Privacy Policy

Last Updated: April 24, 2026

Trackara Pro is operated by Commoner Apps LLC ("Commoner Apps," "we," "our," or "us"). We are committed to protecting the privacy and security of your business data. This Privacy Policy explains how we collect, use, store, and protect information when you use the Trackara Pro mobile application for mobile mechanics and auto repair professionals.

1. Information We Collect

Account Information

When you create a Trackara Pro account, we collect:

• Email address, first name, and last name
• Phone number (optional)
• Business information (business name)
• Location information (city, state/province, country)
• Lead source (how you heard about Trackara Pro)
• Payment information (processed securely by Apple through in-app purchases, or by Stripe, Inc. for web subscriptions)
• Subscription and billing status, including records of successful and failed payment attempts, payment method used, and the timestamps of each event. We log this data to enforce our billing terms, including the grace-period and automatic-suspension workflow described in our Terms of Service (Section 4, "Failed Payments and Non-Payment Suspension"). We do not log or store your card number, CVV, or full bank account number — that data stays with our payment processors.

Terms Acceptance Information

When you agree to our Terms of Service and Privacy Policy during account creation, we collect and store:

• Timestamp of your acceptance
• Version numbers of the Terms and Privacy Policy you agreed to
• Device information (device model, operating system, and version)
• App version used during registration

This information is collected to maintain a legal record of your consent and is protected from modification after creation.

Business Data

The data you create and manage in Trackara Pro, including:

• Client information (names, contact details, addresses, vehicles)
• Invoice and quote data (line items, pricing, payments)
• Work order information (scope of work, signatures)
• Time tracking entries (labor hours, rates)
• Project and job details
• Photos and documentation
• Vehicle diagnostic data (OBD2 trouble codes, real-time sensor readings such as RPM, temperature, fuel consumption, and other engine metrics collected via Bluetooth OBD2 adapters)
• Vehicle inspection data (inspection templates, results, and reports)
• Maintenance tasks, reminders, and service history records
• Blueprints and procedure templates (custom and shared workflows)
• Marketplace listings, reviews, ratings, and engagement data
• Booking requests and appointment scheduling data
• Mileage tracking records (trip distances and routes)
• Route optimization data (multi-stop routes, ETAs, and workload schedules)
• Business settings and preferences

Device Permissions and Sensor Data

Trackara Pro may request access to the following device capabilities. Each permission is requested only when needed and can be managed in your device settings:

• Bluetooth: Used to connect to OBD2 diagnostic adapters for vehicle scanning. Bluetooth data is processed locally on your device and only stored if you save a diagnostic report.
• Location (GPS): Used for route optimization, mileage tracking, geocoding client addresses, and calculating ETAs for service appointments. Location data is collected only while using these features and is not tracked in the background unless you have actively started a mileage trip.
• Camera and Photo Library: Used to capture and attach photos to projects, vehicle inspections, and documentation. Photos are stored locally and synced to the cloud only if cloud sync is enabled.
• Calendar: Used to sync appointments and scheduled jobs with your device calendar. We read and write calendar events only for Trackara Pro appointments.
• Contacts: Used to quickly import client contact information. Contact data is read on-demand and is not bulk-uploaded or stored beyond what you save as a client record.
• Notifications: Used to deliver appointment reminders, booking requests, and other time-sensitive alerts via Apple Push Notification Service and Firebase Cloud Messaging.
• Microphone (Android): Used for voice notes and inspection dictation on Android devices. Audio is recorded only when you actively initiate a voice note and is not transmitted or stored beyond what you choose to save.
• Phone (Android): Used to initiate phone calls to clients directly from the app. The app does not record calls, access call logs, or store any call-related data.

Booking Portal Data

If you enable the customer booking portal, your customers may submit booking requests that include their name, phone number, vehicle information, preferred service, and appointment preferences. Phone numbers are hashed (SHA-256) for privacy before storage. This data is associated with your account and is subject to the same security and retention policies as your other business data.

