Privacy Policy

Last Updated: February 13, 2026

Trackara Pro ("we," "our," or "us") is committed to protecting the privacy and security of your business data. This Privacy Policy explains how we collect, use, store, and protect information when you use the Trackara Pro mobile application for mobile mechanics and auto repair professionals.

1. Information We Collect

Account Information

When you create a Trackara Pro account, we collect:

• Email address, first name, and last name
• Phone number (optional)
• Business information (business name)
• Location information (city, state/province, country)
• Lead source (how you heard about Trackara Pro)
• Payment information (processed securely by Apple through in-app purchases)

Terms Acceptance Information

When you agree to our Terms of Service and Privacy Policy during account creation, we collect and store:

• Timestamp of your acceptance
• Version numbers of the Terms and Privacy Policy you agreed to
• Device information (device model, operating system, and version)
• App version used during registration

This information is collected to maintain a legal record of your consent and is protected from modification after creation.

Business Data

The data you create and manage in Trackara Pro, including:

• Client information (names, contact details, addresses, vehicles)
• Invoice and quote data (line items, pricing, payments)
• Work order information (scope of work, signatures)
• Time tracking entries (labor hours, rates)
• Project and job details
• Photos and documentation
• Vehicle diagnostic data (OBD2 trouble codes, real-time sensor readings such as RPM, temperature, fuel consumption, and other engine metrics collected via Bluetooth OBD2 adapters)
• Vehicle inspection data (inspection templates, results, and reports)
• Maintenance tasks, reminders, and service history records
• Blueprints and procedure templates (custom and shared workflows)
• Marketplace listings, reviews, ratings, and engagement data
• Booking requests and appointment scheduling data
• Mileage tracking records (trip distances and routes)
• Route optimization data (multi-stop routes, ETAs, and workload schedules)
• Business settings and preferences

Device Permissions and Sensor Data

Trackara Pro may request access to the following device capabilities. Each permission is requested only when needed and can be managed in your device settings:

• Bluetooth: Used to connect to OBD2 diagnostic adapters for vehicle scanning. Bluetooth data is processed locally on your device and only stored if you save a diagnostic report.
• Location (GPS): Used for route optimization, mileage tracking, geocoding client addresses, and calculating ETAs for service appointments. Location data is collected only while using these features and is not tracked in the background unless you have actively started a mileage trip.
• Camera and Photo Library: Used to capture and attach photos to projects, vehicle inspections, and documentation. Photos are stored locally and synced to the cloud only if cloud sync is enabled.
• Calendar: Used to sync appointments and scheduled jobs with your device calendar. We read and write calendar events only for Trackara Pro appointments.
• Contacts: Used to quickly import client contact information. Contact data is read on-demand and is not bulk-uploaded or stored beyond what you save as a client record.
• Notifications: Used to deliver appointment reminders, booking requests, and other time-sensitive alerts via Apple Push Notification Service and Firebase Cloud Messaging.

Booking Portal Data

If you enable the customer booking portal, your customers may submit booking requests that include their name, phone number, vehicle information, preferred service, and appointment preferences. Phone numbers are hashed (SHA-256) for privacy before storage. This data is associated with your account and is subject to the same security and retention policies as your other business data.

Usage Analytics (Optional)

With your permission, we collect anonymized usage data to improve the app:

• Feature usage patterns
• App performance metrics
• Error reports and crash data
• Device type and iOS version

2. How We Use Your Information

We use your information to:

• Provide the Service: Enable core features including client management, invoicing, work orders, time tracking, vehicle diagnostics, route optimization, scheduling, maintenance management, vehicle inspections, mileage tracking, and marketplace functionality
• Cloud Sync: Synchronize your data across your devices via iCloud and Firebase
• Vehicle Diagnostics: Process OBD2 data from Bluetooth adapters to display diagnostic trouble codes, real-time vehicle metrics, and generate diagnostic reports
• Route Optimization: Use your location and client addresses to calculate optimized multi-stop routes, ETAs, and driving directions
• Mileage Tracking: Record trip distances using GPS for business expense and tax deduction purposes
• Booking Portal: Process customer booking requests and deliver appointment notifications
• VIN Decoding: Send Vehicle Identification Numbers to NHTSA to retrieve vehicle specifications
• Account Management: Manage your subscription and authentication
• Customer Support: Respond to your inquiries and provide technical assistance
• Improve the App: Analyze usage patterns to enhance features and fix bugs (only with your consent)
• Security: Detect and prevent fraud, abuse, and security incidents

3. Data Storage and Security

Local Storage

Your business data is primarily stored locally on your device, giving you full control. Data persists even if you're offline or cancel your subscription.

