Privacy Policy

Last updated: June 11, 2026

1. Overview

This policy describes what information STR Tracker collects, how it is used, and your choices. We collect the minimum needed to run the service. We do not sell your data, and we do not show ads. Last updated: June 11, 2026.

2. Information You Provide

Account information: email address, password (stored as a hash by our authentication provider), your name, and optionally your spouse's name. Activity data: properties, time entries, activity types, notes, and files you attach (photos, PDFs, documents). This data is stored in our database and file storage, hosted by Supabase, so it can sync to your account.

3. Email Account Access

If you connect a Google or Microsoft email account, the App requests read-only access (Google scope: gmail.readonly; Microsoft scope: Mail.Read). Authentication tokens are stored only on your device in the iOS secure keychain — never on our servers. Email messages are fetched directly from your provider to your device for display. The only email content that reaches our servers is a document you explicitly choose to attach to an activity entry, which is then stored like any other attachment. Disconnecting an account in Settings deletes its tokens from your device; you can also revoke access in your Google or Microsoft account settings.

4. Google API Limited Use Disclosure

STR Tracker's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is used only to provide the user-facing email attachment feature, is never used for advertising, and is never sold or transferred to third parties except as necessary to provide the feature, to comply with applicable law, or as part of a merger or acquisition with notice to users.

5. How We Use Information

We use your information solely to: (a) operate the App and sync your data across sessions; (b) generate the reports you request; (c) respond to support requests; and (d) maintain security and prevent abuse. We do not use your data for advertising, profiling, or sale to third parties.

6. Service Providers

We rely on a small number of processors to operate the service: Supabase (database, authentication, file storage), Apple (app distribution and, if enabled, notifications), and — only when you use email integration — Google or Microsoft as your email provider. Each processes data only as needed for its function.

7. Data Retention and Deletion

Your data is retained while your account is active. You may delete individual entries, attachments, and linked email accounts at any time. Deleting your account (Settings → Delete Account) permanently removes your profile, activity logs, properties, attachments, and stored files from our systems. Device-stored data (tokens, preferences) is removed from the keychain when you disconnect accounts or uninstall the App.

8. Security

Data is encrypted in transit (TLS) and at rest by our hosting provider. Database access is restricted by row-level security so each account can only read and write its own records. Email tokens are stored in the iOS secure keychain on your device. No system is perfectly secure; please use a strong, unique password.

9. Your Rights

Depending on where you live (e.g., California, the EU/EEA), you may have rights to access, correct, export, or delete your personal information. The App provides these directly: your data is visible in the App, exportable as PDF/Excel, and deletable in Settings. For any other request, contact us and we will respond within the time required by applicable law.

10. Children

The App is not directed to anyone under 18, and we do not knowingly collect information from children. If you believe a child has provided us information, contact us and we will delete it.

11. Changes

We will post any changes to this policy in the App and update the date above. Material changes will be highlighted in the App or sent by email.

12. Contact

Privacy questions or requests: support@strtrackerapp.com