This policy describes what information STR Tracker collects, how it is used, and your choices. We collect the minimum needed to run the service. We do not sell your data, and we do not show ads. Last updated: June 11, 2026.
Account information: email address, password (stored as a hash by our authentication provider), your name, and optionally your spouse's name. Activity data: properties, time entries, activity types, notes, and files you attach (photos, PDFs, documents). This data is stored in our database and file storage, hosted by Supabase, so it can sync to your account.
If you connect a Google or Microsoft email account, the App requests read-only access (Google scope: gmail.readonly; Microsoft scope: Mail.Read). Authentication tokens are stored only on your device in the iOS secure keychain — never on our servers. Email messages are fetched directly from your provider to your device for display. The only email content that reaches our servers is a document you explicitly choose to attach to an activity entry, which is then stored like any other attachment. Disconnecting an account in Settings deletes its tokens from your device; you can also revoke access in your Google or Microsoft account settings.
STR Tracker's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is used only to provide the user-facing email attachment feature, is never used for advertising, and is never sold or transferred to third parties except as necessary to provide the feature, to comply with applicable law, or as part of a merger or acquisition with notice to users.
We use your information solely to: (a) operate the App and sync your data across sessions; (b) generate the reports you request; (c) respond to support requests; and (d) maintain security and prevent abuse. We do not use your data for advertising, profiling, or sale to third parties.
We rely on a small number of processors to operate the service: Supabase (database, authentication, file storage), Apple (app distribution and, if enabled, notifications), and — only when you use email integration — Google or Microsoft as your email provider. Each processes data only as needed for its function.
Your data is retained while your account is active. You may delete individual entries, attachments, and linked email accounts at any time. Deleting your account (Settings → Delete Account) permanently removes your profile, activity logs, properties, attachments, and stored files from our systems. Device-stored data (tokens, preferences) is removed from the keychain when you disconnect accounts or uninstall the App.
Data is encrypted in transit (TLS) and at rest by our hosting provider. Database access is restricted by row-level security so each account can only read and write its own records. Email tokens are stored in the iOS secure keychain on your device. No system is perfectly secure; please use a strong, unique password.
Depending on where you live (e.g., California, the EU/EEA), you may have rights to access, correct, export, or delete your personal information. The App provides these directly: your data is visible in the App, exportable as PDF/Excel, and deletable in Settings. For any other request, contact us and we will respond within the time required by applicable law.
The App is not directed to anyone under 18, and we do not knowingly collect information from children. If you believe a child has provided us information, contact us and we will delete it.
We will post any changes to this policy in the App and update the date above. Material changes will be highlighted in the App or sent by email.
Privacy questions or requests: support@strtrackerapp.com