Cloud Storage

If you enable cloud sync, your data is securely stored using:

• iCloud: Apple's secure cloud infrastructure (encrypted in transit and at rest)
• Firebase: Google's cloud platform for authentication and optional backup (GDPR and SOC 2 compliant)

Encryption

All data transmission uses industry-standard TLS encryption. Stored data is encrypted using AES-256 encryption.

Data Access

We do not access, view, or share your client data, invoices, or business information. Your data is yours alone.

4. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal or business data to third parties.

We may share limited data in these situations:

• Service Providers: Apple (App Store, iCloud, MapKit, CoreLocation, CoreBluetooth), Google Firebase (authentication, cloud storage, push notifications), NHTSA (VIN decoding), and analytics providers (only anonymized data with your consent)
• Legal Requirements: If required by law, court order, or government request
• Business Transfers: In the event of a merger, acquisition, or sale of assets (you will be notified)

5. Your Rights and Choices

Access and Export

You can access all your data within the app. Export features allow you to download invoices as PDFs. For complete data export, contact support.

Data Deletion

You can delete individual records (clients, invoices, etc.) within the app. To delete your entire account and all associated data, you can use the "Delete Account" feature directly in the app (Settings → Account → Delete Account), or contact support@trackara.app. Account deletion removes all your cloud data and local app data permanently.

Analytics Opt-Out

You can disable analytics tracking in the app settings at any time.

Cloud Sync Control

You can enable or disable cloud synchronization in settings. Disabling cloud sync keeps all data local to your device.

6. Data Retention

• Active Accounts: We retain your data as long as your account is active and you maintain a subscription
• Canceled Subscriptions: Local data remains on your device. Cloud data is retained for 30 days after cancellation, then permanently deleted
• Account Deletion: All data is permanently deleted within 30 days of account deletion request
• Legal Requirements: Some data may be retained longer if required by law (e.g., financial records for tax purposes)

7. Children's Privacy

Trackara Pro is a business application intended for professional use by adults. We do not knowingly collect information from individuals under 18 years of age.

8. International Data Transfers

Your data may be stored and processed in the United States or other countries where our service providers operate. We ensure adequate data protection through standard contractual clauses and compliance with GDPR and CCPA.

9. California Privacy Rights (CCPA)

California residents have the right to:

• Know what personal information we collect and how it's used
• Request deletion of personal information
• Opt-out of the sale of personal information (we do not sell your data)
• Not be discriminated against for exercising these rights

To exercise these rights, email support@trackara.app.

Do Not Sell My Personal Information

We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. However, if you wish to formally submit a "Do Not Sell My Personal Information" request under CCPA, you may contact us at support@trackara.app with the subject line "CCPA Do Not Sell Request." We will respond within 45 days and provide confirmation that we do not sell your data.

10. European Privacy Rights (GDPR)

Data Controller Information

For purposes of the General Data Protection Regulation (GDPR), the data controller is:

Legal Entity: Trackara Inc.
Email: support@trackara.app
Support: support@trackara.app

Your GDPR Rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under GDPR:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your data for certain purposes
• Right to Restrict Processing: Request limitation of data processing
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with your local supervisory authority

To exercise any of these rights, contact us at support@trackara.app. We will respond within one month of receipt of your request.

EU Representative

If Trackara Inc. does not have an establishment in the EU and processes data of EU residents, we will designate an EU representative as required by Article 27 of GDPR. Contact information will be provided here when applicable.

Supervisory Authority

EU, UK, and Swiss residents have the right to lodge a complaint with their local data protection supervisory authority if they believe their data protection rights have been violated. A list of EU data protection authorities can be found at: edpb.europa.eu

11. Canadian Privacy Rights (PIPEDA)

Data Controller Information

For purposes of Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), the data controller is:

Legal Entity: Trackara Inc.
Email: support@trackara.app
Support: support@trackara.app

PIPEDA Compliance

Trackara Pro complies with PIPEDA's 10 Fair Information Principles for all Canadian users:

