Privacy Policy

1. Who is the data controller?

The data controller for personal data processed in connection with PotsTrack is Kane Rigby, an individual based in Manchester, England, United Kingdom. You can contact the controller about anything in this Policy at hello@potstrack.com.

2. What this Policy covers

This Policy explains how we handle personal data in three places:

• this website (the Site);
• the PotsTrack mobile application (the App); and
• any backup of your App data that you choose to enable.

3. Data we collect through the Site

The Site sets no cookies and embeds no advertising or behavioural-tracking pixels. We use Vercel Web Analytics to count page views and understand which content is being read. It is cookieless and does not identify you across sessions or across other sites you visit.

For each page view, Vercel Web Analytics records only:

• the URL and dynamic path you visited;
• the page that referred you (where one is sent by your browser);
• your approximate location (country / region — derived from IP, the IP itself is not retained);
• your device type, operating system and browser, with versions;
• the timestamp of the visit.

Visitors are distinguished only by an anonymised hash derived from the incoming request, which Vercel rotates on a regular schedule so that an individual browsing history cannot be reconstructed across days. We see only aggregated statistics in the Vercel dashboard.

Separately, Vercel automatically writes short-lived server access logs for security and abuse prevention. Those logs are not used to profile you and we do not associate them with your identity.

4. Data the App handles on your device

The App is designed to be useful without an account. Almost everything you log lives only on your phone, in an encrypted database. We do not see it.

What you put into the App

• Symptom entries, severity ratings and timestamps; heart rate readings you have taken yourself; hydration and salt intake; notes you write.
• Standing-test sessions: the supine baseline and 1, 3, 5 and 10-minute standing readings you record, plus the calculated delta and threshold.
• Medications you choose to track and any reminder schedules you set.
• Onboarding preferences: unit system (metric/imperial); year of birth (if you provided one); diagnosis date (if you provided one); flagged comorbidities (hEDS / MCAS / Long COVID).

How the App stores it

• All of the above is written to a local SQLite database on your device, encrypted using SQLCipher. The database key is generated on your device and stored in the platform secure keystore (Android Keystore). We do not have a copy of the key and we cannot recover it.
• Notification text is generic (for example, "Open PotsTrack to log this dose"). Medication names are not shown on the lockscreen.

5. Optional encrypted cloud backup

The App offers an optional backup feature. You choose whether to turn it on.

• Before anything leaves your device, the App encrypts your data with AES-GCM-256 using a key stored only in your device's secure keystore.
• Only the resulting ciphertext (and an authentication tag and nonce) is uploaded to our backup storage provider, currently Supabase. Supabase receives an opaque binary blob — they do not see your symptoms, medications, heart-rate readings or notes.
• We use Supabase's anonymous authentication so that no email address, phone number or other directly identifying information is collected by the backup system. Each device is tied to a randomised anonymous identifier.
• You can delete your backup at any time from inside the App. When you do, the ciphertext is removed from Supabase. Server access logs may retain the request metadata for a short period for security purposes.

6. Purposes and legal bases (UK/EU GDPR)

If you are in the UK or the EU, the UK GDPR / EU GDPR applies. We process personal data only for the purposes set out below, and only on the legal bases shown.

• Providing the App on your device. Performance of a contract with you (Article 6(1)(b) UK GDPR). Without storing your diary entries locally, the App cannot function.
• Optional cloud backup. Your consent (Article 6(1)(a)), given when you turn the feature on in-App. You can withdraw consent at any time by disabling backup, which removes the ciphertext from our backup storage going forward.
• Health-related diary content. Where your entries constitute "special category" data concerning health (Article 9 UK GDPR), the lawful basis is your explicit consent (Article 9(2)(a)) — given when you log the entry and, where applicable, when you opt in to backup.
• Securing the Site and the backup service. Our legitimate interests in keeping the infrastructure available and preventing abuse (Article 6(1)(f)).
• Complying with legal obligations. Where we have to keep or disclose information to comply with applicable law (Article 6(1)(c)).

7. Who we share your data with

We do not sell your personal data. We do not share it for advertising or profiling. We share only with the small set of service providers we need to operate the App and the Site:

• Vercel Inc. — hosts this website and provides Vercel Web Analytics. Processes IP address transiently (used to compute the anonymised, rotating visitor hash and to derive approximate country/region; the IP itself is not retained against individual events) and request metadata in server logs for security and operations.
• Supabase Inc. — hosts the optional encrypted backup storage and the anonymous authentication. Stores ciphertext only; cannot decrypt your data.
• Google LLC (Google Play) — when the App is distributed via the Google Play Store, Google may process installation, crash and integrity-check data in accordance with the Google Play Developer Distribution Agreement and its own privacy policy. We do not enable Play's personalised advertising IDs.

We may also disclose personal data where we are legally required to do so — for example, in response to a valid court order or to comply with applicable law.

8. International data transfers

Our backup storage is hosted in the United Kingdom / European Economic Area (Supabase project region: eu-west-2). Our website hosting (Vercel) operates globally and may process server logs in the United States and elsewhere. Where personal data is transferred outside the UK or EEA, we rely on the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or an adequacy decision, as appropriate.

9. How long we keep data

• On-device diary data: retained for as long as you keep the App installed. Uninstalling the App removes it.
• Encrypted backups: retained while backup is enabled. Deletes are processed promptly; encrypted snapshots in backup-of-backups may persist for up to 30 days before being purged by our storage provider.
• Server access logs: typically 30 days at our hosting providers, used only for security and abuse prevention.
• Correspondence with us: kept for up to 24 months after the matter is resolved, then deleted unless we have a specific legal reason to keep it longer.

10. Your rights

Under UK and EU data-protection law, you have the right to:

• access the personal data we hold about you;
• have inaccurate personal data corrected;
• have your personal data erased (the "right to be forgotten");
• restrict or object to certain processing;
• data portability — receive a copy in a structured, commonly used format;
• withdraw any consent you have given, at any time;
• lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local data-protection authority.

To exercise any of these rights, email hello@potstrack.com. Because most of your data lives only on your device and our backups are encrypted with a key only you hold, the fastest way to exercise your right of access or erasure for App data is from within the App itself.

11. Children's privacy

PotsTrack is intended for users aged 16 and over. We do not knowingly collect personal data from children below that age. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at hello@potstrack.com and we will delete it.

12. Security

We take security seriously, but no system is perfectly secure. Key measures include:

• SQLCipher (AES-256) encryption of the on-device database.
• AES-GCM-256 envelope encryption of backups before upload.
• Encryption keys stored in the Android Keystore on your device.
• TLS for all traffic between the App and our backup storage.
• Row-level security on the backup tables in Supabase.
• Generic notification text so medication names are not shown on your lockscreen.

13. Changes to this Policy

We may update this Policy from time to time. When we do, we will update the "Version" and "Effective" date at the top of this page, and where the change is material we will let you know — for example, through an in-App notice. Continuing to use the App or the Site after a change takes effect means you accept the updated Policy.

14. Contact

For any privacy question, data-subject request, or to raise a concern, email hello@potstrack.com. We aim to respond within 30 days. See also our Terms of Service.