Privacy Policy for The Traces App

Last Updated: February 25, 2026 Effective Date: February 7, 2026

Our Privacy Philosophy

The Traces is built on a simple principle: just showing up is enough. We extend this philosophy to your privacy - we collect only what's necessary to make the app work well, and you remain in control.

This privacy policy explains what data we collect, why we collect it, and how you can control it. We've written this in plain language because we believe privacy policies shouldn't require a law degree to understand.

Quick Summary

What we collect:

  • Your goals, entries, tags, and notes (stored locally on your device)
  • Basic app usage data (how you use features)
  • Crash reports (to fix bugs)
  • Subscription status (if you subscribe to Pro/Premium)

What we DON'T collect:

  • Your name, email, or personal information
  • Your precise location (Firebase may infer approximate location from your IP address)
  • Your contacts
  • Your photos or images (the app may request iOS photo library access for file saving, but never reads or collects your photos)
  • Data from other apps

Your controls:

  • Disable analytics in Settings (crash reports stay enabled to fix bugs)
  • All your goals and entries stay on your device (optionally backed up via iCloud on iOS, or Google Backup on Android (yet to be implemented))
  • Delete your data anytime by deleting the app

1. Information We Collect

1.1 Information You Provide

Goals, Entries, Tags, and Notes

  • When you create goals, log entries, add tags, or write notes, this data is stored locally on your device
  • We never send your goal names, entry descriptions, tags, or notes to our servers
  • This data remains private and under your control

App Settings

  • Your preferences (theme, notification settings, security settings)
  • These are stored locally on your device

Data Export & File Sharing (Pro/Premium)

  • When you export your data and choose to save it to your iOS device, the app requests access to your Photo Library — this is an iOS system requirement for saving files via the share sheet
  • We do not read, access, collect, or upload any photos or images from your library
  • This permission is only triggered if you choose to save an exported file to Photos; you can decline it and still share the export to other destinations (Files, email, etc.)

1.2 Information We Collect Automatically

Analytics Data (Optional - You Can Disable This)

We use Firebase Analytics to understand how the app is used. This helps us improve features and fix problems. We collect:

  • Events: Actions you take (like creating a goal, logging an entry, changing theme)
  • Aggregate Metrics: Number of goals, number of entries, subscription tier
  • Device Information: Device model, iOS version, app version
  • Usage Patterns: Which screens you visit, how long you use the app

What we DON'T track:

  • Your goal names or content
  • Your entry descriptions or notes
  • Any text you enter in the app
  • Your precise location (Firebase may infer approximate location/country from your IP address)
  • Your identity or personal information

You can disable analytics at any time in Settings > Privacy > Usage Analytics

Crash Reports (Always Enabled)

We use Firebase Crashlytics to detect and fix app crashes. When the app crashes, we automatically receive:

  • Error information: What went wrong in the code
  • Device details: iOS version, device model
  • Stack trace: Technical details to help us fix the bug

Crash reports DO NOT include:

  • Your goal names, entries, or notes
  • Your personal information
  • Anything you typed in the app

Why crash reports can't be disabled: We need crash data to maintain app stability and fix bugs that affect all users. This is essential for the app to work reliably.

Device Identifiers (Always Enabled)

Firebase assigns anonymous device identifiers to support analytics and crash reporting:

  • Firebase Installation ID: A random identifier assigned to each app install
  • Crashlytics UUID: An anonymous identifier used to correlate crash reports across sessions

These identifiers are not linked to your identity and cannot be used to identify you personally.

Advertising Identifier (Android)

On Android, Firebase Analytics may access the Google Advertising ID (GAID) on your device. This is used for analytics attribution only — not for advertising. You can reset or opt out of the Advertising ID in: Settings > Google > Ads.

1.3 Device Backup (Optional - Your Choice)

iOS — iCloud Backup

If you have iCloud Backup enabled on your iPhone, your The Traces data may be automatically backed up to your iCloud account. This includes your goals, entries, tags, notes, and app settings.

