Privacy Policy

Tracky

Last Updated: 08.04.2026

Introduction

Tracky (“we”, “our”, or “us”) is committed to protecting your privacy.

This Privacy Policy explains how Tracky handles information when you use the app.

Tracky is designed to keep your health data private: all health and tracking information you enter into the app (such as injection logs, weight entries, and side effects) remains stored locally on your device and is never transmitted to our servers. However, Tracky does operate backend services that collect limited non-health data to provide features such as push notifications, subscription management, advertising measurement, and product improvement. This policy explains what information we collect, how we use it, and your choices.

Data Collection

2.1 User Accounts & Identifiers

Tracky does not require:

• Email address
• Phone number
• Login credentials or password

When you first use the app, a random anonymous identifier is generated on your device and linked to a subscription profile. This identifier does not contain your name, email, or any other contact information. It is used solely to associate your device with subscription features and to enable core app functionality.

2.2 Health & Tracking Data

All data you enter into the app, including but not limited to:

• GLP-1 injection logs
• Dose history
• Weight entries
• BMI data
• Water intake
• Side effects
• Personal notes

is stored locally on your device only.

We do not have access to this data.

We do not receive, store, or process this data on any server.

2.3 Server-Side Data Collection

Tracky operates backend services that collect certain non-health data for the purposes described below. None of the data described in this section includes your health or tracking information (such as injection logs, weight entries, or side effects).

Device & Technical Information

When you use the app, the following technical data may be automatically collected and stored on our servers:

• IP address
• Device model and platform (iOS or Android)
• Operating system version
• App version
• Locale and timezone
• Mobile carrier
• Screen dimensions and density
• User agent string

This data is used to provide and improve app functionality, enable push notifications, measure advertising effectiveness, and perform analytics.

User Identifiers

The following identifiers may be collected and stored:

• Vendor ID (IDFV) — a device identifier unique to our app
• Advertising Identifier (IDFA) — only if you grant permission via the App Tracking Transparency prompt on iOS
• Firebase App Instance ID — an anonymous analytics identifier
• Facebook Anonymous ID — an anonymous identifier used by the Meta SDK
• Adapty Profile ID — a subscription management identifier

These identifiers are used to associate your device with your subscription, measure advertising campaign performance, and enable analytics.

Push Notification Token

If you grant notification permission, a Firebase Cloud Messaging (FCM) token is stored on our server to deliver push notifications to your device. This token does not contain personal information and is used solely for sending notifications. You can revoke notification permission at any time in your device settings.

Onboarding Preferences

During onboarding, you may select a medication category (e.g., “Ozempic” or “Mounjaro”) and an administration route (e.g., injection or oral). This general preference is sent to our server for product improvement and marketing purposes. It is not considered health data and does not include any dosage, treatment schedule, or personal medical information.

Data Storage

Health & tracking data (such as injection logs, weight entries, and side effects) is stored:

• Locally on your device only
• Within your device's secure storage environment

We do not operate any backend servers for storing your health or tracking data, with the exception of the optional AI Calorie Tracking feature described below.

If you delete the app, your health and tracking data is permanently removed from your device unless you have backed it up using your own device backup methods.

Non-health data (as described in the Server-Side Data Collection section above) is stored on secure servers operated by Amazon Web Services (AWS). This data is retained as long as needed for the purposes described in this policy.

Data Sharing

We do not:

• Sell user data
• Share user health or tracking information
• Provide user health data to third parties

Your health and tracking data (such as injection logs, weight entries, and side effects) is never shared with any third party.

Certain non-health technical data (such as device identifiers, IP address, and device information) may be shared with third-party services for advertising measurement and subscription management, as described in the sections below.

In-App Purchases & Subscription Analytics

Tracky uses Adapty, a third-party service, to manage in-app purchases and subscriptions. When you interact with in-app purchases, Adapty may collect and process the following non-health data:

• Purchase history — to validate transactions, manage subscription status, and provide access to purchased features.
• Device identifiers — such as Vendor ID (IDFV) and Advertising Identifier (IDFA, if available), used to associate purchases with your device and for advertising attribution.
• IP address — collected automatically when communicating with Adapty's servers.

When subscription events occur (e.g., trial started, subscription renewed, cancellation), the following data is stored on our servers for internal analytics and product optimization:

• Subscription event type and timestamp
• Revenue amounts and currency
• Product and transaction identifiers
• A/B test and paywall names

Adapty does not receive any of your health or tracking data (such as injection logs, weight entries, or side effects).

For more information about how Adapty handles data, you can review Adapty's privacy policy.

Analytics & Tracking

Tracky uses Google Firebase Analytics to collect anonymous usage data such as screen views, session duration, and general app interaction patterns. This helps us understand how the app is used and improve the experience.

