← Back

Privacy Policy

Effective Date: March 2, 2026  |  Last Updated: March 2, 2026

1. Introduction

Trakstuf ("we," "us," or "our") operates the Trakstuf web application at trakstuf.com (the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Service.

By creating an account or using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: First name, last name, email address, and password when you register.
  • Optional Profile Information: Phone number, profile avatar URL, and avatar color preference.
  • Organization Data: Organization names, member roles, and invitation details when you create or join organizations.
  • Financial Records: Expenses (name, description, amount, category, date), payments (parties, method, amount, date), assets (name, description, value), and rental property details (address, lease terms, contact information, rent amounts) that you enter into the Service.

2.2 Information Collected Automatically

  • Authentication Tokens: We generate and store secure session tokens to authenticate your sessions. These tokens are cryptographically protected.
  • Timestamps: We record when accounts, records, and organizations are created and modified.

2.3 Information We Do NOT Collect

  • We do not use cookies for tracking or advertising.
  • We do not use third-party analytics services (e.g., Google Analytics).
  • We do not collect payment or credit card information.
  • We do not track your browsing activity across other websites.

3. How We Use Your Information

We use your information solely for the following purposes:

  • Providing the Service: Storing and displaying your financial records, managing organizations, and enabling collaboration with other users.
  • Account Management: Creating and maintaining your account, verifying your email address, and authenticating your sessions.
  • Communications: Sending email verification codes, organization invitation emails, and essential service notifications.
  • Security: Protecting against unauthorized access, detecting abuse, and maintaining the integrity of the Service.
  • Service Improvement: Identifying and fixing bugs, improving performance, and developing new features.

We do NOT use your information for: advertising, selling to third parties, profiling, or any purpose unrelated to operating the Service.

4. How We Store and Protect Your Information

  • Password Security: Passwords are salted and hashed using industry-standard one-way cryptographic algorithms before storage. We never store or have access to your plain-text password.
  • Token Security: Session tokens are cryptographically protected and short-lived. They are transmitted via secure, HttpOnly cookies to prevent unauthorized access.
  • Database Security: Your data is stored in an encrypted database with access restricted to authorized application services.
  • Transport Security: All data transmitted between your browser and our servers is encrypted in transit using HTTPS/TLS.

While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

5. Data Sharing and Disclosure

5.1 Within Organizations

When you add data to an organization, that data is visible to all members of that organization. Organization administrators can manage membership and roles.

5.2 Third-Party Service Providers

We use the following third-party services to operate Trakstuf:

  • Microsoft Office 365 (Email): We use Microsoft's SMTP services to send transactional emails (verification codes and organization invitations). Your email address and name are transmitted to Microsoft for email delivery only.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, respond to a court order, judicial or other government subpoena, or warrant.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your information becomes subject to a different privacy policy.

6. Data Retention

  • Unverified Accounts: Automatically deleted 24 hours after registration if email verification is not completed.
  • Organization Invitations: Expire and are invalidated after 7 days.
  • Active Accounts: Your data is retained for as long as your account is active and as needed to provide the Service.
  • Deleted Data: Some records may be soft-deleted (marked as inactive) and retained for a reasonable period for operational integrity before permanent removal.
  • Post-Termination: Upon account deletion, we will remove your personal data within a reasonable timeframe, except where retention is required by law.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct inaccurate personal data via your profile settings.
  • Deletion: Request deletion of your account and associated personal data.
  • Data Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to certain processing of your personal data.

To exercise any of these rights, please contact us at support@trakstuf.com. We will respond to your request within 30 days.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information promptly.

9. International Data Transfers

If you access the Service from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to such transfers.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date at the top of this page. For significant changes, we may also provide notice through the Service or via email. Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

support@trakstuf.com

© Trakstuf — All rights reserved.