  • iCloud backup is controlled by your iPhone's Settings (Settings > [Your Name] > iCloud > iCloud Backup)
  • Data backed up to iCloud is encrypted and protected by your Apple ID password
  • We do not have access to your iCloud backups
  • Your iCloud backup is governed by Apple's Privacy Policy

How to disable iCloud backup for The Traces: Settings > [Your Name] > iCloud > Manage Storage > Backups > select your device > toggle off The Traces.

Android — Google Backup

If you have Google Backup enabled on your Android device, your The Traces data may be backed up to your Google account via Android's standard backup service.

  • Controlled by your Android Settings (Settings > System > Backup)
  • We do not have access to your Google backups
  • Your Google Backup is governed by Google's Privacy Policy

Note: This has yet to be implemented.

1.4 Subscription Information

If you subscribe to The Traces Pro or Premium, we use RevenueCat to process your subscription. RevenueCat may collect:

  • Purchase information: Product ID, subscription tier, purchase date
  • Anonymous identifier: A random ID to link your purchases (not tied to your identity)
  • Device information: Platform (iOS), app version

What's NOT collected:

  • Your payment information (handled by Apple, not us)
  • Your name or email
  • Your Apple ID

For more details, see RevenueCat's Privacy Policy.

2. How We Use Your Information

2.1 To Provide the App

  • Store your goals, entries, tags, and notes on your device
  • Remember your settings and preferences
  • Sync your data via iCloud (if you enable iCloud Backup)

2.2 To Improve the App

  • Analyze usage patterns to understand which features are helpful
  • Identify and fix bugs and crashes
  • Measure app performance and stability

2.3 To Process Subscriptions

  • Verify your subscription status (Pro/Premium)
  • Unlock premium features for subscribers
  • Restore purchases on new devices

2.4 To Communicate With You (Only If Needed)

We may use in-app messages to:

  • Notify you of important updates or changes
  • Inform you about new features
  • Respond to your support requests

We will never:

  • Send you marketing emails (we don't have your email)
  • Sell your data to third parties
  • Show you ads in the app

2.5 Legal Basis for Processing (GDPR)

If you are in the EU, EEA, or UK, we rely on the following legal bases under GDPR Article 6:

DataLegal Basis
Subscription / purchase informationContract performance (Art. 6(1)(b)) — necessary to fulfil your subscription
Crash reports and device identifiersLegitimate interests (Art. 6(1)(f)) — necessary to maintain app stability for all users
Analytics data (usage events, screen views)Legitimate interests (Art. 6(1)(f)) — to understand how the app is used, prioritise improvements, and fix problems; you can disable analytics at any time in Settings

Where we rely on legitimate interests, we have balanced those interests against your privacy rights and concluded the processing is proportionate and not overriding. Analytics data is anonymous, does not include any of your personal content, and is used solely to improve the app.

3. Data Sharing and Disclosure

3.1 Third-Party Services We Use

We share limited data with these trusted service providers:

Firebase Analytics & Crashlytics (Google)

  • Purpose: Analytics and crash reporting
  • Data shared: Usage events, device info, crash logs (NO personal content)
  • Privacy Policy: https://firebase.google.com/support/privacy

Firebase Remote Config (Google)

  • Purpose: Remote app configuration — used to check whether a minimum app version is required (force update)
  • Data shared: App version, Firebase Installation ID, device platform info
  • Privacy Policy: https://firebase.google.com/support/privacy

RevenueCat

  • Purpose: Subscription management
  • Data shared: Anonymous user ID, subscription status, purchase info
  • Privacy Policy: https://www.revenuecat.com/privacy/

Apple iCloud (Optional)

  • Purpose: Backup your data (only if you enable iCloud Backup)
  • Data shared: Your goals, entries, tags, notes, settings (encrypted)
  • Privacy Policy: https://www.apple.com/legal/privacy/

Loops.so (Website only)

  • Purpose: Waitlist email collection for launch notification
  • Data shared: Email address (if you sign up for the waitlist)
  • Privacy Policy: https://loops.so/privacy

Plausible Analytics (Website only)

  • Purpose: Privacy-friendly website analytics (no cookies, no personal data)
  • Data shared: Anonymized, aggregated page views
  • Privacy Policy: https://plausible.io/data-policy

3.2 Legal Requirements

We may disclose your information if required by law, such as:

  • To comply with a subpoena or court order
  • To protect our legal rights
  • To prevent fraud or security threats

3.3 Business Transfers

If The Traces is acquired or merged with another company, your data may be transferred. We will notify you before this happens and explain your options.

