Legal / 001
Privacy Policy
Last updated · 29 April 2026
This privacy policy explains what data TrackSnap collects, how we use it, who we share it with, and what rights you have over your data. We’ve tried to keep it short and plain.
01 — Who we are
TrackSnap is a mobile application that turns your fitness activities (from Strava or Apple Health) into shareable visual templates.
For privacy-related questions or requests, contact us at hello@tracksnap.club.
For the purposes of the EU General Data Protection Regulation (GDPR), Vitarius Bence (sole proprietor, Hungary) is the data controller for the personal data processed through TrackSnap.
02 — What data we collect
2.1 Account identifiers
When you connect Strava to TrackSnap, we create an account for you in our backend (Supabase). This account is identified by:
- A synthetic email address — automatically generated from your Strava ID in the format
{your_strava_id}@strava-user.com. We do not collect or store your real email address. This synthetic email is used only as a unique identifier for your TrackSnap account and never to send you email. - A user ID — a randomly generated unique identifier for your TrackSnap account.
- Your Strava profile name and profile photo — your first name, last name, and profile image as provided by Strava. We display these inside the app so you can recognise your own profile.
2.2 Activity data
When you connect Strava, TrackSnap fetches your activity data on demand to render visuals:
- Workout type, duration, date, distance, pace, splits, heart rate, elevation, calories
- The route polyline (GPS coordinates of the activity) — used only to render static maps
When you connect Apple Health, TrackSnap reads workout-related data on your device:
- Workouts (
HKWorkoutType) - Heart rate
- Active energy burned
- Distance (walking, running, cycling)
- Step count
We do not read any other Health data, and we do not write any data to Apple Health.
2.3 Photos
When you add photos to a template, TrackSnap accesses your photo library or camera with your permission. The photos are processed on your device and embedded into the template you’re creating. If you export a video, the photos and template are sent to our video rendering service (see “Third parties” below) for processing.
2.4 Subscription data
If you subscribe to TrackSnap Pro:
- Apple processes your payment — we never receive your payment card details.
- We receive subscription status (active/expired/trial), product ID, and renewal date from Apple via RevenueCat (our subscription management provider).
2.5 Usage data
We collect anonymous product analytics events to understand how the app is used (e.g. which templates are popular, how many users complete onboarding). These events are linked to your TrackSnap user ID but never to advertising identifiers (we do not use IDFA) and never sold or shared with third-party advertisers.
2.6 Device-level diagnostics
The operating system itself may share crash reports and basic performance metrics with Apple. These are governed by Apple’s privacy policy, not ours, and we do not run any third-party crash or performance reporting.
2.7 What we don’t collect
- We do not access your device’s current GPS location.
- We do not collect your real email, phone number, address, or contact list.
- We do not show advertising or use any ad-tracking SDKs.
- We do not collect data from children. TrackSnap is not directed at users under 16 and we do not knowingly collect data from anyone under 16.
03 — How we use your data
| Purpose | Data used |
|---|---|
| Authenticate you and load your activities | Strava tokens, synthetic email, user ID |
| Render visual templates and exports | Activity data, photos, GPS polyline |
| Manage your subscription | RevenueCat user ID, subscription status |
| Improve the app (anonymous product analytics) | User ID, app events |
| Respond to your support requests | Whatever you send us |
We do not use your data to:
- Target advertising (we don’t show ads)
- Sell or share with data brokers
- Build profiles for third parties
- Train AI/ML models
Apple HealthKit data — specific commitments
In line with Apple’s HealthKit requirements:
- We do not use HealthKit data for advertising or any other use-based data mining.
- We do not disclose your HealthKit data to any third party without your explicit consent.
- We do not sell your HealthKit data.
Apple HealthKit data stays on your device and is only used to render visuals you create within the app.
