TrackR Privacy Policy
Effective Date: April 29, 2026 Last Updated: April 29, 2026
This Privacy Policy describes how Lanting Digital LLC ("we", "us", "TrackR") collects, uses, and shares information when you use the TrackR mobile application ("the Service"). By using TrackR, you agree to the practices described here. If you do not agree, please do not use TrackR.
1. Information We Collect
1.1 Information you provide
When you create an account or sign in with Apple, Google, or email/password, we collect your email address, display name, and profile photo via Firebase Authentication. As you use TrackR you create ride logs (parks, rides, dates, ratings, free-text notes, and photos you optionally attach), community content (posts, comments, ranked lists, friend connections, reactions), and subscription/purchase records (subscription tier and purchase history for TrackR Pro and any merchandise purchases). Payment card details are processed by Stripe and Apple — we do not receive or store your full card number.
1.2 Information collected automatically
Device and usage data is limited. When you interact with TrackR, our backend (Firebase Cloud Functions) processes requests; standard server logs (timestamp, request endpoint, sometimes IP address for abuse prevention) are retained briefly. We do not currently use third-party analytics, crash reporting, or attribution services. App Store Connect provides aggregate crash and performance data from Apple, which is governed by Apple's privacy policy.
Approximate and precise location, with your permission, foreground only ("when in use"), used to display in-park maps and walking directions; raw location is not transmitted to our servers unless you choose to share a check-in or post that includes location.
HealthKit data, with your explicit permission: TrackR reads your step count, walking/running distance, and flights climbed from Apple HealthKit on-device only. TrackR never transmits, stores, sells, or shares HealthKit data with any third party or with our own servers. TrackR does not write any data back to HealthKit.
1.3 Information from third parties
If you sign in with Apple or Google, we receive the basic profile fields you authorize (name and email). We do not buy or rent personal data from third parties.
TrackR does not engage in cross-context behavioral advertising. We do not sell your personal information. We do not share your data with advertisers, data brokers, or aggregators.
2. How We Use Information
We use the information we collect to:
- Operate, maintain, and improve TrackR features (logging, community, ratings, maps, card collection, gameplay).
- Authenticate your account and prevent fraud, abuse, and unauthorized access.
- Process subscription and merchandise payments through Apple and Stripe.
- Generate audio narration on article pages and in gameplay via ElevenLabs (article and gameplay scripts are sent; your account or location data is not).
- Send transactional notifications (account verification, friend requests, ride reminders). We do not send marketing email at this time.
- Comply with legal obligations and enforce our Terms of Service.
3. How We Share Information
We do not sell your personal information. We share data only as needed to operate TrackR:
| Recipient | Purpose | Data shared |
|---|---|---|
| Google Firebase (operated by Google LLC) | Authentication, database, file storage, Cloud Functions backend, hosting | Account info, ride logs, community content, ride photos |
| Apple | App Store distribution, in-app purchases, Apple Sign-In, push notifications via APNs, HealthKit (on-device only — data does not leave your device) | Subscription receipts, push notification metadata (device token, delivery timestamp); HealthKit data not transmitted |
| Google Sign-In | Optional federated login | Authorization tokens (we receive your name + email if you choose Google sign-in) |
| Stripe | Merchandise payments and any non-Apple-billed transactions | Purchase amount, anonymized customer identifier (no card number, no CVC) |
| ElevenLabs | Audio narration synthesis for article and gameplay content | Text scripts only — no account data, location, or HealthKit data |
| Other users | Public profile information, ride logs you mark public, community posts | Whatever you choose to make public via your privacy settings |
| Law enforcement | Compliance with valid legal process | Only the minimum required by law; we push back on overbroad requests |
We rely on third-party content providers (such as ThemeParks.wiki) for park hours, ride specifications, and live wait-time data. Our backend fetches this data periodically; no user data is sent to these providers.
