Privacy Policy

Last updated: April 20, 2026

SSL EncryptedAll data in transit
Secure PaymentsMonobank Acquiring
Encrypted StorageSupabase / PostgreSQL
No Ad TrackingZero ad cookies

1. Who We Are

Trackr ("we", "us", "our") is a job search management platform available at trackr.help. We are committed to protecting your personal data and being transparent about how we use it.

2. Data We Collect

  • Account data: Email address and hashed password
  • Job tracking data: Companies, positions, statuses, notes, and contacts you enter
  • CV data: CV text, analysis results, and edit history
  • AI usage data: AI Coach chat history, feature usage counts for quota tracking
  • Calendar tokens: OAuth tokens for Google Calendar - only if you explicitly connect it
  • Payment data: Subscription tier and billing history (Monobank handles card data - we never store it)
  • Technical data: Error logs, browser type, and anonymized usage events

3. How We Use Your Data

  • To provide and operate the Trackr service
  • To process AI requests - your CV text and prompts are sent to Anthropic's API for each AI feature call
  • To enforce AI feature quotas and prevent abuse
  • To sync calendar events (only with your explicit consent via Google OAuth)
  • To send transactional emails: account confirmation, receipts, and service notices
  • To diagnose errors and improve service reliability

We do not sell your data to third parties. Ever.

4. AI Data Processing

When you use AI features, relevant portions of your CV, prompts, and conversation context are sent to Anthropic's Claude API for processing. We do not use your data to train AI models, and Anthropic does not retain your data beyond each API call per their data handling policy.

5. Third-Party Services

We use the following third-party services to operate Trackr:

Supabase

Supabase

Database (PostgreSQL) & auth. Data stored on EU servers.

Anthropic

Anthropic Claude

AI processing: CV analysis, coaching, text generation.

Monobank Acquiring

Payment processing. We never store your card data.

Google Calendar

Google Calendar

Optional calendar integration (explicit consent required).

Vercel

Vercel

Hosting & deployment infrastructure.

Sentry

Sentry

Error tracking & performance monitoring.

Resend

Resend

Transactional email delivery (lifecycle, billing, milestones).

PostHog

PostHog

Anonymized usage analytics. US infrastructure.

6. Google API Services

Trackr's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Scopes we request

  • https://www.googleapis.com/auth/calendar.readonly read-only access to your Google Calendar events so we can display them next to your job application reminders inside Trackr. We do not create, modify, or delete events.

What we do NOT do with Google user data

  • We do not use Google user data for advertising purposes.
  • We do not transfer Google user data to third parties, except as necessary to provide or improve the integration, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
  • We do not use Google user data to train or improve generalized or non-personalized AI/ML models.
  • We do not permit humans to read Google user data, except when (a) you give explicit consent for specific data, (b) it is necessary for security (such as investigating abuse), (c) it is required for legal reasons, or (d) the data is aggregated and anonymized for internal operations.

How to revoke access

You can revoke Trackr access to your Google Calendar at any time at myaccount.google.com/permissions or by disconnecting from Trackr settings. After revocation we delete the stored OAuth tokens within 24 hours.

7. Cookies

We use only essential cookies: authentication session tokens and theme preference. We do not use advertising, tracking, or third-party cookies.

8. Data Retention

Your data is retained as long as your account is active. When you delete your account, your data is removed immediately and permanently - there is no grace period. The only exception is anonymized AI usage statistics retained for billing and fraud prevention.

You can delete your account self-serve from Settings → Danger zone. If you cannot access your account, email support@trackr.help.

9. Data Security

All data in transit is encrypted via TLS/HTTPS. Passwords are hashed using bcrypt and never stored in plaintext. Database access is restricted to application infrastructure only.

10. International Data Transfers

Trackr operates from Ukraine. To deliver the service we rely on third-party processors located inside and outside the European Economic Area (EEA), including the United States. Specifically:

  • Anthropic (US): AI processing for CV analysis and AI Coach.
  • Supabase (EU/US): Database hosting and authentication.
  • Vercel (US/global): Application hosting and edge delivery.
  • Resend (US): Transactional email delivery.
  • PostHog (US): Anonymized product analytics.
  • Sentry (EU - Germany): Error monitoring and diagnostics.
  • Google (US): Optional Google Calendar integration if you connect it.
  • Monobank (Ukraine): Payment processing.

For transfers to countries outside the EEA that do not have an EU adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent safeguards provided by the processors' own Data Processing Agreements.

11. Children's Privacy

Trackr is not directed to children under 16, and we do not knowingly collect personal data from users under 16. If you are under 16, please do not use Trackr or submit any personal information to us. If we discover that we have collected personal data from a child under 16 without verifiable parental consent, we will delete that information as soon as possible. Parents or guardians who believe their child has provided us with personal data may contact us at team@trackr.help.

12. Your Rights

  • Access: request a copy of your personal data
  • Correction: update inaccurate or incomplete data
  • Deletion: request permanent removal of your account and data
  • Portability: receive your data in a machine-readable format
  • Objection: object to certain types of processing

EU/EEA users have additional rights under GDPR. Ukrainian users have rights under the Law "On Personal Data Protection". To exercise these rights, email support@trackr.help.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification at least 7 days in advance.

14. Contact

Questions about this policy? Contact us or email support@trackr.help.