Privacy Policy

Last Updated: March 15, 2026

Trackless ("we," "us," or "our") operates the Trackless mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the App. Please read this policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • First and last name
  • Password (stored in hashed form only; we never store or have access to your plaintext password)

1.2 Health and Body Metrics

During onboarding and profile setup, you may provide:

  • Height
  • Weight
  • Birth year / age
  • Gender
  • Activity level
  • Fitness goals
  • Training frequency

This information is used solely to calculate personalized daily calorie and macronutrient targets.

1.3 Nutrition and Tracking Data

As you use the App, we collect:

  • Food log entries (food name, amount, meal type, calories, macronutrients, timestamps)
  • Weight tracking entries
  • Barcode scan results (used to look up food items; no images are stored)
  • Food items you submit to the public food database

1.4 Voice and Speech Data

When you use the voice advisor feature, the App uses your device's built-in speech recognition (Apple Speech Framework on iOS) to convert your spoken words into text on your device. The resulting text transcription — not your raw audio — is sent to our servers for processing. We do not record, transmit, or store audio files.

1.5 AI Advisor Interaction Data

When you interact with the AI advisor, we collect and store:

  • Your text prompts (transcribed from voice or typed)
  • Conversation history within each session (up to 10 messages)
  • The AI-generated responses provided to you
  • A record of actions taken on your behalf (e.g., meals logged, entries edited)
  • Your device's local date, time, and timezone at the time of the interaction
  • Token usage metadata (for internal cost tracking)

1.6 Feedback Data

If you submit feedback through the App, we collect:

  • Your feedback message
  • Your rating (1–5)

1.7 Device and Technical Information

We collect minimal technical information necessary to operate the App:

  • Device operating system and version (used for compatibility)
  • App version

We do not collect device advertising identifiers (IDFA), hardware identifiers, IP-based location data, or analytics telemetry. The App contains no analytics SDKs, advertising SDKs, or tracking frameworks.

1.8 Home Screen Widget Data

If you use the iOS home screen widget, the following data is stored locally on your device (via App Groups) to display in the widget:

  • Current daily calories and calorie goal
  • Current daily protein and protein goal
  • Current streak count
  • Login status

This data never leaves your device and is not transmitted to any server.

2. How We Use Your Information

We use the information we collect exclusively to:

  • Create and maintain your account
  • Calculate and display your personalized calorie and macronutrient targets
  • Log and display your food intake and weight history
  • Power the AI voice advisor to process your food-related requests and provide responses
  • Allow you to search for and scan food items
  • Display your tracking data in the home screen widget
  • Respond to feedback you submit
  • Maintain, improve, and troubleshoot the App

We do not use your data for advertising, profiling, behavioral targeting, or any purpose unrelated to the core functionality of the App.

3. How We Process AI Requests

The App's AI advisor feature uses a third-party large language model (LLM) service to process your requests. Here is how it works:

  • When you submit a voice or text prompt, the transcribed text, your conversation history for that session, your local date/time/timezone, and relevant nutritional context are sent to our backend server.
  • Our server forwards the prompt and context to OpenRouter (openrouter.ai), a third-party LLM routing service, which processes the request using a language model (currently Google Gemini).
  • The LLM generates a response, which our server uses to take actions on your behalf (e.g., logging a meal) and to generate a natural-language explanation that is returned to you.
  • All interaction data (prompts, responses, actions taken) is logged on our servers for service operation and improvement.

Important:

  • Your data is sent to the LLM provider solely for the purpose of processing your specific request. We do not authorize or permit the LLM provider to use your data for training, profiling, or any other secondary purpose.
  • We do not send your email, password, full name, or account credentials to the LLM provider.
  • The AI advisor's responses are generated by artificial intelligence and may contain inaccuracies. The App labels AI-generated responses accordingly.

4. Third-Party Services

We use the following third-party services to operate the App:

ServicePurposeData Shared
OpenRouter / Google GeminiAI language model processingText prompts, conversation history, nutritional context, date/time
HerokuBackend hosting and databaseAll account and tracking data
MailerSendTransactional emailEmail address (only when triggered)

We do not sell, rent, license, or share your personal information with any third party for their own marketing, advertising, or commercial purposes.

5. Data Storage and Security

  • Server-side data is stored in a PostgreSQL database hosted on Heroku's infrastructure, which provides encryption at rest and in transit.
  • Authentication tokens (JWT) are stored on your device using iOS Keychain (encrypted by the operating system's Secure Enclave).
  • Passwords are hashed using PBKDF2 with SHA-256; we never store plaintext passwords.
  • All communication between the App and our servers occurs over HTTPS (TLS encryption).
  • We implement rate limiting to protect against abuse.

While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure.

6. Data Retention

  • Account and tracking data is retained for as long as your account is active.
  • AI interaction logs are retained for as long as your account is active.
  • Feedback data is retained for as long as your account is active.
  • When you delete your account, all associated data is permanently deleted from our servers.
  • Local data (authentication tokens and widget data) is cleared from your device upon logout.

7. Your Rights and Choices

7.1 Account Deletion

You can delete your account at any time from the Profile screen within the App. Account deletion is permanent and irreversible.

7.2 Data Access

You can view all of your tracked data directly within the App at any time.

7.3 Permissions

You can revoke camera, microphone, and speech recognition permissions at any time through your device's Settings app.

7.4 Contact

To exercise any privacy rights not available directly through the App, contact us at the email listed in Section 12.

8. Children's Privacy

The App is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16.

9. Cookies and Tracking Technologies

The App does not use cookies, web beacons, tracking pixels, advertising identifiers, or any similar tracking technologies. We do not participate in cross-app or cross-site tracking.

10. Health and Medical Disclaimer

Trackless is a nutrition tracking tool. It is not a medical device, medical application, or substitute for professional medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional before making significant changes to your diet or exercise routine.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: support@trackless.ai

13. California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your personal information, and not be discriminated against for exercising your privacy rights. We do not sell personal information.

14. European Residents (GDPR)

If you are located in the EEA or the United Kingdom, our legal basis for processing your personal data is contract performance, legitimate interest, and consent. You have the right to access, rectify, erase, restrict processing of, and port your personal data.

15. International Data Transfers

Your data is processed and stored on servers located in the United States (Heroku). AI processing requests are routed through OpenRouter, which may process data in various locations. By using the App, you consent to the transfer of your data to the United States and other jurisdictions.