Privacy Policy

Last updated: May 30, 2026

Backtrack ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the Backtrack mobile application (the "App") and our website at https://backtrackapp.ai (the "Website").

By using Backtrack, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the App or Website.

I. Our Privacy Principles

Backtrack is built on a local-first and privacy-first architecture. This means:

  • Your memories (text entries, photos, videos, and location data) are stored exclusively on your device.
  • Photos and videos are never uploaded to any server. Media files are referenced from your device's photo library, not copied or transmitted.
  • The content of your entries is never sent to a third party for processing. Semantic search runs on your device using an embedding model that ships with the app — your entries, search queries, and media never leave your device for AI processing.
  • There are no cloud features for your memories themselves. Account, subscription, and diagnostic data (such as crash reports and aggregate usage metrics) are processed on our servers and through the third-party services listed below to provide core functionality — none of this ever includes the content of your entries.

II. Information We Collect

II.I Account Information

You sign in to Backtrack with a one-time code sent to your email address. We collect:

  • Email address — required so we can send sign-in codes and tie your subscription and account state to you across devices and reinstalls
  • A unique account identifier used internally to link your subscription, sign-in sessions, and diagnostic logs to your account

II.II Subscription Information

We store your subscription status, billing period, and transaction identifiers from the App Store or Google Play. We do not directly process or store your payment card information — all payments are handled by Apple or Google.

II.III Entry Data

Your memory entries (text, location data, and media references) are stored exclusively on your device in a local SQLite database. We have no access to this data. No entry data is ever transmitted to our servers.

II.IV Device and Usage Information

To monitor performance, diagnose errors, and understand how the app is used, we collect:

  • Device type, operating system version, and hardware characteristics
  • App version
  • Usage analytics (feature usage, screen views, error rates)
  • Crash reports and performance data
  • Usage heartbeat metrics (aggregate counts, not entry content)

None of this data includes the content of your entries, your search queries, or your media. We track how the product performs and is used — we do not record what you write or capture.

III. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the App and its features
  • Authenticate your identity and manage your account
  • Process and manage your subscription (in coordination with Apple and Google)
  • Detect crashes, diagnose bugs, and improve app performance
  • Understand usage patterns to improve the product. This diagnostic data is associated with your account identifier but never includes the content of your entries.
  • Communicate with you about your account or subscription

IV. Data Storage and Security

IV.I Local Storage

All entry data is stored in an on-device SQLite database. Authentication tokens are stored in your device's secure storage (iOS Keychain / Android Keystore). We do not have access to locally stored data.

IV.II Security Measures

We implement industry-standard security measures including HTTPS for all communications, rate limiting on authentication endpoints, input validation on all API endpoints, and server-side receipt validation for subscriptions.

V. Third-Party Services

We use the following third-party services to deliver core functionality. None of them receive the content of your entries, your search queries, or your media:

  • Supabase — handles email one-time-code sign-in and stores account records (email, account identifier, subscription state).
  • Apple App Store / Google Play — handle all subscription billing and payment processing.
  • RevenueCat — manages subscription state and entitlements. Receives your account identifier and purchase/transaction data from the App Store or Google Play. See RevenueCat's Privacy Policy.
  • Amazon Web Services (AWS) — hosts our backend infrastructure. Diagnostic logs and aggregate usage metrics are stored in AWS CloudWatch for troubleshooting and performance monitoring.

VI. Data Retention

  • Local data: Retained on your device until you delete it or uninstall the App. We have no control over locally stored data.
  • Account data: Retained as long as your account exists. You may request account deletion at any time (see Your Rights below).
  • Diagnostic logs and usage metrics: Stored in AWS CloudWatch and retained for a limited period for troubleshooting and performance monitoring.

VII. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your account and all associated data. You can delete local data directly from the App. To delete your account, contact us at support@backtrackapp.ai.
  • Portability: Request your data in a machine-readable format.
  • Opt-out: You can opt out of analytics collection by contacting us.

To exercise any of these rights, please contact us at support@backtrackapp.ai. We will respond within 30 days.

VIII. Children's Privacy

Backtrack is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal data, please contact us at support@backtrackapp.ai.

IX. International Data Transfers

Our servers are located in the United States. Account and subscription data may be transferred to, stored, and processed in the United States. Your memory entries remain on your device and are not subject to international transfer.

X. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email or an in-app notification. Your continued use of Backtrack after changes are posted constitutes your acceptance of the revised policy.

XI. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

support@backtrackapp.ai