trackanything Privacy Policy
This policy applies to the trackanything app (mobile and web), operated by Bear King Digital. It explains, in plain language, what data trackanything handles and the choices you have. The short answer is that we collect very little, we run no analytics, and we never sell or share your data.
The short version
- No account and no sign-in. trackanything does not ask for your name, email, or phone number.
- No analytics, no telemetry, no advertising, and no third-party trackers of any kind.
- The things you track are your content. They live on your device and, if you turn on sync, on our own backend so they can reach the other devices you pair.
- Your data is encrypted in transit. It is not yet end-to-end encrypted, so our systems can read your synced content to operate the service. We are building end-to-end encryption; until it ships, please do not treat sync as zero-knowledge.
- We never sell or share your personal information, and there are no ad or analytics networks involved.
What trackanything stores
The things you choose to track (your content). Trackers and entries you create, including their labels, colors, optional values and units, timestamps, optional notes, care and reminder schedules, timers, and person "profiles." You decide what to log. Some people use it for health-adjacent things like sleep or feeds; that is your choice, and we treat everything you log as private personal content. See the "Not a medical device" section of the Terms.
A device identity (no personal identifiers). Instead of an account, each household gets a randomly generated identifier and a secret credential. The secret is stored in your device's operating-system secure storage (iOS Keychain or Android secure storage) and is what lets your paired devices sync. It contains no name, email, or contact information. Your recovery code is this credential in a form you can save; anyone who has it can access your data, so keep it private.
Technical data needed to sync and notify.
- When your app talks to our backend, our servers receive the network request metadata that any internet request includes, such as your IP address. We use it only to route the request and protect the service, not to build a profile of you.
- If you enable reminders or notifications, your device may register a push notification token so we can deliver a content-free "your partner logged something" ping. The ping carries no details; those are pulled by your device over authenticated sync.
Device permissions we request.
- Camera, only to scan a pairing or recovery QR code. Images are processed on your device and are not uploaded or stored.
- Notifications, for local reminders and the optional content-free cross-device ping.
- Exact alarms (Android), so reminders fire at the right time even when the app is closed.
What we do not collect: no analytics or usage telemetry, no advertising identifiers, no location, no contacts, no microphone, no biometric data, and no third-party trackers.
How your information is used
Only to provide the app: to store your trackers and entries, to sync them across the devices you pair, and to deliver the reminders you set up. We do not use your data for advertising, profiling, or any purpose beyond running the service for you.
Where it is stored and who can access it
- On your device, in local storage, and, for the secret, the operating-system secure store.
- On our backend (only if you turn on sync), your trackers and entries are stored in a cloud-hosted database so they can replicate to your paired devices. Our current infrastructure providers are a managed PostgreSQL database and serverless API hosting (currently Neon and Vercel), which process data on our behalf to run the service and do not use it for their own purposes.
- We do not share, sell, rent, or trade your personal information with any other third party. There are no advertising or analytics recipients.
Data on our backend is protected in transit with HTTPS. As noted above, it is not yet end-to-end encrypted, so our systems can read synced content to operate the service.
Sharing between paired devices
If two people pair, for example partners sharing a household, the data in that household syncs to both devices. That is the point of the feature. A "care-done" notification to a paired device is content-free; the actual details are retrieved by that device over authenticated sync.
Retention and deletion
- Your data persists until you delete it. Deletions are recorded and replicate to your paired devices, so a delete on one device removes it everywhere.
- You can erase all of your data from our servers using the erase, or "right to be forgotten," control in the app, which tells our backend to delete your household's data.
- Uninstalling the app removes the local copy from that device.
Your privacy rights (including California)
Because we do not collect names, emails, or accounts, we hold very little that identifies you personally. Where applicable law gives you rights over personal information, including the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) and the California Online Privacy Protection Act (CalOPPA), we honor the following:
- Know and access what we hold about you.
- Delete your data (built into the app's erase control).
- Correct your data (you can edit any entry directly).
- No sale or sharing. We do not "sell" or "share" (as those terms are defined by the CCPA/CPRA) your personal information, and we do not use it for cross-context behavioral advertising. There is nothing to opt out of because we never do it.
- No discrimination for exercising any of these rights.
- California "Shine the Light": we do not disclose personal information to third parties for their own direct-marketing purposes.
To exercise a right you cannot complete in the app, contact us at support@bearkingdigital.com. We may need to verify your request against your household to protect your data.
Children's privacy
The app is intended for adults and is not directed to children under 13, and we do not knowingly collect personal information directly from children. A caregiver may use the app to log information about a child, such as a baby's feeds; in that case the account holder is the adult, who is responsible for that content. If you believe a child has provided us information directly, contact us and we will delete it.
Security
We use the operating-system secure store for your credential, HTTPS for all network traffic, and we ship no analytics or third-party SDKs. No method of storage or transmission is 100% secure. End-to-end encryption is planned but not yet in effect.
Where data is processed
Our backend is hosted in the United States. If you use the app from outside the US, your data is processed in the US.
Changes to this policy
If we make material changes, we will update this page and its effective date. Your continued use of the app after a change means you accept the updated policy.
Contact
Questions or requests about privacy in trackanything: support@bearkingdigital.com (Bear King Digital). A mailing address is available on request.