Privacy Policy

At TricTrak, we take your privacy extremely seriously. Our site analytics implementation is designed with privacy as the top priority, collecting only anonymous, aggregated data that helps us improve the app for everyone. Here's what you need to know:

What Analytics Tracks

• Session duration and active time (how long the app is used)
• Feature usage (which tracking regions are selected)
• Interface preferences (PiP mode usage)
• Anonymous alert counts and timing
• Basic performance metrics

What Analytics Never Tracks

• Personal information or account details
• Email addresses or user IDs
• IP addresses or location data
• Device information
• Individual user behavior patterns
• Cross-site tracking data
• Your actual facial boundary violations or streaks

Analytics Privacy Guarantees

• Analytics are strictly opt-in and can be disabled at any time in your account settings
• Data is completely anonymous and cannot be traced back to individual users
• Analytics data is not linked to your account or personal information
• We use privacy-focused analytics that respect Do Not Track settings
• Data is used solely to improve app functionality and user experience
• No third-party tracking or advertising
• For retention analysis, we use a one-way hash of your user ID that cannot be reversed to identify you

We use this anonymous data exclusively to understand how TricTrak is being used and to make informed decisions about improvements that benefit our users. Your privacy and trust are paramount to us, which is why we've implemented these strict privacy measures.

Retention Analysis

To improve our service and understand user retention patterns, we create a non-reversible anonymized identifier derived from your account ID. This identifier:

• Cannot be used to identify you personally
• Is created using a one-way cryptographic hash function
• Is only used when you've explicitly opted into analytics
• Helps us understand how often users return to the app
• Is never combined with your behavioral tracking data

Behavioral tracking is the core functionality of TricTrak that helps you monitor and improve habits. This data is tied to your account and is used exclusively to provide you with progress tracking and insights.

What Behavioral Tracking Collects

• Account information (email address, password, and username)
• "Violation" data (points on the face mesh where your hand crossed your selected facial boundary along with timestamps)
• "Streak" data (the amount of time that occurs between violations)
• Total Time Tracked (the total amount of time you were tracking your face/hands)
• Usage data and preferences
• Achievement and badge progress

How We Protect Your Behavioral Data

• All behavioral data is encrypted using AES-256-GCM encryption
• Data is stored securely in Firebase with strict access controls
• Your behavioral data is never shared with third parties
• Your data is never used for marketing, advertising, or profiling
• You can delete your account and all associated data at any time

Video and Camera Privacy

Our application uses your device's camera for real-time behavioral tracking. Important privacy guarantees:

• All video processing happens exclusively on your local device
• No video is ever stored, saved, or transmitted to our servers or any third parties
• No images are ever captured, stored, or transmitted
• The video stream never leaves your device and is accessible only to you
• Only the specific data points mentioned above (violations, streaks, etc.) are saved
• No facial recognition or biometric scanning is performed

Cookies and Tracking

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

We use Google Analytics to help us understand how our users use the Service. For privacy protection, we implement analytics with anonymous client IDs that are not connected to your account information. The information generated about your use of the Service is transmitted to and stored by Google without any personal identifiers or account details.

Our analytics implementation is designed to be privacy-focused: we do not link analytics data to your user account, we do not include personal information in analytics data, and we respect browser Do Not Track settings. You can disable analytics at any time in your account settings.

We use the collected information for:

• Providing and improving our services
• Generating progress reports and analytics
• Personalizing your experience
• Communicating with you about your account, including sending alerts and notifications
• Processing transactions and managing your subscription
• Developing new features and functionality
• Ensuring the security and integrity of our services
• Creating anonymized, aggregated data for service improvement

Legal Basis for Processing (For EEA Users)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the specific information concerned and the context in which we collect it. We generally rely on:

• Consent (e.g., when you agree to our processing your data for a specific purpose)
• Contract performance (e.g., processing necessary to provide you with our services)
• Legitimate interests (e.g., improving our services)
• Legal obligations (e.g., to comply with applicable laws)

You have the right to withdraw consent at any time.

We may share your information with:

• Service providers who help us deliver our services (e.g., hosting, database, analytics)
• Legal and regulatory authorities, when required by law
• Professional advisors such as lawyers, auditors, and insurers, where necessary
• A potential buyer in the event of a sale, merger, or acquisition of our business

We do not sell, rent, or trade your personal information with third parties for their marketing purposes.

We employ a comprehensive security infrastructure using Firebase and Google Cloud services to protect both your behavioral tracking data and any anonymous analytics data:

Encryption and Data Protection

• Advanced AES-256-GCM server-side encryption for all sensitive behavioral data
• End-to-end encryption for data transmission
• Separate storage systems for behavioral data and anonymous analytics

Access Control and Authentication

• Firebase App Check protection against unauthorized access
• Strict database security rules with authentication checks
• CSRF protection for all sensitive operations
• Automatic session management with secure timeout handling

Application Security

• Strict Content Security Policy (CSP) headers
• Input validation and sanitization on both client and server side
• Rate limiting on all sensitive operations
• Secure WebSocket connections for real-time data

Monitoring and Compliance

• Regular security audits and vulnerability assessments
• Automated security violation monitoring and alerts
• Comprehensive audit logging for security events
• Continuous monitoring of access patterns and potential threats

While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.

You have the right to:

• Access your personal data
• Rectification - request correction of your data if it's inaccurate
• Erasure - request deletion of your data in certain circumstances
• Restrict processing - limit how we use your data in certain circumstances
• Data portability - request your data in a structured, machine-readable format
• Object - contest our processing of your data in certain circumstances
• Withdraw consent at any time where we rely on consent as our legal basis
• Disable analytics - turn off anonymous analytics tracking at any time in your account settings

To exercise any of these rights, please contact us at info@trictrak.com. We will respond to your request within 30 days.

If you are in the European Union, you also have the right to lodge a complaint with a supervisory authority if you believe we have processed your personal information in a manner inconsistent with your privacy rights.