Privacy policy

The short version

Tracker stores what you put into it so it can remind you and keep your history. Your tracker content is private to your account. We don't sell data, we don't run ads, and we don't use third-party analytics. The only third-party script anywhere is Google reCAPTCHA on the sign-in and sign-up pages (bot protection — see Cookies below). Deleting your account erases everything immediately.

What we collect

• Account data: your email address and a hashed password (or your Google sign-in identity if you use Google).
• Your content:the trackers, custom fields, entries, and notes you create. This content is isolated to your account at the database level (row-level security). We don't read it, use it for marketing, or share it — except where strictly necessary to investigate abuse, debug a problem you've reported, or comply with a legal obligation.
• Settings: your timezone and reminder preferences, used solely to send reminders at your local time.
• Email delivery records:which reminder emails we sent and whether they succeeded. These records include the email subject — which, for reminders, contains the tracker's name (e.g. "Due: Oil change") — but never field values or notes. They are deleted with your account.
• Product events:first-party, minimal usage signals (e.g. "an account signed up", "a tracker was created") consisting only of the event name, your account id, and a timestamp — never the content of what you tracked. No third-party analytics service is involved.
• Security logs: rate-limiting records (such as IP-based counters on sign-in attempts) kept to protect accounts from abuse.

Cookies

Our own cookies are strictly necessary: keeping you signed in, securing the password-recovery flow, and remembering that you finished onboarding. One exception exists on the sign-in/sign-up pages only: Google reCAPTCHA protects them against bots and may set its own cookie and receive your IP address — Google's privacy policy and terms apply to it. There are no advertising or analytics cookies anywhere.

Email

We send transactional email only: account verification, password reset, security notices (e.g. "your password was changed"), and — if enabled — reminder and weekly digest emails. Reminders are on by default and every one carries a one-click unsubscribe; you can also turn them off in settings, per tracker or entirely. We don't send marketing email.

Who processes data for us

• Supabase — database and authentication hosting.
• Resend — sends our email.
• Cloudflare — hosts and serves the application.
• Google reCAPTCHA — bot protection on the sign-in/sign-up pages only.

Supabase, Resend, and Cloudflare receive only what their job requires and may not use your data for their own purposes. Google reCAPTCHA operates under Google's own privacy policy (linked above). Beyond these, we disclose data only if legally required to (e.g. a valid court order).

Retention and deletion

Your data stays for as long as your account exists. Deleting your account (Settings → Account → Delete account) immediately and permanentlydeletes your account, trackers, entries, settings, reminder records, and email logs from our live systems. Product-event rows are anonymized at the same moment (your account id is removed from them). Deleting a single tracker or entry works the same way — immediately, with no recycle bin. Residual copies may persist briefly in our hosting providers' routine encrypted backups until those rotate out; backups are never used to restore deleted accounts.

Your choices

• See and edit everything you've stored — it's all in the app.
• Change your email address or password in Settings → Account.
• Stop any or all reminder email at any time.
• Delete your account yourself, no request needed.
• For anything else (including a copy of your data), email support@dev.inskog.com.

Changes

If this policy changes in a way that matters, we'll update the date above and note it in the app. This service is operated by a solo developer; this policy is written to be accurate rather than exhaustive legalese.