Privacy Policy

Last updated: March 3, 2025

Introduction

TricTrak ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and services. By using TricTrak, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Personal Information

  • Account information (email address, password, and username)
  • "Violation" data (points on the face mesh where your hand crossed your selected facial boundary along with timestamps)
  • "Streak" data (the amount of time that occurs between violations)
  • Total Time Tracked (the total amount of time you were tracking your face/hands)
  • Usage data and preferences
  • Achievement and badge progress

Video and Camera Data

Our application uses your device's camera for real-time behavioral tracking. Important privacy guarantees:

  • All video processing happens exclusively on your local device
  • No video is ever stored, saved, or transmitted to our servers or any third parties
  • No images are ever captured, stored, or transmitted
  • The video stream never leaves your device and is accessible only to you
  • Only the specific data points mentioned above (violations, streaks, etc.) are saved
  • No facial recognition or biometric scanning is performed

Cookies and Tracking

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

We use Google Analytics to help us understand how our users use the Service. The information generated about your use of the Service (including your IP address) will be transmitted to and stored by Google.

How We Use Your Information

We use the collected information for:

  • Providing and improving our services
  • Generating progress reports and analytics
  • Personalizing your experience
  • Communicating with you about your account, including sending alerts and notifications
  • Processing transactions and managing your subscription
  • Developing new features and functionality
  • Ensuring the security and integrity of our services
  • Creating anonymized, aggregated data for service improvement

Legal Basis for Processing (For EEA Users)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the specific information concerned and the context in which we collect it. We generally rely on:

  • Consent (e.g., when you agree to our processing your data for a specific purpose)
  • Contract performance (e.g., processing necessary to provide you with our services)
  • Legitimate interests (e.g., improving our services)
  • Legal obligations (e.g., to comply with applicable laws)

You have the right to withdraw consent at any time.

Data Sharing and Disclosure

We may share your information with:

  • Service providers who help us deliver our services (e.g., hosting, database, analytics)
  • Legal and regulatory authorities, when required by law
  • Professional advisors such as lawyers, auditors, and insurers, where necessary
  • A potential buyer in the event of a sale, merger, or acquisition of our business

We do not sell, rent, or trade your personal information with third parties for their marketing purposes.

Data Retention

We retain your personal information for as long as necessary to provide you with our services and for legitimate and essential business purposes, such as maintaining the performance of the service, making data-driven business decisions, complying with our legal obligations, and resolving disputes.

If you delete your account, we will delete or anonymize your personal information, unless we need to retain certain information for legitimate business or legal purposes.

Data Storage and Security

We employ a comprehensive security infrastructure using Firebase and Google Cloud services:

Encryption and Data Protection

  • Advanced AES-256-GCM server-side encryption for all sensitive data
  • End-to-end encryption for data transmission

Access Control and Authentication

  • Firebase App Check protection against unauthorized access
  • Strict database security rules with authentication checks
  • CSRF protection for all sensitive operations
  • Automatic session management with secure timeout handling

Application Security

  • Strict Content Security Policy (CSP) headers
  • Input validation and sanitization on both client and server side
  • Rate limiting on all sensitive operations
  • Secure WebSocket connections for real-time data

Monitoring and Compliance

  • Regular security audits and vulnerability assessments
  • Automated security violation monitoring and alerts
  • Comprehensive audit logging for security events
  • Continuous monitoring of access patterns and potential threats

While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.

Your Rights

You have the right to:

  • Access your personal data
  • Rectification - request correction of your data if it's inaccurate
  • Erasure - request deletion of your data in certain circumstances
  • Restrict processing - limit how we use your data in certain circumstances
  • Data portability - request your data in a structured, machine-readable format
  • Object - contest our processing of your data in certain circumstances
  • Withdraw consent at any time where we rely on consent as our legal basis

To exercise any of these rights, please contact us at info@trictrak.com. We will respond to your request within 30 days.

If you are in the European Union, you also have the right to lodge a complaint with a supervisory authority if you believe we have processed your personal information in a manner inconsistent with your privacy rights.

International Data Transfers

Your information may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country.

When we transfer your information to other countries, we will protect that information as described in this Privacy Policy and in accordance with applicable law. We use appropriate safeguards, such as standard contractual clauses approved by the European Commission, to ensure that your data receives an adequate level of protection.

Children's Privacy

Our services are not intended for users under the age of 13, or the relevant age of digital consent in your jurisdiction. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you believe we have collected information from your child, please contact us immediately at info@trictrak.com and we will take steps to remove that information from our servers.

Your California Privacy Rights

If you are a California resident, you have certain rights regarding your personal information under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

  • The right to know what personal information we collect, use, disclose, and sell about you
  • The right to request deletion of your personal information
  • The right to correct inaccurate personal information
  • The right to limit the use of sensitive personal information
  • The right to opt-out of the sale or sharing of your personal information
  • The right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us using the information in the Contact Us section.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Changes to this Privacy Policy are effective when they are posted on this page. For material changes, we will make reasonable efforts to provide notice, such as an email notification if you have provided us with your email address.

Contact Us

If you have any questions about this Privacy Policy, please contact us at info@trictrak.com