Usage Analytics (Optional)

With your permission, we collect anonymized usage data to improve the app:

• Feature usage patterns
• App performance metrics
• Error reports and crash data
• Device type and iOS version

2. How We Use Your Information

We use your information to:

• Provide the Service: Enable core features including client management, invoicing, work orders, time tracking, vehicle diagnostics, route optimization, scheduling, maintenance management, vehicle inspections, mileage tracking, and marketplace functionality
• Cloud Sync: Synchronize your data across your devices via iCloud and Firebase
• Vehicle Diagnostics: Process OBD2 data from Bluetooth adapters to display diagnostic trouble codes, real-time vehicle metrics, and generate diagnostic reports
• Route Optimization: Use your location and client addresses to calculate optimized multi-stop routes, ETAs, and driving directions
• Mileage Tracking: Record trip distances using GPS for business expense and tax deduction purposes
• Booking Portal: Process customer booking requests and deliver appointment notifications
• VIN Decoding: Send Vehicle Identification Numbers to NHTSA to retrieve vehicle specifications
• Account Management: Manage your subscription and authentication
• Customer Support: Respond to your inquiries and provide technical assistance
• Improve the App: Analyze usage patterns to enhance features and fix bugs (only with your consent)
• Security: Detect and prevent fraud, abuse, and security incidents

3. Data Storage and Security

Local Storage

Your business data is primarily stored locally on your device, giving you full control. Data persists even if you're offline or cancel your subscription.

User-Imported PDFs (Device-Only)

If you use the Service Manuals feature to import PDF files (such as service manuals, wiring diagrams, or TSBs) onto your device, those files are stored only on your local device. We do not upload them to our servers, do not include them in cloud sync, do not index or scan their contents, and do not transmit them to any third party. If you delete the app, factory-reset, or switch phones, imported PDFs are gone. Bookmarks you create for imported PDFs are also stored only on the device.

Cloud Storage

If you enable cloud sync, your data is securely stored using:

• iCloud: Apple's secure cloud infrastructure (encrypted in transit and at rest)
• Firebase: Google's cloud platform for authentication and optional backup (GDPR and SOC 2 compliant)

Encryption

All data transmission uses industry-standard TLS encryption. Stored data is encrypted using AES-256 encryption.

Data Access

We do not access, view, or share your client data, invoices, or business information. Your data is yours alone.

4. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal or business data to third parties.

We may share limited data in these situations:

• Service Providers: Apple (App Store, iCloud, MapKit, In-App Purchase), Google (Firebase, Maps, Analytics, Ads, Crashlytics, ML Kit, Gemini AI), Stripe (subscription payments), Square (Signature Portal payments), Thumbtack (lead integration, if connected), eBay (parts search), NHTSA (VIN decoding), Formspree (contact forms), third-party AI processing services (optional in-app features). See Section 13 for full details on each provider.
• Legal Requirements: If required by law, court order, or government request
• Business Transfers: In the event of a merger, acquisition, or sale of assets (you will be notified)

5. Your Rights and Choices

Access and Export

You can access all your data within the app. Export features allow you to download invoices as PDFs. For complete data export, contact support.

Data Deletion

You can delete individual records (clients, invoices, etc.) within the app. To delete your entire account and all associated data, you can use the "Delete Account" feature directly in the app (Settings → Account → Delete Account), or contact support@trackara.app. Account deletion removes all your cloud data and local app data permanently.

Analytics Opt-Out

You can disable analytics tracking in the app settings at any time.

Cloud Sync Control

You can enable or disable cloud synchronization in settings. Disabling cloud sync keeps all data local to your device.

6. Data Retention

• Active Accounts: We retain your data as long as your account is active and you maintain a subscription
• Canceled Subscriptions: Local data remains on your device. Cloud data is retained for 30 days after cancellation, then permanently deleted
• Account Deletion: All data is permanently deleted within 30 days of account deletion request
• Legal Requirements: Some data may be retained longer if required by law (e.g., financial records for tax purposes)

7. Children's Privacy

Trackara Pro is a business application intended for professional use by adults. We do not knowingly collect information from individuals under 18 years of age.

8. International Data Transfers

Your data may be stored and processed in the United States or other countries where our service providers operate. We ensure adequate data protection through standard contractual clauses and compliance with GDPR and CCPA.

9. California Privacy Rights (CCPA)

California residents have the right to:

• Know what personal information we collect and how it's used
• Request deletion of personal information
• Opt-out of the sale of personal information (we do not sell your data)
• Not be discriminated against for exercising these rights

To exercise these rights, email support@trackara.app.

Do Not Sell My Personal Information

We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. However, if you wish to formally submit a "Do Not Sell My Personal Information" request under CCPA, you may contact us at support@trackara.app with the subject line "CCPA Do Not Sell Request." We will respond within 45 days and provide confirmation that we do not sell your data.