1. Accountability: We are responsible for personal information under our control and have designated individuals accountable for our compliance
2. Identifying Purposes: We identify the purposes for which personal information is collected at or before the time of collection
3. Consent: We obtain your knowledge and consent for the collection, use, or disclosure of personal information, except where inappropriate
4. Limiting Collection: We collect only the personal information necessary for the purposes identified
5. Limiting Use, Disclosure, and Retention: We use or disclose personal information only for the purposes for which it was collected, and retain it only as long as necessary
6. Accuracy: We keep personal information as accurate, complete, and up-to-date as necessary
7. Safeguards: We protect personal information with security safeguards appropriate to its sensitivity
8. Openness: We make information about our policies and practices for managing personal information readily available
9. Individual Access: Upon request, you will be informed of the existence, use, and disclosure of your personal information
10. Challenging Compliance: You may challenge our compliance with these principles

Your PIPEDA Rights

If you are a Canadian resident, you have the following rights under PIPEDA:

• Right to Access: Request access to your personal information held by us
• Right to Correction: Request correction of inaccurate or incomplete personal information
• Right to Withdraw Consent: Withdraw your consent for processing at any time (subject to legal or contractual restrictions)
• Right to File a Complaint: Lodge a complaint with the Privacy Commissioner of Canada if you believe your privacy rights have been violated

To exercise any of these rights, contact us at support@trackara.app. We will respond within 30 days of receipt of your request.

Data Storage for Canadian Users

Data for Canadian users is stored using the same secure infrastructure as all our users (Apple iCloud and Google Firebase). Data may be stored in the United States but is protected by appropriate safeguards including encryption and Standard Contractual Clauses to ensure PIPEDA compliance.

Privacy Commissioner of Canada

If you have concerns about how we handle your personal information, you may file a complaint with:

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376
Website: www.priv.gc.ca

12. Data Breach Notification

In the event of a data breach that compromises the security of your personal information, we will:

• Notify affected users via email within 72 hours of discovering the breach (as required by GDPR and PIPEDA)
• Notify relevant data protection authorities and supervisory bodies as required by applicable law
• Provide clear information about what data was affected, when the breach occurred, and potential consequences
• Describe the measures we are taking to address the breach and prevent future incidents
• Offer guidance on protective steps you can take to safeguard your information

Breach notifications will be sent to the email address associated with your Trackara Pro account. Please ensure your email address is current and accurate.

13. Third-Party Service Providers (Complete List)

Trackara Pro uses the following third-party service providers to deliver our services:

Apple, Inc.

• Services: App Store distribution, iCloud cloud synchronization, In-App Purchase payment processing
• Data Shared: Apple ID, device information, purchase history, cloud-synced app data (if you enable iCloud)
• Privacy Policy: apple.com/legal/privacy
• Location: United States

Google LLC (Firebase Services)

• Services: Firebase Authentication (user accounts), Cloud Firestore (database), Firebase Storage (file storage), Firebase Analytics (usage analytics - optional), Firebase Cloud Messaging (push notifications)
• Data Shared: User authentication data, app usage data (if analytics enabled), cloud-stored business data, device tokens for push notifications
• Privacy Policy: firebase.google.com/support/privacy
• Data Location: United States (Google Cloud us-central1)
• Compliance: GDPR compliant, SOC 2 Type II certified, ISO 27001 certified
• Data Retention: Firestore data retained until you delete it or close your account. Firebase Analytics data retained for 14 months (Google default policy).

NHTSA (National Highway Traffic Safety Administration)

• Service: Vehicle Product Information Catalog (vPIC) API for VIN decoding
• Data Shared: Vehicle Identification Numbers (VINs) only when you use the VIN lookup feature
• Purpose: Decode VIN to retrieve vehicle make, model, year, trim, and specifications
• Privacy Policy: nhtsa.gov/privacy-policy
• Data Retention: NHTSA does not retain VIN lookup requests per their privacy policy
• Location: United States (U.S. Government API)

Data Processing Agreements

We maintain Data Processing Agreements (DPAs) with all third-party service providers who process personal data on our behalf, ensuring they comply with GDPR, CCPA, and other applicable data protection laws.

14. International Data Transfers

Your data may be stored and processed in the United States or other countries where our service providers (Apple, Google Firebase) operate data centers. When we transfer personal data from the European Economic Area (EEA), United Kingdom, Switzerland, or Canada to countries that do not have an adequacy decision, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with our data processors
• Privacy Shield Successor Frameworks: Where applicable and available
• Service Provider Certifications: Our providers maintain GDPR and PIPEDA compliance certifications and implement appropriate technical and organizational safeguards

You have the right to obtain information about the safeguards we use for international data transfers by contacting support@trackara.app.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of Trackara Pro after changes constitutes acceptance of the updated policy.

16. Contact Us

For privacy questions, concerns, or requests:

• Email: support@trackara.app
• Support: support@trackara.app
• Website: pro.trackara.app