Privacy Policy

TirzTrack collects the following categories of information:

• Account data — email address, display name
• Health data — weight logs, food logs, injection records, wellness check-ins, progress photos
• Device data — browser type, timezone (used for accurate date tracking)
• Usage data — pages visited, features used (not sold or shared with advertisers)

Your data is used solely to:

• Provide and operate the TirzTrack tracking service
• Generate AI-powered insights, nutritional estimates, and health analyses
• Send email notifications you've opted into
• Improve the service and fix bugs

We do not use your data for advertising, profiling for third parties, or any purpose beyond providing the service.

When you use AI-powered features (Smart Log, food photo analysis, AI insights, progress photo analysis), your relevant health data is transmitted to Anthropic's API for processing. Key facts about this:

• Anthropic does not use API inputs to train their AI models
• We transmit only the minimum data necessary for each feature
• Data sent to Anthropic is subject to Anthropic's Privacy Policy
• You can opt out of AI features by simply not using them — the core tracking app functions without AI

Your data is stored in Supabase, hosted on Amazon Web Services (AWS) infrastructure in the United States. Specific storage details:

• All data is protected by row-level security policies (only you can access your data)
• Progress photos are stored in Supabase Storage with encryption at rest
• All data transmission uses TLS encryption
• Database backups are maintained by Supabase

We take your privacy seriously:

• We do NOT sell your data
• We do NOT share your data with advertisers
• We do NOT share your data with third parties except as required to operate the service

Your data is shared only with the following service providers, solely for operating TirzTrack:

• Supabase — data storage and authentication
• Anthropic — AI feature processing
• Vercel — application hosting
• Resend — transactional email delivery

Your data is retained for as long as your account is active. When you delete your account, all associated data — including health logs, photos, and profile information — will be permanently deleted. You can request full account deletion at any time by contacting us.

You have the following rights regarding your data:

• Access — View all data associated with your account
• Export — Request an export of your data
• Correction — Correct any inaccurate data
• Deletion — Delete your account and all associated data
• Opt-out — Choose not to use AI features

To exercise these rights, contact us at the email address below.

TirzTrack uses only essential cookies necessary for authentication and maintaining your session. We do not use:

• Tracking or analytics cookies
• Advertising cookies
• Third-party marketing cookies

TirzTrack is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If you believe a minor has provided us with personal information, please contact us immediately.

TirzTrack is not a HIPAA-covered entity and is not designed to be HIPAA compliant. While we take reasonable and industry-standard measures to protect your health data, the app does not meet the specific requirements of the Health Insurance Portability and Accountability Act. Do not use TirzTrack as a replacement for HIPAA-compliant health records systems.

California residents have additional rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information is collected and how it is used
• The right to request deletion of personal information
• The right to opt out of the sale of personal information (we do not sell data)
• The right to non-discrimination for exercising your rights

If you are located in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including:

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to data portability
• Right to object to processing

Our legal basis for processing your data is your explicit consent given at account creation, and the performance of our service contract with you.

We implement industry-standard security measures to protect your data, including:

• TLS encryption for all data in transit
• Encryption at rest for stored data and photos
• Row-level security policies ensuring only you can access your data
• Secure authentication managed by Supabase

However, no system is 100% secure. We cannot guarantee absolute security and are not responsible for unauthorized access resulting from factors outside our reasonable control.

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the date at the top of this policy and, where appropriate, through in-app notification or email. Your continued use of TirzTrack after changes constitutes your acceptance of the updated policy.

For privacy inquiries, data requests, or to exercise your rights, contact us at:

privacy@tirztrack.com

We aim to respond to all privacy inquiries within 30 days.