Privacy Policy

1. Introduction

StackTrax ("we", "us", "our") operates the stacktrax.com website and mobile application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

We collect information you provide directly:

• Account information (email address, display name)
• Protocol and supplement tracking data (compounds, doses, schedules)
• Daily check-in data (mood, energy, sleep, recovery ratings)
• Weight and body composition logs
• Payment information (processed securely via Stripe — we never store card numbers)

We automatically collect:

• Device and browser information
• Usage analytics (pages visited, features used)
• IP address and approximate location

3. How We Use Your Information

• Provide, operate, and maintain the StackTrax service
• Process subscriptions and payments
• Send transactional emails (welcome emails, trial reminders, account notifications)
• Improve the app through aggregated, anonymized analytics
• Respond to support requests and feedback
• Detect and prevent fraud or abuse

4. Third-Party Services

We use the following third-party services to operate StackTrax:

• Supabase — database hosting, authentication, and file storage. Your data is stored securely in Supabase's infrastructure with encryption at rest.
• Stripe — payment processing. Stripe handles all payment card information and is PCI DSS Level 1 certified. We only store your Stripe customer ID.
• Resend — transactional email delivery. Receives your email address to deliver account-related emails.
• PostHog — product analytics. Collects anonymized usage data to help us improve the app. You can opt out via your browser's Do Not Track setting.
• Vercel — application hosting and deployment.
• Sentry — error monitoring. Collects error reports to help us fix bugs. No personal health data is included in error reports.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or compliance purposes. Anonymized, aggregated data may be retained indefinitely.

6. Data Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, row-level security policies on our database, and secure authentication practices. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Export your data in a portable format
• Opt out of analytics tracking

To exercise any of these rights, contact us at support@stacktrax.com.

8. Children's Privacy

StackTrax is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, contact us at support@stacktrax.com.