy | |
| Firebase Cloud Messaging | Push notification delivery | https://firebase.google.com/support/privacy | |
| Firebase Crashlytics | Crash reporting | https://firebase.google.com/support/privacy | |
| Cloud Functions | Auto-increment, push alerts, trash cleanup | https://firebase.google.com/support/privacy | |
| Google Sign-In | Optional social authentication | https://policies.google.com/privacy | |
| Expo Notifications | Expo | Push token delivery | https://expo.dev/privacy |
You can review the privacy policies of each provider at the links above.
5. Data Storage and Retention
- All user data is stored in Cloud Firestore (region:
europe-west1) with infrastructure that complies with EU data protection requirements. - Account data and your tracker content are retained for as long as your account is active.
- Trackers in the Trash are automatically and permanently deleted after 30 days, by a daily Cloud Function. The deletion cascades to all related history entries.
- When you delete your account, all associated data is permanently removed: trackers, history, groups, profile, push tokens, and your Firebase Authentication account.
6. Data Security
- All transport between the App and our servers is encrypted (HTTPS / TLS).
- Authentication tokens are stored securely on-device by the Firebase SDK.
- Firestore security rules enforce per-user isolation: every read and write is gated on
request.auth.uid == userId. There are no shared or public collections. - Push token registration uses a 10-second timeout to fail gracefully on unreliable networks (notably Android emulators).
While we apply industry-standard protections, no internet transmission or storage system is 100 % secure and we cannot guarantee absolute security.
7. Your Rights
7.1 All Users
You have the right to:
- Access all your data through the App at any time.
- Export your data as JSON from Settings → Export Data.
- Delete your account and all associated data from Settings → Account → Delete Account.
7.2 European Union Users (GDPR)
- Lawful basis: "Performance of a contract" — email and tracker data are necessary to provide the App.
- Right to access: Use the in-app export.
- Right to rectification: Edit your data in the App.
- Right to erasure ("right to be forgotten"): Use the in-app account deletion.
- Right to data portability: Use the JSON export.
- Right to object: Contact us at the email below to object to specific processing.
7.3 California Users (CCPA)
- Right to know what personal data is collected and how it is used (this policy).
- Right to delete your personal data (in-app).
- Right to opt out of sale. We do not sell personal data.
- Right to non-discrimination for exercising any privacy right.
8. Children's Privacy
The App is not directed at children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us and we will delete it promptly.
9. Notifications
The App uses server-sent push notifications:
- Push notifications: sent by our Cloud Function (auto-increment) via Firebase Cloud Messaging when a background value update causes a threshold crossing or when a custom notification rule fires.
You can:
- Disable notifications globally in Settings.
- Disable notifications per tracker (
Alertstoggle on each tracker). - Configure custom notification rules per tracker (at a specific value, or every N units of change).
- Revoke OS-level permission at any time via your device settings.
Push tokens are stored on our servers so that notifications can reach all your devices; they are removed when you sign out or delete your account.
10. Account Deletion
You can delete your account directly within the App: Settings → Account → Delete Account. The flow:
- You re-authenticate (Firebase requires a recent sign-in for account deletion).
- We permanently remove all your trackers, history entries, groups, profile data, and push tokens from our servers.
- Your Firebase Authentication account is deleted.
- You are signed out of the App.
This action is irreversible.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we update the "Last Updated" date at the top. Continued use of the App after changes constitutes acceptance of the revised policy.
12. Contact Us
If you have questions or concerns about this Privacy Policy or your personal data, contact us at:
Email: absolute.laiot.apps@gmail.com
This Privacy Policy applies to the Trackers – Track Anything mobile application (package: io.github.dluca.trackers).