04 — Third parties we share data with
We use a small number of third parties to operate TrackSnap. Each receives only the minimum data needed for their function.
| Third party | Receives | Purpose | Location |
|---|---|---|---|
| Strava | OAuth tokens (you authorise) | Provide your activity data | US |
| Apple Health | (data stays on device) | Source of HealthKit data | Your device |
| Supabase | Synthetic email, user ID, template/customisation data | Backend storage and authentication | US / EU |
| Mapbox | GPS polyline coordinates and style parameters | Render static maps from activity routes | US |
| RevenueCat | TrackSnap user ID, Apple receipt data | Subscription management | US |
| Apple App Store | Apple ID + payment information | Process subscription payments | Apple |
| PostHog | Anonymous product events linked to your user ID | Product analytics | US |
| Vercel (Remotion) | Photos, template data, activity data for video rendering | Server-side video rendering when you export a video | US |
| Expo / Apple Push Notification Service | Push notification tokens | Send notifications about new activities | US / Apple |
International transfers
Some of these providers are based in the United States. Where personal data is transferred outside the European Economic Area, the transfer is protected under the EU’s Standard Contractual Clauses or an equivalent safeguard agreed with each provider.
05 — How long we keep your data
| Data | Retention |
|---|---|
| Synthetic email, user ID, profile info | Until you delete your account |
| Templates and customisation settings | Until you delete your account |
| Strava tokens | Until you disconnect Strava or delete your account |
| Activity data | Not retained — fetched on demand and used in memory only |
| Photos | On your device (and ephemerally on the rendering service for video exports — typically deleted within 24 hours) |
| Anonymous analytics events | Up to 12 months |
| Subscription / receipt records | Up to 7 years (tax / accounting law), even after deletion |
| Server logs | Up to 90 days |
06 — Your rights
You have the following rights over your personal data:
- Access — see what data we hold about you
- Correction — fix anything that’s wrong
- Deletion — delete your TrackSnap account and associated data (in-app: Profile → Delete Account)
- Portability — get a copy of your data in a portable format
- Object / Restrict — ask us to stop or limit certain processing
- Withdraw consent — at any time, where processing is based on consent (e.g. disconnect Apple Health or Strava)
- Lodge a complaint — with your local data protection authority. In Hungary, that’s NAIH. Elsewhere in the EU/EEA, your country’s equivalent authority.
To exercise any of these rights, email us at hello@tracksnap.club. We’ll respond within 30 days.
Account deletion — what happens
When you delete your TrackSnap account from inside the app:
- Your Strava OAuth grant is revoked, so we can no longer access your Strava data.
- Your TrackSnap account in our backend (Supabase) is permanently deleted, along with your saved templates, preferences, push notification tokens, and any cached activity data.
- Your RevenueCat profile is anonymised so it’s no longer linked to your TrackSnap user ID.
- All locally cached data on your device is cleared.
Subscription receipt records may be retained as required by tax law, but they are no longer linked to your identity once your account is deleted.
If you also have an active subscription, you’ll need to cancel it separately in iOS Settings → Apple ID → Subscriptions — Apple does not allow developers to cancel subscriptions on a user’s behalf.
07 — Lawful basis (EU/EEA users)
Under GDPR, we rely on the following lawful bases:
- Performance of a contract — for processing strictly needed to provide the app to you (account, subscription, template rendering)
- Consent — where you’ve explicitly opted in (connecting Strava, granting Apple Health permission, photo library access)
- Legitimate interests — for anonymous product analytics to improve the app, and for fraud prevention. You can object at any time by emailing us.
- Legal obligation — for retention of subscription records as required by tax law
08 — Security
We use HTTPS/TLS for all data in transit. Strava OAuth tokens are stored in your device’s encrypted Keychain. Backend data is stored on Supabase, which uses industry-standard encryption at rest. No system is perfectly secure, but we work to follow current best practices.
09 — Children
TrackSnap is not directed at children under 16, and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we’ll delete it.
10 — Changes to this policy
We may update this policy from time to time. When we do, we’ll change the “Last Updated” date at the top. For material changes, we’ll notify you in the app or by another reasonable means. Continued use of TrackSnap after the update means you accept the revised policy.
11 — Contact
For data protection requests, please include “Privacy Request” in the subject so we can route it correctly.