Privacy Policy

Last updated: 27 May 2026

1. Who we are

TrueTrack is operated by Long Term Optimist (LTO) Advisory, registered in England and Wales (company number 15197927). We are registered with the Information Commissioner’s Office (ICO registration number [ICO NUMBER]).

For any privacy-related questions, contact us at privacy@truetrack.coach.

2. What data we collect

  • Account data: Your name and email address, collected when you register.
  • Session content: The messages you send during coaching sessions. This is the core of the service and is stored encrypted.
  • Usage data: Session counts, session duration, and which coaching modes you use. Used to manage your subscription and improve the service.
  • Payment data: Payment is processed by Stripe. We do not store your card details. Stripe's privacy policy applies to payment data.
  • Technical data: IP address, browser type, and device information collected automatically when you use the service.

3. How we use your data

We use your data to:

  • Provide and operate the TrueTrack coaching service
  • Enable persistent memory across your sessions
  • Manage your subscription and process payments
  • Send you service-related communications (account notices, billing)
  • Improve the service based on aggregated, anonymised usage patterns

Your session content is never used to train AI models. We cannot read your sessions.

4. How we protect your data

All session content is encrypted end-to-end using AES-256-GCM with a key derived uniquely for your account using HKDF-SHA256. This means your coaching conversations are cryptographically protected and inaccessible to TrueTrack staff.

Data is stored on servers located in the European Economic Area (EEA). We use Supabase for data storage, which is SOC 2 Type II certified.

5. How long we keep your data

We keep your data for as long as your account is active. If you cancel your subscription, your data remains accessible to you for 30 days. After that period, your session content is cryptographically erased and your account data is deleted from our systems within 90 days.

You can request deletion of your data at any time by contacting privacy@truetrack.coach.

6. Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability (receive your data in a machine-readable format)
  • Withdraw consent at any time where processing is based on consent

To exercise any of these rights, email privacy@truetrack.coach. We will respond within 30 days. If you are not satisfied with our response, you have the right to complain to the ICO at ico.org.uk.

7. Cookies

TrueTrack uses essential cookies only: session authentication cookies required for you to stay signed in. We do not use advertising, tracking, or analytics cookies. No third-party cookies are set on this site.

8. Third parties

We share data with the following third parties only as necessary to operate the service:

  • Clerk: User authentication and account management
  • Supabase: Encrypted data storage
  • Stripe: Payment processing
  • Anthropic: AI model inference (session messages are processed; not stored or used for training)
  • Vercel: Application hosting

We do not sell your data to any third party. Ever.

9. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email at least 14 days before the changes take effect. The date at the top of this page shows when it was last updated.