Privacy Policy

Effective: May 30, 2026

This Privacy Policy describes how Backtrack (operated by Sean Vierth, a Texas sole proprietorship; "we", "us", or "Backtrack") collects, uses, and shares information when you use our website and services.

The on-device guarantee

Pose detection runs entirely in your browser using Google's MediaPipe library. We never receive, store, transmit, or have access to video frames, images, or audio from your camera. Your webcam stream stays in the browser tab and is discarded when the session ends.

What we collect

Account information. Your email address and, optionally, your name and timezone, when you create an account.
Aggregate session metadata. Session start/end time, duration, computed posture score (0–100), letter grade, count of slouch events, and the per-area summary used for your report card. We do not collect the underlying pose coordinates, images, or video frames.
Subscription and billing metadata. Plan, status, and renewal date, synced from Stripe via webhooks. Your full card number is held by Stripe; we receive only the last four digits and brand for display.
Product analytics (only if you opt in). Pages visited, features used, device type, browser version. Collected via PostHog only if you accept the analytics cookie banner. Decline is fully respected — no analytics events fire.
Support and contact form submissions. If you email us or use the contact form, we keep the conversation for as long as needed to resolve it.

What we do not collect

Video, audio, or images from your camera or microphone
Pose landmark coordinates or any raw biometric measurements
Personal information from social networks or advertising partners
Your contacts, location, or device identifiers

How we use your information

To show you streaks, reports, and progress in the app.
To send required transactional emails (account confirmation, billing receipts, password reset) and, if you opt in, optional lifecycle emails (welcome series, weekly report). Every marketing email has an unsubscribe link.
To process payments and prevent fraud (Stripe).
To improve the product in aggregate. We do not sell or share personal information for behavioral advertising.

How we share your information

We share only with service providers (listed here) needed to operate the service. We do not sell personal information.

Data retention

Active accounts: we retain your data for as long as your account is active.
Inactive accounts:if you don't use the service for 24 consecutive months we may delete your account and associated session data after notifying you by email.
Deleted accounts:when you delete your account from Settings → Data & Privacy, all personal data is removed within 30 days. Anonymized analytics events may persist in aggregate form.
Billing records: we retain billing-related records for 7 years as required by tax and accounting laws.

International data transfers

Backtrack is operated from the United States. Our service providers (including Supabase and Stripe) host data in the United States. If you access Backtrack from outside the U.S., your information will be transferred to and processed in the United States, which may have different data-protection laws than your home country. By using Backtrack you consent to this transfer.

Your rights

Regardless of where you live, you can:

Access or exportyour data — Settings → Data & Privacy → Export downloads a JSON file with everything we hold.
Correct your name or timezone in Settings → Profile.
Deleteyour account permanently — Settings → Data & Privacy → Delete account. Cancels any active subscription and erases data within 30 days.
Opt out of marketing emails any time via the unsubscribe link or Settings → Profile → Email marketing.

EEA, UK, and Swiss users (GDPR)

Our legal basis for processing is your consent (for analytics and marketing emails) and the performance of a contract (to run the posture-coaching service you signed up for). You have the additional right to lodge a complaint with your local supervisory authority.

California residents (CCPA / CPRA)

California residents have the right to know what personal information is collected, the right to delete it, the right to correct it, the right to limit use of sensitive personal information, and the right to non-discrimination for exercising any of these rights.

Do Not Sell or Share My Personal Information: Backtrack does not sell or share personal information for cross-context behavioral advertising. You may submit verifiable requests by emailing privacy@back-track.app.

Children's privacy

Backtrack is intended for users 13 years of age or older. We do not knowingly collect personal information from children under 13. EEA users must be at least 16 (or the digital-consent age in their member state). If we learn that we have collected information from a child under these ages, we will delete it.

Security

We use HTTPS, encrypted database connections, Supabase Row-Level Security for per-user data isolation, and Stripe for payment processing. No system is perfectly secure — if a breach affects you, we will notify you as required by applicable law.

Changes to this policy

We may update this policy. When we make material changes we'll update the "Effective" date at the top and, for substantive changes, notify you by email or via an in-app notice before the changes take effect.

Contact

Privacy questions or requests: privacy@back-track.app. General support: support@back-track.app.