3.4 What We NEVER Do

  • Sell your data - We never sell your personal information to advertisers or data brokers
  • Share your content - Your goals, entries, and notes are never shared with third parties
  • Track you across apps - We don't use cross-app tracking

4. Data Storage and Security

4.1 Where Your Data Is Stored

On Your Device (Primary Storage)

  • All your goals, entries, tags, notes, and settings are stored locally using Hive (a local embedded database on your device)
  • This data stays on your device unless you delete the app
  • On iOS: Your data files are protected by iOS Data Protection — the operating system encrypts them at rest whenever your device is locked (using your device passcode)
  • On Android: Protection depends on your device's storage encryption settings (most modern Android devices use file-based encryption by default)

In iCloud (Optional Backup)

  • If you enable iCloud Backup, your data is encrypted and stored in Apple's iCloud servers
  • iCloud data is protected by Apple's security measures and your Apple ID password

Firebase Analytics, Crashlytics & Remote Config

  • Aggregate usage data, crash logs, and app configuration data are stored on Google's Firebase servers
  • This data is anonymized and does not include your personal content

RevenueCat

  • Subscription status is stored on RevenueCat's servers (hosted on AWS)
  • Uses anonymous identifiers only

4.2 Security Measures

We take security seriously:

  • iOS Data Protection: On iOS, your data files are encrypted at rest by the operating system whenever your device is locked. On Android, protection depends on your device's storage encryption settings
  • Biometric authentication: Optional Face ID/Touch ID/PIN to protect your data
  • HTTPS: All network communications are encrypted
  • No passwords: We don't require accounts or store passwords
  • iCloud encryption: iCloud backups are encrypted by Apple

No system is 100% secure, but we use industry-standard practices to protect your data.

5. Data Retention

5.1 How Long We Keep Your Data

On Your Device

  • Your goals, entries, tags, and notes remain on your device until you delete them or uninstall the app
  • Settings persist until you reset them or uninstall the app

In iCloud

  • iCloud backups are retained according to Apple's policies
  • You can delete iCloud backups anytime through iPhone Settings

Analytics Data

  • Firebase Analytics data is automatically deleted after 14 months
  • Crash reports are retained for 90 days

Subscription Data

  • RevenueCat retains subscription history for accounting and support purposes
  • Typically deleted 90 days after subscription ends

5.2 Deleting Your Data

To delete all local data:

  1. Uninstall The Traces app from your iPhone
  2. This permanently deletes all goals, entries, tags, notes, and settings from your device

To delete iCloud backups:

  1. Go to iPhone Settings > [Your Name] > iCloud > Manage Storage
  2. Select The Traces and tap "Delete Data"

To delete analytics data:

  • Analytics data is anonymous and cannot be linked back to you
  • It is automatically deleted after 14 months

To delete subscription data:

  • Contact us at help.thetraces@yahoo.com with your app receipt number
  • We'll request deletion of your subscription history from RevenueCat

6. Your Privacy Rights

6.1 Rights for All Users

  • Access: Your data is always accessible to you within the app
  • Control: You can edit or delete any goal, entry, tag, or note
  • Export: Use the "Export Data" feature (Pro/Premium) to get a copy of your data
  • Opt-out: Disable analytics in Settings > Privacy > Usage Analytics
  • Delete: Uninstall the app to delete all local data

6.2 Additional Rights (GDPR, CCPA, etc.)

If you're in the EU, UK, California, or other regions with privacy laws, you have the following rights:

Right to Access (Art. 15 GDPR)

  • Request a copy of any data we hold about you (most is already on your device)

Right to Rectification (Art. 16 GDPR)

