Privacy Policy
Last Updated: March 7, 2026
1. Information We Collect
Health Data
The app allows tracking of:
- Symptom data (pain levels, bowel movements, mood, energy)
- Medication information and adherence tracking
- Health notes and observations
- HealthKit data (with user authorization)
Key Point: All health data is stored locally on your device using Core Data. We do not have access to this information, and it is never transmitted to our servers.
Meal Analysis Data
When you use AI-powered food analysis features, the following data may be sent to external services for processing:
- Meal Photos: Images you photograph are sent to our secure cloud service for AI food identification
- Food Names: Text you type when searching or logging foods is sent for nutrition and dietary compliance estimation
- Barcodes: Scanned product barcodes are sent to the Open Food Facts database to retrieve product and ingredient information
Key Point: Meal analysis data is only sent when you actively use these features (camera, text search, or barcode scanner). No images, food names, or barcodes are sent automatically or in the background. This data is processed transiently and is not stored on our servers after the response is returned.
Technical Data
Limited analytics collected:
- App usage patterns (features used, session duration)
- Feature interactions (button clicks, screen views)
- Performance metrics (crashes, loading times)
- Device information (iOS version, device model—no identifiers)
Key Point: Analytics data excludes all health information and is anonymized before transmission.
2. How We Use Your Information
Health Data
Since data remains on-device, processing includes:
- Displaying health trends and insights
- Generating personalized recommendations
- Sending medication reminders (if enabled)
- Exporting data for healthcare providers
Analytics Data
Anonymized data supports:
- Optimizing app performance
- Understanding helpful features
- Improving user experience
- Making data-driven feature decisions
- Resolving technical issues
3. Data Storage and Security
Local Storage
Device-stored using Apple's Core Data, protected by:
- Passcode/Face ID/Touch ID security
- iOS sandboxing
- Encryption at rest
iCloud Sync (Optional)
Encrypted in transit and at rest by Apple via CloudKit. We have no server access. Users control activation.
Important: HealthKit-sourced data is excluded from iCloud sync and remains on-device only.
4. HealthKit Integration
Data We Read (With Permission)
- Steps, walking/running distance, flights climbed
- Heart rate, heart rate variability (HRV), resting heart rate
- Respiratory rate, blood oxygen (SpO₂)
- Sleep analysis and duration
- Active energy burned
- Body temperature
Data We Write (With Permission)
- Body weight only
Key Point: HealthKit data is accessed only on your device via Apple's approved HealthKit APIs. We do not transmit HealthKit data to our servers.
Control: You can change or revoke permissions via iOS Settings → Privacy & Security → Health → Tract.
5. AI-Powered Food Analysis
Tract offers optional AI-powered features to help you log meals and understand their nutritional and dietary impact. These features require an internet connection and involve sending limited data to external services.
Photo Recognition
When you photograph a meal, the image is sent to our secure cloud proxy for AI-powered food identification. The image is used solely to identify foods and estimate nutrition data. Images are processed in real time and are not retained after the response is returned.
Text-Based Nutrition Estimation
When you type food names, the text is sent to our secure cloud proxy to estimate nutrition and dietary compliance data (e.g., FODMAP levels, SCD classification). Only the food names you enter are sent—no health data, account information, or device identifiers are included.
Barcode Scanning
When you scan a product barcode, the barcode number is sent to Open Food Facts, a public, open-source food product database, to retrieve product name, ingredients, and nutrition information. No personal data is sent with the request.
Key Point: No health data, personal identifiers, or device information is transmitted during meal analysis. These features are entirely optional and only activate when you explicitly use them.
6. Data Sharing
Core Policy: We do not share, sell, or distribute your personal health information to any third parties.
Analytics Service Provider
Amplitude: Receives anonymized technical data only (app events, feature usage, performance metrics)—never health data.
AI Food Analysis Providers
Cloud Proxy: Meal photos and food names are processed through our secure cloud proxy for AI-powered food identification and nutrition estimation. Data is processed transiently and not retained.
Open Food Facts: Barcode numbers are sent to the Open Food Facts open-source database to retrieve product information. No personal data is included.
User-Initiated Sharing
Occurs only when you explicitly choose to:
- Export data for healthcare providers
- Share via iOS features (AirDrop, email)
7. Children's Privacy
The app is not intended for users under 16. We do not knowingly collect information from children under 16.
8. Analytics and Tracking
Data Collection Details
- User Events: Button taps, screen views, feature usage (no content)
- App Performance: Crash reports, loading times, memory usage
- Session Data: App opens, session duration, navigation patterns
- Device Context: iOS version, device model, app version (no unique identifiers)
Opt-Out Options
Access Settings in the app and toggle "Usage Analytics" off. Your preference is saved immediately.
Data Retention
- Amplitude: Up to 2 years for trend analysis
- Anonymization: No individual traceability
- Deletion: You can request deletion via contact
Third-Party Standards
Amplitude maintains:
- GDPR and CCPA compliance
- Data encryption in transit and at rest
- No cross-referencing with other sources
- Regular security audits and certifications
9. Your Rights
You maintain complete control:
- Access: View all data within the app
- Export: Export in PDF and CSV formats
- Delete: Remove individual entries or all data
- Control: Choose what data to track and share
10. Changes to This Policy
We may update this policy with notifications via posting and updating the "Last Updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.
11. Contact Us
Email: gettract@gmail.com
For privacy-related questions, data deletion requests, or concerns, please reach out via email.
12. Medical Disclaimer
Tract is for informational and tracking purposes only. It is not intended to diagnose, treat, cure, or prevent any disease. Always consult with qualified healthcare professionals regarding your health condition and treatment.