← Back to Tracker MW
Informational text to be reviewed by legal counsel before publication. Replace all [TO BE COMPLETED: …] segments before going live.
Tracker MW · Legal

Privacy Policy

Last updated: April 6, 2026

Data controller: [TO BE COMPLETED: identity, contact details]

Data protection officer (DPO): [TO BE COMPLETED: contact or “not applicable”]

The purposes below apply in compliance with the GDPR when you are in the European Economic Area (or where EU law applies).

1. Data processed (overview)

  • Mood and wellbeing data: scores, periods, tags, emotions, text notes, optional heart rate, data linked to entries.
  • Daily data: sleep, health, meals and food, finances, activity (including step count if you enable the pedometer), events, lifestyle, illness episodes entered, environmental correlations (e.g. weather), optional demo astrological data if you use those features.
  • App settings: tracking mode, interface preferences, notifications, language, consents, location and community sharing options, etc.
  • Account: email address, technical account ID, session tokens managed by the authentication provider (e.g. Supabase).
  • Technical data: app version, technical identifiers required for connected services, minimal server-side API logs if enabled by the publisher.

2. Local storage

By default, a significant portion of data is stored locally on your device (encrypted storage where the system supports it). Uninstalling the App may cause loss of local data that has not been exported.

3. Cloud sync (legal basis: contract performance / legitimate interest as applicable)

If you sign in and sync is enabled, certain data may be sent and stored on infrastructure configured by the publisher (e.g. Supabase project: profile tables, preferences, user data bundles). Purposes: backup, continuity across devices, and optional anonymised usage statistics on the publisher side.

4. Artificial intelligence analysis (legal basis: consent for text notes where applicable)

Summaries or analyses may be requested via an intermediary server (e.g. Cloudflare Worker) that sends aggregated context to a language-model provider (e.g. Anthropic). The AI provider’s secret keys are not present in the mobile app.

If you enable including text notes, those contents may be included in the transmitted context. Without that consent, text notes should not be included in the analysis payload (except in case of a bug—contact support).

5. Anonymised community sharing (legal basis: consent)

If you enable “anonymised collective sharing”, the App may send non-identifying aggregated vectors and metadata to a server controlled by the publisher, within an app-limited rate (e.g. once per day). Notes and identifying text must not be sent in this flow; only anonymised aggregates and indicators are intended.

“Extended sharing (partners)”: if you additionally enable this, anonymised aggregated data may be shared with research partners according to commitments shown in the App.

6. Location (legal basis: consent via system permissions / consent for community features)

Location may be used for weather and environmental charts; coordinates may be rounded on device before storage.

For community features, a separate option may associate anonymised aggregates with a very coarse area (e.g. short geohash) without mandatory transmission of precise coordinates to the community server.

7. Microphone and speech recognition (legal basis: consent)

Some voice input features may use the microphone and system or manufacturer speech recognition. Audio is processed according to platform rules (Apple/Google).

8. Physical activity (legal basis: consent)

Step counting may use the device’s activity sensors after permission is granted.

9. Notifications (legal basis: consent / legitimate interest for service messages if applicable)

Notification preferences are managed in system and App settings.

10. Payments (legal basis: contract)

In-app purchases are processed by Apple or Google. We do not receive your card number.

11. Retention periods (indicative)

  • On-device data: while the App is installed and you do not erase it (some retention options, e.g. astro data, may be configurable in the app).
  • Account and cloud backup: for the life of the account, then according to legal deadlines and deletion procedures.
  • Derived anonymised community data: according to the publisher’s internal policy once it no longer allows identifying you.

12. Recipients and sub-processors

Providers that may be involved depending on configuration: Supabase (hosting/auth), Cloudflare or equivalent (API Worker), AI model provider, server hosts, mobile stores for IAP. An up-to-date list may be requested from the contact at the top.

13. Transfers outside the EU

If sub-processors process data outside the EEA, the publisher aims to implement appropriate safeguards (standard contractual clauses, supplementary measures) in line with the GDPR.

14. Your rights

You have rights of access, rectification, erasure, restriction, portability (for data provided and processed by contract/automation), and objection, under legal conditions. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

You may lodge a complaint with the CNIL (www.cnil.fr) or your local supervisory authority.

15. Minors

The App is not directed at people under [TO BE COMPLETED: 15, 16, or 18 depending on product policy]. If you believe a minor has provided data without authorisation, contact the data controller.

16. Contact

For questions about this policy or your rights: [TO BE COMPLETED: same email as ToS or DPO].