Firebase Analytics may collect:

• Anonymous app usage data (e.g., screens visited, session length)
• Device information (e.g., device model, operating system version)
• App instance identifiers (non-personally-identifiable)
• Advertising identifier (IDFA on iOS), only if you grant permission via the App Tracking Transparency prompt

Firebase Analytics does not receive any of your health or tracking data (such as injection logs, weight entries, side effects, or personal notes). All health data remains stored locally on your device.

On iOS, you will be asked via the App Tracking Transparency (ATT) prompt whether you allow tracking for personalized advertising. If you decline, no advertising identifier is collected, and ad-related data processing is disabled. You can change this setting at any time in your device's Settings under Privacy & Security > Tracking.

For more information about how Google handles analytics data, you can review Google's privacy policy.

Tracky also uses the Meta (Facebook) SDK to measure the effectiveness of advertising campaigns and to support ads tracking. The Meta SDK may collect:

• Advertising identifier (IDFA on iOS), only if you grant permission via the App Tracking Transparency prompt
• App events (e.g., app installs, app opens)
• Device information (e.g., device model, operating system version)
• IP address

The Meta SDK does not receive any of your health or tracking data (such as injection logs, weight entries, side effects, or personal notes). All health data remains stored locally on your device. If you decline the App Tracking Transparency prompt, no advertising identifier is shared with Meta, and ad-related data processing is limited.

In addition to the client-side Meta SDK, Tracky sends certain subscription events to Meta's Conversions API (server-to-server) for advertising measurement. When a qualified trial event occurs, the following data may be sent to Meta: a hashed version of your subscription profile ID, your advertising identifier (IDFA, if available), Facebook anonymous ID, IP address, user agent, and device information (app version, operating system version, device model, locale, timezone, carrier, and screen dimensions). This data is used solely to measure advertising campaign effectiveness.

For more information about how Meta handles data, you can review Meta's privacy policy.

Apple Search Ads Attribution

If you installed Tracky through an Apple Search Ads campaign, attribution data may be stored on our servers, including: campaign name, ad set, ad group, creative set, and a network-assigned user identifier. This information is used to measure the effectiveness of our advertising campaigns on the App Store and is not shared with other third parties.

We may also use basic, privacy-respecting system-level diagnostics provided by Apple (such as anonymous crash reports), which do not contain personally identifiable health information and are controlled by your device settings.

Apple Health Integration (If Applicable)

If you choose to enable Apple Health integration:

• Data access is granted only with your explicit permission.
• Data remains on your device.
• We do not transmit Apple Health data to external servers.

You can revoke access at any time via iOS Health settings.

AI Calorie Tracking (Optional Feature)

If you choose to use the AI Calorie Tracking feature, Tracky processes food photos to estimate nutritional content. This feature requires explicit opt-in consent before first use.

Photo Processing

• Photos you take or select are uploaded to our secure cloud storage (Cloudflare R2) for temporary processing.
• Photos are automatically and permanently deleted after 7 days. This retention period allows us to support user-initiated AI corrections and reanalysis without requiring a new photo upload.
• Photos are sent to third-party AI inference partners for nutritional analysis. These partners process the image to identify foods and estimate calorie and macronutrient content.

Data Stored

When you use the AI Calorie Tracking feature, the following data is stored on our servers:

• AI-generated nutritional analysis results, including meal names, identified ingredients, and estimated calorie and macronutrient values.
• This data is associated with your anonymous device identifier only — no name, email, or other personally identifiable information is stored alongside it.

To be clear: your health and medication data — including injection/dose logs, weight entries, BMI, side effects, and personal notes — is never stored on our servers. That data remains exclusively on your device at all times. Only the AI-generated food analysis results from the Calorie Tracking feature are stored server-side.

Third-Party AI Partners

Photos are processed by AI inference providers to perform food recognition and nutritional estimation. These providers receive only the food photo and a text prompt — no personal or health information is shared with them.

Children's Privacy

Tracky is not intended for individuals under the age of 18.

We do not knowingly collect personal data from children.

Security

Your health and tracking data is stored locally on your device and remains under the security protections provided by your device's operating system.

Non-health data stored on our servers is protected using industry-standard security measures, including encrypted connections (HTTPS/TLS) for all data transmission and secure cloud infrastructure provided by Amazon Web Services (AWS).

Trademark Notice

Tracky is an independent application and is not affiliated with, endorsed by, or sponsored by any pharmaceutical company.

Medication names such as Mounjaro®, Ozempic®, Wegovy®, and Zepbound® are registered trademarks of their respective owners and are used for informational purposes only.

Medical Disclaimer

Tracky is a lifestyle and tracking tool for informational purposes only.

The app does not provide medical advice, diagnosis, treatment, or clinical recommendations.

Always consult a qualified healthcare provider before making medical decisions.

Tracky is not a medical device.

Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be reflected by revising the “Last Updated” date above.

Contact

If you have questions about this Privacy Policy, you may contact us at:

tracky.support@dofatech.com