  • Request correction of inaccurate data we hold about you

Right to Erasure / "Right to Be Forgotten" (Art. 17 GDPR)

  • Request deletion of your analytics data and subscription history

Right to Restriction of Processing (Art. 18 GDPR)

  • Request that we limit how we use your data while a dispute is being resolved

Right to Object (Art. 21 GDPR)

  • Object to processing based on legitimate interests
  • For analytics: Disable analytics in Settings > Privacy > Usage Analytics — this immediately stops all analytics event collection
  • For crash reports (Crashlytics): Crashlytics cannot be disabled in the app because crash data is essential for maintaining stability for all users. If you wish to formally object, contact us at help.thetraces@yahoo.com and we will assess whether your specific circumstances override our legitimate interests

Right to Data Portability (Art. 20 GDPR)

  • Export your goals, entries, and tags in JSON or CSV format (Pro/Premium feature)
  • Note: Analytics data held by Google (Firebase) is anonymous and cannot be linked back to you; it does not qualify for portability as it is not "data you provided"

Right to Lodge a Complaint

  • If you believe we are processing your data unlawfully, you have the right to lodge a complaint with the Norwegian data protection authority: Datatilsynet (datatilsynet.no) or the supervisory authority in your country of residence.

To exercise these rights, contact us at help.thetraces@yahoo.com with your request. We will respond within 30 days.

7. Children's Privacy

The Traces is intended for users aged 13 and older (or 16 and older in the EU/EEA, in line with GDPR requirements). We do not knowingly market to or collect personal information from children below these age limits.

  • The app does not require an account, email, or any personal information to use
  • If you are under 13 (or under 16 in the EU/EEA), please do not use the app without a parent or guardian's consent and supervision
  • Parents can disable analytics in Settings > Privacy > Usage Analytics to ensure no usage data is collected from their child's device
  • All goal and entry data stays on the device (or in the family's iCloud if iCloud Backup is enabled and controlled by the parent)

If you believe we have inadvertently collected personal information from a child below the applicable age limit, please contact us immediately at help.thetraces@yahoo.com and we will delete any such data promptly.

8. International Data Transfers

The Traces is developed in Norway and may be used worldwide. If you use the app outside Norway:

  • Your device data stays on your device (no international transfer)
  • iCloud backups are stored in Apple's data centers (location depends on your Apple ID region)
  • Firebase/RevenueCat data may be processed in the United States or other countries

Where data is transferred outside the EU/EEA (for example, to Google or RevenueCat servers in the US), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for that transfer. Both Google and RevenueCat have SCCs in place and comply with GDPR. You can find details in their respective privacy policies linked in Section 3.1.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

  • We'll update the "Last Updated" date at the top
  • If changes are significant, we'll notify you via an in-app message
  • Continued use of the app after changes means you accept the updated policy

We recommend reviewing this policy periodically to stay informed about how we protect your privacy.

10. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or your data:

Email: help.thetraces@yahoo.com Website: thetraces.app

We typically respond within 2-3 business days.

11. App Store / Google Play Data Declarations

For transparency, here's a summary matching what we've declared in the Apple App Store and Google Play Store.

Apple App Store Privacy Labels

  • Data Used to Track You: None
  • Data Linked to You: None
  • Data Not Linked to You: Usage data (optional), diagnostics, crash logs, device identifiers
  • Data Stored on Device Only: Goals, entries, tags, notes, app settings

Google Play Data Safety

  • Shared with third parties: Purchase history (with RevenueCat, for subscription management)
  • Collected: Purchase history, approximate location (inferred by Firebase from IP), crash logs, diagnostics, app interactions, device identifiers, app version (for force update checks via Firebase Remote Config)
  • Security: All data encrypted in transit
  • User choice: Analytics is optional (users can opt out)

Your Privacy Matters

We built The Traces with privacy at its core because we believe in supporting you without surveillance. Your goals, your progress, and your data belong to you - not us, not advertisers, not data brokers.

Thank you for trusting The Traces to support your journey.

Questions? Read our full privacy policy above or contact us at help.thetraces@yahoo.com