1. Overview
This Privacy Policy describes how Xtrakt LLC ("we," "us," or "our"), operator of the Xtrakt mobile application (the "App"), collects, uses, discloses, and protects information about you.
Xtrakt is an information-aggregation tool that watches topics you select and surfaces updates derived from publicly available sources. By creating an account or using the App, you agree to the practices described in this Policy.
2. Information We Collect
2.1 Information You Provide
- Account information: email address, password (stored hashed by our authentication provider), display name, and optional profile photo.
- Content you create: the topics, keywords, and follow-ups you configure to monitor.
- Portfolio information Optional — if you use the Portfolio feature, you may provide investment holdings data including ticker symbols, number of shares, current market value, and cost basis. You may provide this by uploading a screenshot of your brokerage account or by entering it manually. This information is used solely to personalize your Weekly Brief and Xtrakt More responses. We do not verify, act on, or share this financial information.
- Civic information Optional — if you use the Civic Intelligence feature, you may provide your zip code. We pass your zip code to Google's Civic Information API to identify your elected officials (U.S. Senators, House Representative, Governor, and state legislators). The resulting list of officials is stored on your account and used solely to personalize civic letter drafts within the App. Your zip code constitutes coarse location data and is linked to your account identity. We do not sell or share this information. You can update or remove your zip code at any time from the Profile screen.
- Communications: messages you send to us at support@xtraktapp.com.
2.2 Information Collected Automatically
- Device information: device brand, model, operating system and version, device type, and whether the device is a physical device or simulator. Recorded at key security and audit events.
- App version: the version of Xtrakt installed on your device.
- Push notification token: a unique token issued by Apple Push Notification Service (APNs). Stored on your user record and refreshed when it changes.
- Subscription state: whether you have an active trial or paid subscription, the tier, and renewal status. Comes from RevenueCat based on receipts validated with Apple.
- Authentication metadata: sign-in timestamps and authentication tokens managed by Firebase Authentication.
2.3 Information We Do Not Collect
- We do not collect your precise location (GPS coordinates). If you use the Civic Intelligence feature, you may voluntarily provide your zip code (coarse location), which is used solely to identify your elected officials.
- We do not access your contacts, microphone, or camera.
- We do not access your photos except: (a) a profile photo you explicitly choose to upload, or (b) a brokerage screenshot you explicitly choose to upload for portfolio extraction. Screenshots are processed by our AI service and immediately discarded — only the extracted holdings data (tickers, shares, value, cost basis) is stored.
- We do not use third-party advertising or analytics SDKs.
- We do not collect web browsing history outside the App.
3. How We Use Your Information
We use the information we collect to:
- Create and maintain your account.
- Authenticate you and protect your account from unauthorized access.
- Provide the core service: monitoring the topics you configure and producing summaries of new information from public sources.
- Deliver push notifications when there is an update for one of your topics.
- Process and validate your subscription, including managing your free trial.
- Personalize your Weekly Brief and Xtrakt More responses using portfolio holdings and civic information you voluntarily provide.
- When portfolio data is provided, cross-reference your holdings against topics in your Weekly Brief to surface relevant risks and opportunities.
- When civic information is provided, flag legislation relevant to your area and assist in drafting communications to your elected officials.
- Respond to your support requests.
- Maintain records of your acceptance of our legal terms.
- Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service.
- Comply with applicable law and respond to lawful requests from authorities.
4. Third-Party Services
We use the following third-party service providers ("Subprocessors") to operate Xtrakt. Each receives only the information necessary to perform its function.
| Service | Provider | Purpose |
|---|---|---|
| Firebase Auth, Firestore, Cloud Storage, Cloud Functions | Google LLC | Account authentication, data storage, server-side logic |
| App Store / In-App Purchase | Apple Inc. | Subscription purchase and receipt validation; push notification delivery via APNs |
| RevenueCat | RevenueCat, Inc. | Subscription state management, entitlement validation |
| Claude API | Anthropic, PBC | AI summarization; portfolio screenshot extraction; personalized brief generation (see Section 5) |
| Expo Notifications / OTA Updates | 650 Industries, Inc. | Push notification routing, over-the-air app updates |
| Google Civic Information API | Google LLC | Identifies elected officials (federal and state) from a user-provided zip code for the Civic Intelligence feature. Receives zip code only when you set up or update your civic profile. |
| Google Workspace | Google LLC | Email handling for support@xtraktapp.com |
| DNS & Static Hosting | Cloudflare, Inc. | Domain name resolution; hosting of this policy and our Terms of Service |
5. AI Processing & Anthropic
Xtrakt uses the Claude API from Anthropic, PBC ("Anthropic") to summarize publicly available content, extract portfolio data from screenshots, and generate personalized intelligence briefs.
