← XtrkR

How XtrkR protects your data

Not a promise. An architecture. Here's exactly how it works — and why XtrkR is built so your records stay on your device, not on servers I operate.

1. Everything stays on your iPhone

XtrkR uses Apple's SwiftData framework to store your records in a local database on your device. There is no XtrkR account. There is no XtrkR server storing your records. There is no cloud sync unless you explicitly enable encrypted iCloud backup.

2. Limited network calls, only when needed.

XtrkR uses limited Apple-provided network services for specific features. One is Apple's StoreKit framework, which handles in-app purchases. That is Apple's code talking to Apple's servers about whether you made a purchase. I do not see your payment card details.

Another is Apple's MapKit, which can translate a location coordinate into a city or place name when you choose to add a location to an encounter. That request goes to Apple's servers, not mine, and only when you choose to use that feature. If you never add locations, MapKit is never called.

Beyond those Apple-provided services, there are no ad networks, analytics SDKs, or third-party tracking tools in the app. You can optionally share diagnostics from Settings, but nothing is sent to me without your action. The app is otherwise designed to stay quiet on the network.

3. Encrypted backups (opt-in only)

If you choose to back up your data, XtrkR creates an AES-256-GCM encrypted file and saves it to your personal iCloud Drive. You set the password. The encryption happens on your device before the file is written.

4. What I cannot do

This isn't a policy decision — it's an architectural constraint. The app is designed so that the following are technically impossible:

• See your data Impossible
• Access your account No accounts exist
• Track your usage No analytics code
• Sell your data I don't have it
• Hand your data to law enforcement I don't have it
• Recover your data if you lose your phone Only you can (via backup)
• Know how many users I have Only App Store download count

4b. Photos shared via the Share Extension

If you save a photo or screenshot to XtrkR using the iOS Share Sheet, it is processed entirely on your device:

• StorageLocal app container only
• EXIF / location metadataStripped on import
• Face detection / recognitionNone — never run
• iCloud backupExcluded by default
• Auto-deletionAfter 90 days unless saved to a partner
• Sent to any serverNever

You are responsible for what you choose to save. Do not use XtrkR to store unlawful content, including nonconsensual intimate images or images of minors.

5. What about law enforcement?

Because your data lives on your device — not on my servers — I have nothing to hand over in response to a subpoena or legal request. I literally don't have your data.

However, your device itself can be subject to a warrant or physical seizure. If law enforcement obtains a valid warrant for your iPhone, the data inside XtrkR — like all data on your phone — could potentially be accessed. This is true of any app that stores data locally.

If you enable encrypted iCloud backups, the encrypted backup file is stored in your iCloud Drive. Apple could be compelled to produce that file in response to a legal request, but it is AES-256-GCM encrypted with a password only you know — without the password, the file is unreadable.

6. Why this matters for you specifically

If you're using XtrkR to track PrEP adherence, STI test results, encounter history, partner details, or other sensitive health information, you're storing deeply personal data. Many apps in this space require accounts, sync to cloud servers, or include analytics that track user behavior.

That kind of architecture creates risks this app is designed to avoid.

XtrkR was built so your records stay on your device, not because of a privacy promise that could change, but because of an architecture designed around local storage.