1. Overview
This Privacy Policy describes how [ENTITY NAME] ("we," "us," or "our"), operator of the Xtrakt mobile application (the "App"), collects, uses, discloses, and protects information about you.
Xtrakt is an information-aggregation tool that watches topics you select and surfaces updates derived from publicly available sources. By creating an account or using the App, you agree to the practices described in this Policy.
2. Information We Collect
2.1 Information You Provide
- Account information: email address, password (stored hashed by our authentication provider), display name, and optional profile photo.
- Content you create: the topics, keywords, and follow-ups you configure to monitor.
- Communications: messages you send to us at support@xtraktapp.com.
2.2 Information Collected Automatically
- Device information: device brand, model, operating system and version, device type (phone or tablet), and whether the device is a physical device or simulator. We record this at the moment you accept our disclaimer and at other key events for security and audit purposes.
- App version: the version of Xtrakt installed on your device.
- Push notification token: a unique token issued by Apple Push Notification Service (APNs) that lets us deliver notifications. Stored on your user record and refreshed when it changes.
- Subscription state: whether you have an active trial or paid subscription, the tier, and renewal status. This information comes from RevenueCat based on receipts validated with Apple.
- Authentication metadata: sign-in timestamps and authentication tokens managed by Firebase Authentication.
2.3 Information We Do Not Collect
- We do not collect your precise location.
- We do not access your contacts, photos (except a profile photo you choose to upload), microphone, or camera.
- We do not use third-party advertising or analytics SDKs.
- We do not collect web browsing history outside the App.
3. How We Use Your Information
We use the information we collect to:
- Create and maintain your account.
- Authenticate you and protect your account from unauthorized access.
- Provide the core service: monitoring the topics you configure and producing summaries of new information from public sources.
- Deliver push notifications when there is an update for one of your topics.
- Process and validate your subscription, including managing your free trial.
- Respond to your support requests.
- Maintain records of your acceptance of our legal terms (see Section 7).
- Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service.
- Comply with applicable law and respond to lawful requests from authorities.
4. Third-Party Services
We use the following third-party service providers ("Subprocessors") to operate Xtrakt. Each receives only the information necessary to perform its function. We do not share your information with anyone else for their independent use.
| Service | Provider | Purpose |
|---|---|---|
| Firebase Authentication, Firestore, Cloud Storage, Cloud Functions | Google LLC | Account authentication, data storage, server-side logic |
| App Store / In-App Purchase | Apple Inc. | Subscription purchase and receipt validation; push notification delivery via APNs |
| RevenueCat | RevenueCat, Inc. | Subscription state management, entitlement validation |
| Claude API | Anthropic, PBC | AI summarization of public source content (see Section 5) |
| Expo Notifications / OTA Updates | 650 Industries, Inc. | Push notification routing, over-the-air app updates |
| Google Workspace | Google LLC | Email handling for support@xtraktapp.com |
| DNS & Static Hosting | Cloudflare, Inc. | Domain name resolution; hosting of this policy and our Terms of Service |
Each Subprocessor maintains its own privacy practices. We recommend reviewing their policies if you want a complete picture.
5. AI Processing & Anthropic
Xtrakt uses the Claude API from Anthropic, PBC ("Anthropic") to summarize publicly available content related to the topics you configure.
5.1 What We Send to Anthropic
To produce summaries, we send Anthropic:
- The topic, keyword, or follow-up text you have configured.
- Excerpts from publicly available web sources related to that topic.
- System instructions that tell the model how to format its output.
5.2 What We Do Not Send
- We do not send your email address, name, password, device identifiers, or any other personally identifying account information.
- We do not send your push token or subscription state.
- We do not share other users' data with the model when processing your request.
5.3 Anthropic's Use of This Data
Anthropic is contractually a data processor for us under their API terms. Anthropic does not use API content to train their generative models by default. For a complete description of Anthropic's data handling, see Anthropic's Privacy Policy.
5.4 AI Output is Informational
AI-generated summaries can be incomplete, outdated, or incorrect. Xtrakt is an informational tool; nothing in the App constitutes financial, legal, medical, or other professional advice. See the in-App disclaimer and our Terms of Service for further detail.
5.5 Reporting AI Output
If you believe AI-generated content in the App is harmful, inaccurate, or otherwise objectionable, please contact us at support@xtraktapp.com. We review reports and take appropriate action, which may include suppressing specific content or adjusting our prompts.
6. Disclosure & Sharing
We do not sell your personal information. We do not share it for cross-context behavioral advertising. We disclose your information only:
- To the Subprocessors listed in Section 4, for the purposes described there.
