← XtrkR

Privacy Policy

Effective March 2026 · Last updated March 15, 2026

The Short Version

XtrkR does not collect, store, or transmit any of your data. Everything you enter stays on your iPhone. We have no servers, no accounts, no analytics, and no way to see what you do in the app.

---

What Data XtrkR Stores

XtrkR stores all of the following locally on your device only, using Apple's SwiftData framework:

• Encounter logs — dates, partners, activities, mood, ratings, locations, notes
• Partner profiles — names, details, profile photos
• STI test records — test types, dates, results, sites, reminders
• PrEP and DoxyPEP dose logs — dates, times, notes
• Vaccination records — types, dates, dose numbers, providers
• Health insights — generated on-device from your data, never transmitted
• App settings — PIN hash, preferences, notification settings

None of this data ever leaves your device through XtrkR.

What XtrkR Does NOT Do

• No accounts — you never sign up or log in
• No cloud sync — your data is not uploaded to any server
• No analytics — we don't track how you use the app
• No advertising — no ad SDKs, no ad identifiers
• No crash reporting — no third-party crash or diagnostics SDKs
• No third-party SDKs — zero external dependencies
• No data sharing — your data is never shared with anyone, for any reason
• No network requests — the app makes no network calls except Apple's StoreKit for in-app purchases

Apple Health (HealthKit)

XtrkR can optionally write sexual activity data to Apple Health. This feature is off by default, is write-only (XtrkR never reads data from Apple Health), and data written is governed by Apple's HealthKit privacy policies.

iCloud Drive Backups

XtrkR can optionally create encrypted backups to your iCloud Drive. This feature is off by default. Backups are AES-256-GCM encrypted and stored in your personal iCloud Drive container. We cannot access, decrypt, or read your backup files.

Keychain

XtrkR stores your PIN hash and iCloud backup password (if enabled) in the device Keychain. Keychain data is protected by iOS device security and is not synced to iCloud Keychain.

Location Data

Location data is stored locally only. Geocoding uses Apple's MapKit services. Location coordinates are never transmitted to any server we operate.

Photos

Photos are stored locally in the app's Documents directory. They are included in encrypted backups if you create them. Photos are never uploaded or transmitted anywhere.

In-App Purchases

All payment processing is handled by Apple through StoreKit 2. We do not receive or store any payment information.

Notifications

Notifications are generated locally on your device — not pushed from a server. Discreet mode (on by default) uses generic titles for privacy.

Children's Privacy

XtrkR is rated 17+ and is not intended for use by anyone under 17. We do not collect data from anyone.

Data Deletion

Since all data is stored locally, you have complete control. Delete individual records in the app, or delete the app to remove all data. No deletion request to us is necessary — you are the sole controller of your data.

Your Rights (GDPR, CCPA)

Because XtrkR does not collect or process personal data on our servers, your data rights are inherently fulfilled: all your data is accessible to you (it's on your device), deletable at any time, and exportable via CSV, JSON, or encrypted backup. We do not sell, share, or disclose personal information because we do not have any.

Changes to This Policy

If we update this policy, we will update the "Last Updated" date. Given our architecture (no servers, no data collection), meaningful changes would likely only occur if the app's fundamental design changes.

Contact

Email: nihilmexico@gmail.com