This Privacy Policy explains how Tracklete ("we", "us", "our") collects, uses, and protects your personal information when you use the Tracklete mobile app, web dashboard, and marketing website (collectively, the "Service").
By using Tracklete, you agree to the practices described in this policy. If you do not agree, please do not use the Service.
1. Who We Are
Tracklete is a fitness coaching platform that connects professional coaches with their clients. Coaches use the platform to manage clients, build training programs, schedule sessions, and track progress. Clients use the platform to view their assigned programs and track their workouts.
Contact: support@tracklb.com
2. Information We Collect
2.1 Information you provide directly
- Account information: email address, password (stored as a hashed value, never in plain text), display name, role (coach or client).
- Profile information (optional): avatar image, specialty, biography, phone number.
- Coaching content (coaches only): clients' display names, training programs, exercise data, session schedules, payment records, motivational quotes, private notes.
- Workout data (clients only): workout completion status, personal records, body measurements, goals.
- Subscription information: subscription tier, payment method used (Whish, Apple In-App Purchase, cash, other), amount paid, dates.
- Feedback: content of any feedback or support requests you send through the app.
2.2 Information collected automatically
- Device information: device model, operating system version, app version, time zone.
- Push notification tokens: if you enable push notifications, we store an Expo push token to deliver notifications.
- Authentication tokens: session tokens used to keep you logged in.
- Email verification & password reset codes: temporary codes stored only as long as needed for verification.
2.3 Information we do NOT collect
- We do not use third-party analytics or behavioral tracking (no Google Analytics, Mixpanel, etc.).
- We do not collect location data.
- We do not access your device's contacts, photos (except when you explicitly upload an avatar), camera, or microphone.
- We do not sell, rent, or trade your personal information.
3. How We Use Your Information
We use the information we collect to:
- Provide the Service: authenticate you, store your data, allow coaches to manage clients and programs, allow clients to view their workouts.
- Communicate with you: send transactional emails (verification codes, welcome, subscription receipts, renewal reminders, password reset).
- Process subscriptions: track which tier you're on (Free Trial, Lite, Pro), grant or restrict access to features accordingly.
- Send push notifications: notify clients of scheduled workouts, new programs, motivational quotes, etc. (only with your permission).
- Improve the Service: review feedback to fix bugs and prioritize features.
- Prevent abuse: apply rate limiting, detect suspicious activity, enforce our Terms of Service.
We will never use your data for advertising or share it with advertisers.
4. Third-Party Services
Tracklete uses a small number of trusted third-party services to operate. Each is listed below with its purpose and the data it processes.
| Service | Purpose | Data processed |
|---|
| Supabase (AWS) | Database & file storage | All app data, including account info, programs, workouts, payments, avatars |
| Railway | API server hosting | Data passes through Railway during transmission |
| Resend | Transactional email | Email addresses + email content |
| Expo Push | Mobile push notifications | Push tokens + notification content |
| Whish Money | Subscription payments | Whish processes payment outside Tracklete; we record amount + date only |
We do not control these third parties' privacy practices. You can review their respective policies on their websites.
5. Data Storage and Security
- All data is stored on Supabase servers (AWS infrastructure).
- All connections to the API and database use TLS (HTTPS) encryption.
- Passwords are hashed using bcrypt; we never see or store plain-text passwords.
- Authentication tokens use industry-standard JSON Web Tokens (JWT) with short expiration.
- Access to the database is restricted to authorized administrators only.
While we take reasonable security measures, no method of data transmission or storage is 100% secure. We cannot guarantee absolute security.
6. Your Rights
You have the following rights regarding your personal information:
- Access: view all your account data through the app.
- Correction: edit your profile, name, and account settings at any time.
- Deletion: delete your account from the app's settings. This permanently removes all your personal data and associated content. For coaches, deleting your account does NOT delete your clients' accounts.
- Portability: request a copy of your data by emailing support@tracklb.com.
- Withdraw consent: disable push notifications, opt out of non-essential emails, or delete your account at any time.
- Lodge a complaint: contact us first; if not resolved, contact your local data protection authority.
7. Data Retention
- Active accounts: we retain your data for as long as your account is active.
- Deleted accounts: we permanently delete your data upon account deletion. Backups may retain data for up to 30 days for disaster recovery, after which they are wiped.
- Subscription / payment records: anonymized records may be retained for tax and accounting purposes for up to 7 years, even after account deletion.
- Email logs: delivery logs from Resend are retained per Resend's policy (typically 30 days).
8. Children's Privacy
Tracklete is intended for users 16 years of age or older. We do not knowingly collect personal information from anyone under 16. If you are under 16, please do not use the Service. If we learn we have collected information from a child under 16, we will delete it immediately.
9. International Users
Tracklete is operated from Lebanon. By using the Service, you consent to the transfer and processing of your data in Lebanon and other countries where our service providers operate (including the United States).
10. Cookies (Web Dashboard)
The web dashboard uses only essential cookies and local storage to:
- Keep you logged in (session token storage)
- Remember your theme preference (light/dark mode)
- Store the unit preference for weights (kg/lbs)
We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will:
- Update the "Last updated" date at the top.
- Notify users of significant changes via email or in-app notice.
- Continue to honor the previous policy for data already collected, where required by law.
Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
12. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your data:
Email: support@tracklb.com
We aim to respond to all privacy-related inquiries within 7 business days.