TideTrackr Privacy Policy

Last updated: 10 June 2025

TideTrackr ("App", "we", "us" or "our") is a mobile application available on iOS and Android that helps users track weight, medication and related health metrics. We respect your privacy and are committed to protecting your personal and health data. This Policy explains what information we collect, why we collect it, how we use it, and the choices you have.

1. Who We Are

TideTrackr is operated by an individual based in England, United Kingdom.
If you have any questions about this Policy or your data, please email support@tidetrackr.com.

2. Data We Collect

Account Information
• Apple or Google Sign-In identifier
• Email address
(Source: Apple / Google — Required)

Health & Fitness Data
• Weight, body measurements
• Calculated BMI & waist-to-height ratio
• HbA1c, blood-glucose readings
• Calorie, protein, and water intake
• Exercise entries (minutes & type)
• Medication dose & timing
• Self-reported symptoms (e.g. nausea, vomiting)
(Source: You — Optional, weight required to use core features)

Profile Inputs
• Sex, age (number only), height, activity level

• Weight , nutrition and exercise goals

• Preferred units
(Source: You — Optional but recommended)

Diagnostic Data
• Crash logs and event counts
(Source: Device — Collected automatically, if implemented)

Purchase Data
• Subscription status and transaction identifiers
(Source: Apple / Google / RevenueCat — Collected automatically)

➡️ We do not access GPS, motion sensors, camera, or microphone.

3. Why We Collect Your Data

• Provide core functionality (log entries, calculate progress, sync across devices)
• Manage your account and subscription
• Improve app reliability and understand crashes
• Comply with legal obligations

❌ We do not use your data for advertising, marketing, or automated decisions.

4. Legal Bases (UK/EU GDPR)

We process your data under the following lawful bases:

•  Account and purchase data – We process this as a contractual necessity, to provide the services you’ve requested.
•  Health and profile data – We rely on your explicit consent, given when you enter or sync health-related information.
•  Diagnostic data – We process this under legitimate interests, to help maintain the reliability and security of the app.
• Legal disclosures – If we are required by law to disclose data, we do so under a legal obligation.

You may withdraw your consent at any time by deleting your data or your account.

5. How We Store & Share Your Data

Your data is securely stored and only shared with trusted providers where necessary:

•  Supabase (EU – London region)
Stores your health and account data in a secure cloud database. Data is encrypted in transit and at rest, and row-level security ensures only you can access your records.
•  RevenueCat
Manages your subscription status and verifies purchases. Only purchase metadata is shared — no health data is ever included.
•  Firebase Crashlytics
Helps diagnose crashes or bugs in the app. Only technical crash data is collected — not health or personal data.
• Courts or authorities (if required by law)
We will only share the minimum amount of information necessary to comply with legal obligations.

We do not sell, rent, or share your data for advertising or behavioural tracking.

6. Retention

•  Active accounts – Your data remains in the app until you choose to delete it.
•  Deleted accounts – If you delete your account using the in-app option, all data is erased immediately.
•  Purchase records – If you subscribe through Apple or Google, basic transaction data may be retained by those platforms for billing and tax purposes. TideTrackr does not store this data directly. 

7. Security Measures

• All traffic is encrypted using HTTPS/TLS
• Data at rest is encrypted (AES‑256) by Supabase
• Row-level security is enforced to ensure users can only access their own data
• Admin access to Supabase is protected by multi-factor authentication (MFA) 

• In the event of a data breach, users and the UK ICO will be notified within 72 hours, where feasible 

8. Your Rights (UK GDPR)

You have the right to:

1. Access your data

2. Correct incorrect data

3. Delete your data

4. Export your entries (CSV)

5. Restrict or object to processing

6. Withdraw consent
   
   

To use any of these rights, delete your account in-app or email support@tidetrackr.com. We aim to reply within 30 days.

9. Children

TideTrackr is not for children under 13. We do not knowingly collect data from children under 13. Any such data will be deleted.

10. Changes to This Policy

This Policy may change over time.
The latest version will always be on tidetrackr.com.

11. Governing Law

This Policy is governed by the laws of England and Wales.