5.1 What We Send to Anthropic
- The topic, keyword, or follow-up text you have configured.
- Excerpts from publicly available web sources related to that topic.
- System instructions that tell the model how to format its output.
- Portfolio data (optional, only if you have added a portfolio): ticker symbols, share counts, market values, and cost basis figures you have provided. Sent to personalize your Weekly Brief and Xtrakt More responses.
- Civic data (optional, only if you have enabled Civic Intelligence): your state and a list of your elected officials by name and office. Sent to assist in drafting civic letters within Xtrakt More. Your zip code itself is not sent to Anthropic.
- Brokerage screenshots (optional, only when you initiate a portfolio upload): a base64-encoded image of the screenshot you select. Processed to extract holdings data and not stored by us after processing. Anthropic's data handling policies apply to the image during processing.
5.2 What We Do Not Send
- We do not send your email address, name, password, or device identifiers to Anthropic.
- We do not send your push token or subscription state.
- We do not share other users' data with the model when processing your request.
5.3 Anthropic's Use of This Data
Anthropic is contractually a data processor for us under their API terms. Anthropic does not use API content to train their generative models by default. For a complete description of Anthropic's data handling, see Anthropic's Privacy Policy.
5.4 AI Output is Informational
AI-generated summaries, portfolio cross-references, and civic communications drafts can be incomplete, outdated, or incorrect. Xtrakt is an informational tool; nothing in the App constitutes financial, legal, medical, or other professional advice. Portfolio cross-references are based solely on information you provide and publicly available sources — they are not investment advice.
5.5 Reporting AI Output
If you believe AI-generated content in the App is harmful, inaccurate, or otherwise objectionable, please contact us at support@xtraktapp.com.
6. Disclosure & Sharing
We do not sell your personal information. We do not share it for cross-context behavioral advertising. We disclose your information only:
- To the Subprocessors listed in Section 4, for the purposes described there.
- To comply with applicable law, valid legal process, or a lawful government request.
- To enforce our Terms of Service, including investigating potential violations.
- To protect the rights, property, or safety of Xtrakt, our users, or the public.
- In connection with a merger, acquisition, financing, or sale of all or part of our business, with prior notice.
7. Data Retention
7.1 Active Accounts
While your account is active, we retain the information described in Section 2, including any portfolio or civic information you have provided.
7.2 Account Deletion
You may delete your account from within the App. When you do, we permanently delete your authentication credentials, user profile (including portfolio and civic data), topics and follow-ups, weekly briefs and update history, and profile photo. Backups may retain residual copies for up to 30 days before automatic deletion.
7.3 Disclaimer Acceptance Records
Acceptance records (user ID, email, version accepted, timestamp, device info) are retained for up to seven (7) years after acceptance as legal proof of agreement, even after account deletion.
7.4 Communications
We retain emails you send to support@xtraktapp.com for as long as necessary to provide support and for a reasonable period thereafter.
8. Security
We use industry-standard measures including encryption in transit (HTTPS/TLS), encryption at rest in Firebase and Cloud Storage, industry-standard password hashing, server-side access rules that restrict each user's data to that user, and subprocessor agreements requiring comparable protections. No system is perfectly secure. If we become aware of a security incident affecting your information, we will notify you and applicable authorities as required by law.
9. Your Rights & Choices
9.1 Access, Correction, and Deletion
You can view and edit most account information directly within the App, including your portfolio and civic information. You can permanently delete your account from the App's Profile screen.
9.2 Optional Features
Portfolio and civic information are entirely optional. You may leave these fields empty, and you may delete or update them at any time from the Profile screen. Removing this information will stop it from being used in future brief personalization.
9.3 Notifications
You can disable push notifications in your device settings at any time without affecting your account or subscription.
9.4 California Residents (CCPA/CPRA)
California residents have the right to know, delete, correct, opt out of sale (we do not sell your data), and non-discrimination. To exercise these rights, email support@xtraktapp.com.
9.5 EEA, UK, and Switzerland (GDPR)
If you are located in the EEA, UK, or Switzerland, you have rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Our lawful bases include performance of contract, legitimate interests, legal obligations, and consent (for optional features including portfolio and civic data). To exercise your rights, email support@xtraktapp.com.
10. Children's Privacy
Xtrakt is not directed to children under 13, and we do not knowingly collect personal information from children under 13. Contact support@xtraktapp.com if you believe a child has provided us with personal information.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the Effective Date and Version, notify you within the App or by email at least 30 days before the change takes effect, and obtain your consent where required by law. Continued use after the effective date constitutes acceptance.
12. Contact Us
For questions about this Privacy Policy or our data practices:
Xtrakt LLC
Attn: Privacy
92 Choctaw St., Guymon, OK 73942
Email: support@xtraktapp.com