← Back to TRKD

Privacy Policy

Last updated: March 2026

TRKD is a product of Not My First Codeo Limited, a company registered in England and Wales ("we", "us", "our"). This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have over it.

We are the data controller for the personal data described in this policy.

1. Data We Collect

We collect personal data in two ways: through the TRKD app, and through this website.

From the app:

  • Account data — email address, display name, date of birth, and profile photo (optional).
  • Workout data — sessions, exercises, sets, weights, reps, and notes you log.
  • Body metrics — weight and body composition measurements you choose to record. We treat this as sensitive health-related data and process it only on the basis of your explicit consent.
  • Device data — device type, OS version, and app version for crash diagnostics.
  • Usage data — feature interactions and error events for product improvement.
  • Device tokens — push notification tokens (iOS or Android), only if you grant notification permission.

From this website:

  • Email address — if you sign up via the waitlist form, your email is stored with our email provider, Kit. See section 4.

2. Why We Process Your Data (Legal Basis)

Under UK and EU GDPR, we are required to have a lawful basis for processing your personal data. We rely on the following:

  • Contract performance — processing your account data, workout data, and device data is necessary to provide the service you signed up for.
  • Legitimate interests — we use anonymised crash reports and usage patterns to fix bugs and improve the product. This processing does not override your rights.
  • Consent — body metrics, push notifications, and marketing emails from Kit are processed only with your explicit consent. You can withdraw consent at any time.

3. How We Use Your Data

  • Provide the core tracking features of the app.
  • Compute your personal records, streaks, and training stats.
  • Send transactional push notifications you opt into (e.g. streak reminders).
  • Send product updates and launch announcements to waitlist subscribers (you can unsubscribe at any time via the link in any email).
  • Diagnose and fix bugs using anonymised crash reports.
  • Improve the product based on aggregated, anonymised usage patterns.

We do not sell your personal data to third parties. We do not use your workout or body data for advertising.

4. Data Storage

Your app data is stored in a PostgreSQL database hosted on DigitalOcean in their London region. Authentication and identity data is managed by Supabase. All data is encrypted at rest and in transit (TLS 1.2+).

5. Third-Party Services

We use the following third-party services that may process your personal data:

  • Supabase — authentication and identity management. Your email address and authentication credentials are stored with Supabase. Privacy policy.
  • DigitalOcean — cloud infrastructure (London region). Hosts our API server, background worker, and database. Privacy policy.
  • Sentry — error and crash monitoring. Stack traces and error metadata are shared with Sentry; request bodies and authorisation headers are never transmitted. Privacy policy.
  • Kit (formerly ConvertKit) — email marketing. If you sign up via our waitlist form, your email address is stored with Kit and used to send product updates. You can unsubscribe at any time. Privacy policy.

6. International Data Transfers

Supabase, Sentry, and Kit are headquartered in the United States. When your data is processed by these services, it may be transferred outside the UK or EEA. Each of these providers relies on appropriate transfer mechanisms (such as the UK International Data Transfer Agreement or Standard Contractual Clauses) to ensure your data remains protected to UK GDPR standards. Links to their privacy policies in section 5 include details of their transfer mechanisms.

Our primary database and API infrastructure is hosted in DigitalOcean's London region and does not leave the UK.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, your personal data and workout history are permanently deleted within 30 days. Anonymised, aggregated statistics may be retained indefinitely.

If you unsubscribe from our waitlist emails, your email address will be removed from our Kit mailing list. You can also request full deletion by emailing privacy@trkd.app.

8. Children's Privacy

TRKD requires users to be at least 13 years old. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with their data, please contact us at privacy@trkd.app and we will delete it promptly.

9. Your Rights

Under UK and EU GDPR, you have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — request deletion of your account and all associated data.
  • Portability — receive your workout data in a machine-readable format.
  • Objection — object to processing based on legitimate interests, or opt out of marketing emails at any time.
  • Restriction — ask us to restrict processing in certain circumstances.
  • Withdraw consent — where we process data on the basis of consent (body metrics, notifications, marketing emails), you can withdraw that consent at any time without affecting prior processing.

To exercise any of these rights, email privacy@trkd.app. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Contact

For privacy-related questions, contact us at privacy@trkd.app.

Not My First Codeo Limited, England and Wales.