We may share aggregated, de-identified data (e.g., "the most-logged ride at Cedar Point this month" or "TrackR users rated this coaster 4.6/5 on average") for business intelligence, partnership discussions, or public posts. This data is aggregated to prevent re-identification of any individual user.
In the event of a merger, acquisition, or sale of substantially all of Lanting Digital LLC's assets, your information may be transferred to the acquiring entity. The acquiring entity will be bound by the commitments in this Privacy Policy, or you will be notified and given the opportunity to delete your account before the transfer takes effect.
Privacy settings. TrackR offers two visibility tiers. Your account-level setting (public or private) defines the default for new posts and ride logs. You can override visibility on individual posts (public, or friends-only). When you mark content public, other users can see it; when you mark content private or friends-only, only you and any friends you've explicitly added can see it. Some account information (your display name and profile photo when surfaced through friend search) is always shared with users you connect with.
4. Data Retention
Account data is retained while your account is active and for up to 30 days after account deletion. During this 30-day grace period you can restore your account by signing back in; after 30 days, your data is permanently purged from our active databases. Backup copies follow Firebase's standard 30-day backup retention and are purged within that window.
Ride logs, ratings, and community content are retained for as long as your account exists. You can delete individual entries from the app at any time, which removes them from active databases within 24 hours.
Subscription, purchase, and tax records are retained for 7 years after the last transaction, as required by US tax and accounting laws (Internal Revenue Code §6001 / 26 CFR 1.6001-1), regardless of account-deletion requests. These records contain only transactional information (amount, date, subscription tier) — not your ride logs or community content.
Aggregated, de-identified data — for example, the contribution any individual user made to "TrackR users rated this coaster 4.6/5" or "TrackR users visited Cedar Point in May" — persists after account deletion as part of the broader community statistic. This data cannot reasonably be linked back to any individual user and is not affected by account-deletion requests.
5. Your Rights and Choices
Depending on your jurisdiction, you may have the right to:
- Access the data we hold about you
- Correct inaccurate data via the in-app profile editor or by contacting us
- Delete your account and associated data via Settings → Account → Delete Account
- Export a copy of your data (contact us at the email below)
- Object to or restrict certain processing
- Opt out of analytics on a per-device basis (Settings → Privacy → Analytics)
Residents of California (CCPA), the EEA/UK (GDPR), and similar jurisdictions have additional rights, including the right to lodge a complaint with a supervisory authority. To exercise any of these rights, email us at privacy@ridetrackr.app.
6. Children's Privacy
TrackR is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, contact us at privacy@ridetrackr.app and we will delete it promptly.
7. Security
We use industry-standard practices to protect your data, including HTTPS for all network traffic, Firebase Security Rules for database access control, and encrypted storage at rest. No system is perfectly secure; you use TrackR at your own risk and should choose a strong, unique password. If you suspect your account has been compromised, contact us at privacy@ridetrackr.app immediately.
8. International Data Transfers
TrackR's backend infrastructure is hosted in the United States via Google Firebase / Cloud Firestore. If you access TrackR from outside the United States, your information will be transferred to and processed in the United States. By using TrackR, you consent to this transfer. We rely on Google Firebase's Standard Contractual Clauses (SCCs) for transfers from the EEA/UK to the United States.
9. Third-Party Links
TrackR may contain links to third-party sites (e.g., theme park websites, ticket retailers, news articles, community partner sites). We are not responsible for the privacy practices of those sites. Review their privacy policies before sharing data with them. We may earn affiliate revenue from links to ticket retailers and travel-booking partners; this does not affect your price or our editorial independence in coaster ratings and recommendations.
10. Changes to This Policy
We may update this Privacy Policy. Material changes will be communicated in-app and the "Last Updated" date above will reflect the change. Continued use after changes constitutes acceptance.
11. Contact Us
Lanting Digital LLC Riverside, CA, United States
- Privacy: privacy@ridetrackr.app
- Legal: legal@ridetrackr.app
- Support: support@ridetrackr.app