Last updated: 27 April 2026
TrackIT: Exercise & Nutrition ("we", "our", or "us") is operated by JTFSoftware Ltd, a company registered in England and Wales (company number 17164776). Registered office: 20 Wenlock Road, London, N1 7GU, United Kingdom. JTFSoftware Ltd is the data controller for the personal data described in this policy.
This policy explains what data we collect when you use the TrackIT mobile application, why we collect it, who we share it with, and what rights you have over it.
Account data — email address and password (the password is hashed by our authentication provider and is never visible to us).
Profile data — name or display name, gender, date of birth, height, target weight, dietary preferences, and unit preferences (metric/imperial), where you choose to provide them.
Fitness data — workouts, exercises, sets, reps, weights, durations, distances, and the workout plans you create or import. This includes any cardio session data such as duration, distance, and (where you grant permission and use the GPS feature) location traces and pace.
Nutrition data — meals, recipes, food logs, calorie and macronutrient entries, and meal plans you create or import.
Body and health metrics — weight entries, body measurements you log, and any health-adjacent data you choose to record (such as resting heart rate, fatigue scores, or rest-day feedback). Some of this may constitute "special category data" under UK GDPR; we process it only on the basis of your explicit consent (you choose to log it) and only to provide the service to you.
Push notification token — if you enable notifications, your device's push token is stored so we can send the reminders you've configured (workout, meal, weigh-in, weekly summary).
Subscription and purchase data — your subscription tier and renewal status (provided to us by Apple, Google, and RevenueCat). We do not see or store your payment card details.
Device and usage data — anonymous device identifiers, app version, OS version, crash reports, and aggregate interaction events used to diagnose bugs and improve the product.
We use your data to:
We do not sell your data, and we do not use your fitness, nutrition, or health data for advertising targeting.
We rely on the following legal bases:
We share data with the following processors, only as needed to operate the service:
Supabase — hosts your account and app data. Data is stored in the EU. supabase.com/privacy
Apple App Store / Google Play — handle all subscription and in-app purchase billing. We never see your payment details. apple.com/legal/privacy · policies.google.com/privacy
RevenueCat — manages subscription state and entitlements across platforms. Receives your user ID and subscription events. revenuecat.com/privacy
Google AdMob — serves interstitial and rewarded video ads to free-tier users. May collect device identifiers and limited usage data to serve ads. You can opt out of personalised ads via the in-app consent prompt and your device's privacy settings (Settings → Privacy → Tracking on iOS; Settings → Google → Ads on Android). policies.google.com/privacy
Expo (push notifications) — relays push notification tokens between us and Apple/Google's notification services if you enable notifications. expo.dev/privacy
We do not sell your personal data, and we do not transfer your fitness or health data to advertisers.
Your data is stored in the EU by Supabase. Some of our processors (RevenueCat, Google AdMob, Apple, Google Play, Expo) may process data in the United States or other countries. Where this happens, transfers are protected by the UK Government's adequacy regulations, the EU–US Data Privacy Framework, and/or Standard Contractual Clauses, depending on the processor.
We retain your data for as long as your account is active. You can permanently delete your account and all associated data at any time from Account → Delete Account in the app, or by emailing us at the address below. Backups containing your data are purged within 30 days of deletion. Some records (subscription receipts, financial logs) may be retained for up to 7 years where required by UK tax and accounting law.
Under UK GDPR you have the right to:
To exercise any of these rights, contact us at the email below. We will respond within one month.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have mishandled your data: ico.org.uk/make-a-complaint.
Data is transmitted over TLS and stored encrypted at rest by Supabase. Passwords are never stored in plain text. Access to production systems is restricted and logged. No system is perfectly secure — if a breach affecting your data occurs, we will notify you and the ICO within 72 hours where required by law.
TrackIT is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you become aware that a child under 13 has created an account, contact us and we will delete it.
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest revision. We will notify you of material changes through the app or by email.
For any questions about this policy, or to exercise your data rights:
Email: dev.jtf7@gmail.com
Operator: JTFSoftware Ltd, company number 17164776, registered in England and Wales. Registered office: 20 Wenlock Road, London, N1 7GU, United Kingdom.