10. European Privacy Rights (GDPR)

Data Controller Information

Geographic Scope: Trackara Pro (operated by Commoner Apps LLC) is designed and marketed for users in the United States and Canada. We do not actively target or solicit users in the European Economic Area (EEA), United Kingdom, or Switzerland. If you are located in one of these regions and choose to use our Service, the following rights may apply to you under the General Data Protection Regulation (GDPR).

For purposes of GDPR, the data controller is:

Legal Entity: Commoner Apps LLC
Email: support@trackara.app
Phone: (801) 946-9396

Your GDPR Rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under GDPR:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your data for certain purposes
• Right to Restrict Processing: Request limitation of data processing
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with your local supervisory authority

To exercise any of these rights, contact us at support@trackara.app. We will respond within one month of receipt of your request.

Supervisory Authority

EU, UK, and Swiss residents have the right to lodge a complaint with their local data protection supervisory authority if they believe their data protection rights have been violated. A list of EU data protection authorities can be found at: edpb.europa.eu

11. Canadian Privacy Rights (PIPEDA)

Data Controller Information

For purposes of Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), the data controller is:

Legal Entity: Commoner Apps LLC
Email: support@trackara.app
Phone: (801) 946-9396

PIPEDA Compliance

Trackara Pro complies with PIPEDA's 10 Fair Information Principles for all Canadian users:

1. Accountability: We are responsible for personal information under our control and have designated individuals accountable for our compliance
2. Identifying Purposes: We identify the purposes for which personal information is collected at or before the time of collection
3. Consent: We obtain your knowledge and consent for the collection, use, or disclosure of personal information, except where inappropriate
4. Limiting Collection: We collect only the personal information necessary for the purposes identified
5. Limiting Use, Disclosure, and Retention: We use or disclose personal information only for the purposes for which it was collected, and retain it only as long as necessary
6. Accuracy: We keep personal information as accurate, complete, and up-to-date as necessary
7. Safeguards: We protect personal information with security safeguards appropriate to its sensitivity
8. Openness: We make information about our policies and practices for managing personal information readily available
9. Individual Access: Upon request, you will be informed of the existence, use, and disclosure of your personal information
10. Challenging Compliance: You may challenge our compliance with these principles

Your PIPEDA Rights

If you are a Canadian resident, you have the following rights under PIPEDA:

• Right to Access: Request access to your personal information held by us
• Right to Correction: Request correction of inaccurate or incomplete personal information
• Right to Withdraw Consent: Withdraw your consent for processing at any time (subject to legal or contractual restrictions)
• Right to File a Complaint: Lodge a complaint with the Privacy Commissioner of Canada if you believe your privacy rights have been violated

To exercise any of these rights, contact us at support@trackara.app. We will respond within 30 days of receipt of your request.

Data Storage for Canadian Users

Data for Canadian users is stored using the same secure infrastructure as all our users (Apple iCloud and Google Firebase). Data may be stored in the United States but is protected by appropriate safeguards including encryption and Standard Contractual Clauses to ensure PIPEDA compliance.

Privacy Commissioner of Canada

If you have concerns about how we handle your personal information, you may file a complaint with:

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376
Website: www.priv.gc.ca

12. Data Breach Notification

In the event of a data breach that compromises the security of your personal information, we will:

• Notify affected users via email within 72 hours of discovering the breach (as required by GDPR and PIPEDA)
• Notify relevant data protection authorities and supervisory bodies as required by applicable law
• Provide clear information about what data was affected, when the breach occurred, and potential consequences
• Describe the measures we are taking to address the breach and prevent future incidents
• Offer guidance on protective steps you can take to safeguard your information

Breach notifications will be sent to the email address associated with your Trackara Pro account. Please ensure your email address is current and accurate.

13. Third-Party Service Providers (Complete List)

Trackara Pro uses the following third-party service providers to deliver our services:

Apple, Inc.

