Privacy Policy

Last updated: July 2026

1. Overview

This Privacy Policy explains what information Trackr ("the App") collects, how we use it, who we share it with, and the choices you have. It applies to everyone who uses the App, whether you sign in with email, Google, Facebook, Apple, or as a demo/guest user. It should be read alongside our Terms & Conditions.

2. Information We Collect

  • Account information: your name, email address, and password (stored as a salted bcrypt hash — we never store or can recover your plaintext password). If you sign in with Google, Facebook, or Apple, we receive your name, email, and profile photo from that provider.
  • Financial data you enter: transactions, account balances, budgets, goals, reminders, lend/borrow records, recurring transactions, and custom categories. This is the core data the App is built to store — none of it is shared or sold.
  • Preferences: currency, language, dark mode, and dashboard layout.
  • Optional integrations you choose to connect: a personal Gemini API key (bring-your-own-key) or a Telegram bot token. These are stored on our servers and used only to make requests on your behalf — never shared with other users or used for anyone else's requests.
  • Basic usage analytics: page views and device/browser type via Google Analytics. No financial data, transaction content, or account balances are ever sent to Google Analytics.

3. How We Use Your Information

We use your information to operate the App: authenticate your login, store and display your financial data, categorize transactions with AI, send verification codes and password-reset codes, deliver optional monthly summary emails, respond to feedback, and protect the App from abuse (rate limiting and bot checks on sign-up and password reset).

4. AI Processing

When you log a transaction, only the short text description (e.g. "coffee 150 taka") is sent to an AI provider — Google Gemini, Anthropic Claude, or Z.ai — to identify a category and amount. We do not send your name, email, account balances, or any other transactions along with that request.

5. Other Third Parties We Use

  • Google, Facebook, Apple — only if you choose to sign in with one of these providers, to authenticate you.
  • Resend — delivers verification codes, password-reset codes, monthly summary emails, and feedback notifications.
  • Cloudflare Turnstile — a bot-detection check on sign-up and password-reset forms; it sees your IP address to verify you're not an automated script.
  • Telegram — only if you connect the optional Telegram bot; messages you send the bot are processed by Telegram's servers and ours to log transactions.
  • Google Analytics — aggregate, anonymized usage statistics.
  • Vercel and Turso — our hosting and database infrastructure providers, who process data on our behalf to run the App.

6. Cookies & Local Storage

Trackr uses a single httpOnly session cookie to keep you signed in. We also use your browser's local storage to remember your login identifiers and preferences on your device, and to support offline use as a Progressive Web App. We do not use third-party advertising or cross-site tracking cookies.

7. Data Retention & Deletion

We keep your data for as long as your account is active. You can delete your account and all associated data — transactions, accounts, budgets, goals, and settings — at any time by emailing support@trackrmoney.com.

8. Your Rights & Choices

You can export your transaction history as CSV or PDF from inside the App, correct any of your data directly in the App at any time, disconnect optional integrations (Gemini key, Telegram) from Settings, opt out of monthly report emails, and request account deletion.

9. Children's Privacy

Trackr is not directed at, and should not be used by, anyone under 13 years of age. We do not knowingly collect information from children under 13.

10. Data Security

We take reasonable technical and organizational measures to protect your data, including hashing passwords with bcrypt and restricting access to production systems. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. International Users

Trackr is built for users in Bangladesh and beyond. Depending on which third-party services you use (see Section 5), your data may be processed in other countries by those providers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date above and notify you within the App if the changes are material.

13. Contact Us

Questions about this policy or a data deletion request? Email support@trackrmoney.com or use the Settings screen inside the App.