track-privacy-policy
track-privacy-policy
TRACK. PRIVACY POLICY Last Updated: May 2026
1. Introduction
Track. (“the App”) is a personal finance management application operated by [YOUR COMPANY NAME] (“we,” “us,” or “our”). This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use Track., and describes your rights under the Nigeria Data Protection Regulation (NDPR) and applicable data protection laws.
By creating an account or using Track., you confirm that you have read and understood this Privacy Policy and consent to the collection and use of your data as described herein.
2. Who We Are
[YOUR COMPANY NAME] is the data controller for personal data collected through Track.
Contact: info@usetrackapp.com Address: Victoria Island lagos
3. Data We Collect
We collect the following categories of personal data:
Account Data — Your display name, email address, and profile photo (optional) provided during registration.
Financial Data — Expense entries, amounts, categories, descriptions, and dates that you log manually, by voice, or via receipt scan. Budget figures, project names, trip names, and line items you create. Transaction history imported from Excel files you upload.
Usage Data — Your activity within the App, including logging frequency, features used, streak counts, and notification preferences.
Device Data — Device type, operating system, app version, and push notification token (for delivering reminders).
Receipt Images — Photos of receipts you scan within the App. These are processed to extract transaction data and are not stored permanently after extraction unless you save the resulting expense entry.
Voice Input — Audio captured when you use the voice logging feature. Audio is processed in real time and is not stored after the expense entry is created.
Payment Data — Your subscription plan and billing status. Payment card details are processed directly by Paystack and are never stored on our servers.
4. How We Use Your Data
We use your personal data to:
- Create and manage your Track. account
- Process and display your expense entries, budgets, projects, and trip records
- Generate AI-powered daily reflection summaries based on your spending activity
- Match expenses to project line items using AI analysis
- Extract transaction data from receipts you scan
- Send you daily logging reminders via push notification
- Process your subscription payment through Paystack
- Provide customer support when you contact us
- Monitor app performance, diagnose errors, and improve the service
- Comply with our legal obligations under the NDPR and applicable Nigerian law
We do not use your financial data for advertising, credit scoring, or any purpose beyond operating the features of Track. that you actively use.
5. AI Processing
Track. uses the Anthropic Claude API to power expense parsing, daily reflections, receipt extraction, and project line-item matching. When you log an expense by text or voice, scan a receipt, or trigger a reflection, relevant data is sent to Anthropic’s API for processing. Anthropic processes this data solely to generate a response and does not retain or train on your data beyond what their API usage policies permit. You can review Anthropic’s privacy policy at anthropic.com/privacy.
6. Legal Basis for Processing
We process your personal data on the following grounds:
- Contract performance — processing necessary to provide the Track. service you signed up for
- Consent — where you have explicitly opted in, such as enabling push notifications or voice logging
- Legitimate interests — for app security, fraud prevention, and service improvement, where these interests are not overridden by your rights
- Legal obligation — where required to comply with Nigerian law
7. Data Sharing
We do not sell your personal data. We share data only with the following categories of third parties, strictly for the purpose of operating Track.:
| Third Party | Purpose |
|---|---|
| Anthropic | AI-powered expense parsing, reflection, and receipt extraction |
| Paystack | Subscription payment processing |
| Firebase (Google) | Authentication, push notifications, and app analytics |
| Termii | SMS delivery (where applicable) |
| Resend | Transactional email (account verification, billing confirmation) |
| Render.com | Backend hosting and data storage |
All third-party providers are contractually required to handle your data securely and only for the purposes listed above.
We may disclose your data to law enforcement or regulatory authorities if required to do so by Nigerian law or a valid court order.
8. Data Storage & Security
Your data is stored on secured servers hosted on Render.com. We apply industry-standard security measures including encrypted data transmission (HTTPS/TLS), hashed password storage, and access controls limiting who within our team can access personal data.
No method of transmission or storage is 100% secure. If a data breach occurs that is likely to result in risk to your rights and freedoms, we will notify you and the relevant authority within 72 hours of becoming aware of it, in accordance with the NDPR.
9. Data Retention
We retain your personal data for as long as your account is active. If you delete your account, your personal data is permanently erased within 30 days, except where we are required by law to retain certain records for a longer period.
Expense data you have deleted manually within the App is removed from our active database immediately and from backups within 30 days.
10. Your Rights
Under the NDPR, you have the following rights regarding your personal data:
Right to Access — You may request a copy of all personal data we hold about you at any time.
Right to Rectification — You may correct inaccurate or incomplete data directly within the App or by contacting us.
Right to Erasure — You may delete your account and all associated data at any time from the Settings screen. We will complete erasure within 30 days.
Right to Data Portability — You may download a copy of your personal data in a structured, machine-readable format from Settings at any time. We will fulfil this request within 72 hours.
Right to Withdraw Consent — Where processing is based on consent (e.g. push notifications, voice logging), you may withdraw consent at any time from the App’s Settings without affecting the lawfulness of prior processing.
Right to Object — You may object to processing based on legitimate interests by contacting us. We will assess your objection and respond within 30 days.
To exercise any of these rights, contact us at [YOUR EMAIL ADDRESS] or use the relevant in-app feature in Settings.
11. Children’s Privacy
Track. is not intended for use by persons under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us at [YOUR EMAIL ADDRESS] and we will delete the account promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date at the top of this document and notify you via email or an in-app notice at least 7 days before the change takes effect. Continued use of Track. after the effective date of a revised policy constitutes your acceptance of the updated terms.
13. Contact Us
If you have questions about this Privacy Policy, wish to exercise your rights, or wish to make a complaint about how we handle your data, please contact:
[info@usetrackapp.com : victoria Island lagos
If you are unsatisfied with our response, you may lodge a complaint with the Nigeria Data Protection Bureau (NDPB) at ndpb.gov.ng.
The placeholders to fill before publishing: your company name, email address, physical address, and the effective date. Once those are in, this can go live at a URL and that URL goes into your App Store listing and is referenced in the app’s Settings screen as required by GF-18.