Privacy Policy

traqqo (“we”, “our”, or “us”) operates the traqqo mobile application (the “App”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our App.

By using traqqo, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Information You Provide

• Account Information: Name, email address, and password when you create an account.
• Profile Information: Phone number, profile photo, and biographical details you choose to add.
• Client Data (Trainers): Client names, contact information, session details, and notes you enter about your clients.
• Session Data: Session types, dates, times, durations, and notes.
• Goal Data: Goal titles, descriptions, target values, progress entries, and progress photos.
• Payment Information: When trainers collect payments from their clients through the App, payment details are processed securely by Stripe. We do not store credit card numbers, bank account numbers, or other sensitive financial information on our servers.
• Bank Details (Trainers): For trainers who choose to display bank transfer details to their clients, account information (e.g., IBAN, account number, sort code) is stored encrypted in our database and shown only to clients linked to that trainer.

Information Collected Automatically

• Device Information: Device type, operating system, and app version.
• Usage Data: App interactions, feature usage, and crash reports to improve the App.
• Push Notification Tokens: To deliver notifications you have opted in to receive.

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the App’s functionality.
• Enable trainers to manage clients, sessions, goals, and packages.
• Facilitate trainer-to-client payments through our payment provider (Stripe Connect).
• Send push notifications you have opted in to receive (session reminders, goal updates).
• Improve the App’s performance, reliability, and user experience.
• Respond to support requests.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Third-Party Services

We use the following third-party services to operate the App:

• Supabase: Authentication, PostgreSQL database, edge functions, file storage, and realtime sync. Data is hosted in secure data centers operated by Supabase and its infrastructure providers (AWS). See Supabase’s Privacy Policy.
• Stripe (Stripe Connect): Used solely to facilitate payments between trainers and their clients when a trainer chooses to collect payment through the App. We do not currently process subscription payments through Stripe. See Stripe’s Privacy Policy.
• Expo (EAS): App build, distribution, and over-the-air updates. See Expo’s Privacy Policy.
• Expo Push Notification Service / Apple Push Notification Service / Firebase Cloud Messaging: Delivery of push notifications.
• Sentry: Crash and error reporting. Sentry receives technical information about errors (stack trace, device model, OS version, app version) but does not receive your account contents. See Sentry’s Privacy Policy.
• PostHog:Product analytics. PostHog receives pseudonymous event data (e.g., “session_created”). We do not send PostHog the contents of your client data, sessions, goals, or messages. See PostHog’s Privacy Policy.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services.

When you delete your account:

• Your user profile and authentication data are permanently deleted.
• Session, client, goal, and package data associated with your trainer account are permanently deleted.
• Payment records processed by Stripe are subject to Stripe’s data retention policies and applicable financial regulations.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL).
• Encryption of data at rest at the database and storage layer.
• PostgreSQL Row Level Security (RLS) to enforce per-user and per-trainer access control.
• Secure authentication with Supabase Auth (industry-standard JWT-based sessions, hashed passwords).

While we strive to protect your information, no method of electronic transmission or storage is 100% secure.

6. Push Notifications

Push notifications are opt-in. You can enable or disable notifications at any time through the App’s notification preferences or your device settings. We send notifications for:

• Session reminders.
• Goal updates and milestones.
• Invite notifications.

7. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate personal data.
• Right to Erasure: Request deletion of your personal data (account deletion).
• Right to Data Portability: Request a machine-readable copy of your data.
• Right to Object: Object to certain processing of your personal data.
• Right to Restrict Processing: Request limitation of processing of your personal data.

To exercise any of these rights, contact us at info@traqqo.com. We will respond within 30 days.

8. Children’s Privacy

traqqo is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at info@traqqo.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the App or sending you a notification. Your continued use of the App after changes take effect constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at info@traqqo.com.