- To comply with applicable law, valid legal process, or a lawful government request.
- To enforce our Terms of Service, including investigating potential violations.
- To protect the rights, property, or safety of Xtrakt, our users, or the public.
- In connection with a merger, acquisition, financing, or sale of all or part of our business, in which case we will provide notice before your information is transferred and becomes subject to a different privacy policy.
7. Data Retention
7.1 Active Accounts
While your account is active, we retain the information described in Section 2 for as long as your account exists.
7.2 Account Deletion
You may delete your account from within the App. When you do, we permanently delete:
- Your authentication credentials.
- Your user profile, including email address and display name.
- The topics, keywords, and follow-ups you created.
- Your weekly briefs and update history.
- Your profile photo, if any.
This deletion is performed by a server-side function and typically completes within seconds. Backups maintained by our cloud providers may retain residual copies for a short period (typically up to 30 days) before automatic deletion. We do not retrieve data from backups for any purpose other than disaster recovery.
7.3 Disclaimer Acceptance Records
When you accept our disclaimer and Terms of Service, we record the event in a separate audit log. Each record includes:
- Your user ID and email address at the time of acceptance
- The version and date of the disclaimer accepted
- The date and time of acceptance
- Device information (brand, model, operating system, app version)
These records are retained for up to seven (7) years after acceptance, even if you delete your account. We retain them because they constitute legal proof of your agreement to our terms, which may be needed to resolve disputes. We treat these records as confidential and disclose them only as described in Section 6.
7.4 Communications
We retain emails you send to support@xtraktapp.com for as long as necessary to provide support and for a reasonable period thereafter for our records.
8. Security
We use industry-standard measures to protect your information:
- Encryption in transit (HTTPS/TLS) for all communications between the App and our servers.
- Encryption at rest for data stored in Firebase and Cloud Storage.
- Authentication tokens managed by Firebase Authentication, with industry-standard hashing for passwords.
- Server-side access rules that restrict each user's data to that user.
- Subprocessor agreements that require comparable protections.
No system is perfectly secure. If we become aware of a security incident affecting your information, we will notify you and applicable authorities as required by law.
9. Your Rights & Choices
9.1 Access, Correction, and Deletion
You can view and edit most of your account information directly within the App. You can permanently delete your account from the App's settings (see Section 7.2). To request a copy of your data or correction of inaccurate information, email us at support@xtraktapp.com.
9.2 Notifications
You can disable push notifications in your device settings at any time. Doing so does not affect your account or subscription.
9.3 California Residents (CCPA/CPRA)
If you are a California resident, you have the following rights:
- Right to know: what personal information we collect, use, and disclose about you.
- Right to delete: request deletion of your personal information (subject to legal exceptions like Section 7.3).
- Right to correct: request correction of inaccurate personal information.
- Right to opt-out of sale or sharing: we do not sell or share your personal information for cross-context behavioral advertising, so this right is automatically honored.
- Right to non-discrimination: we will not deny services, charge different prices, or provide a different level of service because you exercised your rights.
To exercise these rights, email support@xtraktapp.com. We may need to verify your identity before processing certain requests.
9.4 European Economic Area, United Kingdom, and Switzerland (GDPR)
If you are located in the EEA, UK, or Switzerland, you have the following rights under applicable data protection law:
- Access to your personal data.
- Rectification of inaccurate data.
- Erasure ("right to be forgotten"), subject to legal exceptions.
- Restriction of processing.
- Data portability.
- Objection to processing.
- Withdrawal of consent at any time, where processing is based on consent.
Our lawful bases for processing your personal data are: (a) performance of a contract with you (running your account), (b) our legitimate interests (security, fraud prevention, service improvement), (c) compliance with legal obligations, and (d) consent (for optional features). To exercise your rights, email support@xtraktapp.com. You also have the right to lodge a complaint with your local supervisory authority.
10. Children's Privacy
Xtrakt is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact support@xtraktapp.com and we will delete the information.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Effective Date" and "Version" at the top of this page.
- Notify you within the App or by email at least 30 days before the change takes effect, when the change is material.
- Where required by law, obtain your consent before the change applies to you.
Continued use of the App after the effective date of a revised Policy constitutes acceptance of the revised terms.
12. Contact Us
For questions about this Privacy Policy or our data practices, contact us at:
[ENTITY NAME]
Attn: Privacy
[ENTITY ADDRESS]
Email: support@xtraktapp.com