• Services: App Store distribution, iCloud cloud synchronization, In-App Purchase payment processing
• Data Shared: Apple ID, device information, purchase history, cloud-synced app data (if you enable iCloud)
• Privacy Policy: apple.com/legal/privacy
• Location: United States

Google LLC (Firebase, Maps, Ads & AI Services)

• Services: Firebase Authentication (user accounts), Cloud Firestore (database), Firebase Storage (file storage), Firebase Analytics (usage analytics – requires consent), Firebase Cloud Messaging (push notifications), Firebase Crashlytics (crash reporting), Google Maps SDK & Places API (maps and location features), Google ML Kit (on-device barcode scanning and text recognition), Google Ads (conversion tracking and campaign measurement), Google Gemini AI (AI-assisted grading in the Education module)
• Data Shared: User authentication data, app usage and crash diagnostics (device model, OS version, crash stack traces), location data when Maps features are active, vehicle inspection images processed by ML Kit, anonymized ad conversion events, education assignment submissions processed by Gemini AI
• Privacy Policy: policies.google.com/privacy
• Data Location: United States (Google Cloud)
• Compliance: GDPR compliant, SOC 2 Type II certified, ISO 27001 certified
• Data Retention: Firestore data retained until you delete it or close your account. Firebase Analytics data retained for 14 months. Crashlytics data retained for 90 days.

AI / Machine Learning Processing Services

• Service: Certain in-app features use third-party AI services to provide intelligent assistance (e.g., diagnostics guidance, content suggestions)
• Data Shared: Only the text or inputs you directly submit to those specific features. We do not send your name, email, phone number, or payment information to any AI processing service.
• Opt-Out: AI-assisted features are optional. You may use all core app features without engaging any AI functionality.
• Location: United States

Stripe, Inc.

• Service: Payment processing for Trackara Pro subscriptions on our website
• Data Shared: Payment card information, billing name and address, email address. Stripe handles all payment card data — Trackara Pro does not store card numbers.
• Privacy Policy: stripe.com/privacy
• PCI Compliance: Stripe is PCI DSS Level 1 certified
• Location: United States

Square, Inc. (Block, Inc.)

• Service: Optional payment processing within the Signature Portal for quotes and service agreements
• Data Shared: Payment card information and billing details when you choose to pay via Square. Square handles all card data — Trackara Pro does not store card numbers.
• Privacy Policy: squareup.com legal/privacy
• PCI Compliance: Square is PCI DSS compliant
• Location: United States

Thumbtack, Inc.

• Service: Lead generation integration — if you use Thumbtack through the app, customer lead data from Thumbtack is imported into Trackara Pro for job management
• Data Shared: Customer name, contact information, and job details as provided by Thumbtack lead profiles. Data flows from Thumbtack to Trackara Pro; we do not send your personal data to Thumbtack.
• Privacy Policy: thumbtack.com/privacy
• Location: United States
• Optional: Thumbtack integration is only active if you connect a Thumbtack account within the app.

eBay Inc.

• Service: Parts catalog search — the app can search eBay Motors for automotive parts pricing and availability
• Data Shared: Search query terms (part names, part numbers, vehicle year/make/model) when you use the parts search feature. No personal identifying information is shared.
• Privacy Policy: ebayinc.com/privacy-center
• Optional: Parts search is only triggered when you actively perform a search within the app.

Formspree, Inc.

• Service: Contact form submission processing on the Trackara Pro website
• Data Shared: Name, email address, and message content you submit through our contact form
• Privacy Policy: formspree.io/legal/privacy-policy
• Location: United States

NHTSA (National Highway Traffic Safety Administration)

• Service: Vehicle Product Information Catalog (vPIC) API for VIN decoding
• Data Shared: Vehicle Identification Numbers (VINs) only when you use the VIN lookup feature
• Purpose: Decode VIN to retrieve vehicle make, model, year, trim, and specifications
• Privacy Policy: nhtsa.gov/privacy-policy
• Data Retention: NHTSA does not retain VIN lookup requests per their privacy policy
• Location: United States (U.S. Government API)

Data Processing Agreements

We maintain Data Processing Agreements (DPAs) with all third-party service providers who process personal data on our behalf, ensuring they comply with GDPR, CCPA, and other applicable data protection laws.

14. International Data Transfers

Your data may be stored and processed in the United States or other countries where our service providers (Apple, Google Firebase) operate data centers. When we transfer personal data from the European Economic Area (EEA), United Kingdom, Switzerland, or Canada to countries that do not have an adequacy decision, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with our data processors
• Privacy Shield Successor Frameworks: Where applicable and available
• Service Provider Certifications: Our providers maintain GDPR and PIPEDA compliance certifications and implement appropriate technical and organizational safeguards

You have the right to obtain information about the safeguards we use for international data transfers by contacting support@trackara.app.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of Trackara Pro after changes constitutes acceptance of the updated policy.

16. Contact Us

For privacy questions, concerns, or requests, contact Commoner Apps LLC:

• Email: support@trackara.app
• Phone: (801) 946-9396
• Website: pro.trackara.app