Privacy Policy
Effective date: April 24, 2026 · Last updated: April 24, 2026
The short version: Trekka does not ask for an email, password, name, or social login. On first launch the App generates an anonymous ID on your device so your routes, step totals, and purchases can sync with our backend. With your permission, the App reads your step count, walking/running distance, and flights climbed from Apple Health and sends those totals to our server to advance your virtual route progress. We never collect your real name, GPS location, contacts, photos, or advertising identifiers, and we never sell your data.
1. Who We Are
Trekka ("the App", "we", "us", "our") is developed and operated by Parker Siroishka, based in Canada. You can reach us at contacttrekka@gmail.com.
2. Information We Collect
We collect only what is necessary to operate the App. The table below summarises everything that leaves your device.
| Data | Source | Why | Stored? |
|---|---|---|---|
| Anonymous user ID (random UUID) | Generated on your device on first launch and stored in the iOS Keychain (with iCloud Keychain sync enabled, so it follows your Apple ID across your devices) | Identify you to our backend without requiring an account | Yes, stored in our database as your user record |
| Apple Health data: step count, walking + running distance, flights climbed | Apple HealthKit, only after you grant permission. Background delivery is used so totals can sync while the App is in the background. | Calculate progress along virtual routes, daily streaks, and lifetime totals | Aggregated daily totals (steps, distance in metres, elevation in metres) and a per-route running tally are stored against your anonymous user ID. Raw HealthKit samples are not retained. |
| Profile data: display name, avatar icon choice, time zone | You (display name, avatar) and your device (time zone) | Personalise the App and calculate streaks in your local time | Yes, linked to your anonymous user ID. The default display name is randomly generated (e.g. "user_a1b2c3d4"); you may change it. |
| App preferences: daily step goal, distance unit (metric/imperial), theme | You | Apply your settings consistently across devices | Yes, linked to your anonymous user ID |
| Route progress, completed routes, and shoe entries (name, accumulated steps/distance/elevation) | Derived from your synced health totals and choices in the App | Power the route, stats, and shoe-tracking features | Yes, linked to your anonymous user ID |
| Authentication tokens (JWT access + refresh token) | Issued by our server | Keep you signed in to your anonymous account between launches and across your devices via iCloud Keychain | Tokens are stored in your iOS Keychain. The current refresh token and your premium expiry timestamp are also stored on the server against your user ID. |
| Apple purchase receipt (StoreKit 2 JWS token) and the resulting transaction ID | Apple / StoreKit 2 when you make a purchase | Verify the purchase with Apple's servers and unlock premium content | Transaction ID is stored server-side against your user ID. The JWS token itself is verified on receipt and not retained. |
| Network request metadata (IP address, request headers, basic logs) | Automatic when your device contacts our backend | Operate the API, prevent abuse, debug errors | Standard server access logs at our hosting provider; not linked to your real-world identity |
| Crash and performance data | Apple's built-in App Analytics (only if you have enabled "Share With App Developers" in iOS Settings > Privacy & Security > Analytics & Improvements) | Diagnose bugs and crashes | Provided to us by Apple in aggregated, de-identified form. We do not use Firebase, Crashlytics, Sentry, Mixpanel, Amplitude, Segment, or any other third-party analytics or crash-reporting SDK. |
What we do NOT collect
- Your real name, email address, phone number, or password. The App has no email/password sign-in or social login
- Your GPS coordinates or device location. The App does not request location permission and does not use Core Location
- Heart rate, sleep, workouts, or any other Apple Health data beyond steps, walking + running distance, and flights climbed
- Contacts, photos, microphone, camera, or files outside the App
- The Identifier for Advertisers (IDFA) or any other advertising identifier
- Third-party analytics, advertising, attribution, or social-media tracking
3. How We Use Your Information
We use the data we collect solely to:
- Operate the App: turn your Apple Health totals into route progress, daily activity records, streaks, and shoe mileage; sync your preferences and profile across your devices
- Validate purchases: confirm a valid Trailhead Pass transaction with Apple's servers and unlock the corresponding content
- Send local notifications: if you grant notification permission, the App schedules local notifications on your device when you reach 25%/50%/75%/100% of a route. We do not send push notifications from our servers.
- Maintain service integrity: detect and prevent fraudulent or duplicate transaction claims and rate-limit abusive traffic
- Improve stability: review aggregated crash and performance data provided by Apple to fix bugs
We do not use your information for advertising, profiling, or any automated decision-making that produces legal or similarly significant effects. Health data received through HealthKit is used only to operate the features described above; it is never used for advertising, sold or shared with data brokers, or disclosed to third parties.
4. Third Parties & Subprocessors
We share data with third parties only as necessary to operate the App:
Apple Inc.
HealthKit data stays on your device until you grant the App permission to read it. In-app purchases are processed entirely by Apple through StoreKit 2 and authentication tokens you store via iCloud Keychain are managed by Apple. Apple's privacy practices govern what Apple itself collects from you. See Apple's Privacy Policy.
Railway (hosting)
Our backend API and PostgreSQL database run on Railway. Railway processes the request data required to serve API calls (IP address, request payload, server logs) and stores the database described in Section 2. See Railway's Privacy Policy. The region in which our backend is hosted is Railway's US-West 1 region.
We do not sell, rent, or trade your information to any third party for their own commercial purposes.
5. Data Retention
Your account record, profile, preferences, daily activity totals, route progress, shoes, and purchase records are retained for as long as your anonymous account exists. You can delete everything at any time using the in-app "Delete Account" option (see Section 7), which permanently and irreversibly removes your user record and all linked data from our database.
Health data older than your account's creation date is automatically discarded by our server even if your device sends it (HealthKit can supply up to ~90 days of historical samples). Server access logs at our hosting provider are kept for the provider's standard retention period.
6. Children's Privacy
Trekka is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at contacttrekka@gmail.com and we will delete it promptly.
7. Your Rights & Choices
In-app controls
- Apple Health: you can grant, restrict, or revoke Trekka's access to each Health data type at any time in iOS Settings > Privacy & Security > Health > Trekka. Revoking access stops new syncs immediately.
- Notifications: manage in iOS Settings > Notifications > Trekka.
- Delete your account: the App offers a "Delete Account" action that calls our server and permanently removes your user record, daily activities, route progress, shoes, preferences, and purchase records. This is irreversible. (Apple manages your purchase history and any refund requests separately.)
Depending on where you live, you may have additional rights regarding your personal information. Because we collect very little personal data and have no way to identify you outside your anonymous user ID, most requests can be fully satisfied by the in-app delete action or by contacting us with your display name.
Canadian residents (PIPEDA / Québec Law 25)
- Right to know what personal information we hold about you
- Right to correct inaccurate information
- Right to withdraw consent (where processing is consent-based)
EEA / UK residents (GDPR / UK GDPR)
- Rights of access, rectification, erasure, restriction, and portability
- Right to object to processing
- Right to lodge a complaint with your local supervisory authority
California residents (CCPA / CPRA)
- Right to know, delete, correct, and opt out of sale or sharing (we do not sell or share personal information)
To exercise any of these rights, contact us at contacttrekka@gmail.com. We will respond within 30 days.
8. Security
We use industry-standard measures to protect data in transit and at rest:
- TLS/HTTPS for all communication between the App and our servers in production builds
- Authentication tokens and your anonymous user ID are stored in the iOS Keychain (synchronised through iCloud Keychain when you have it enabled, so they remain encrypted by Apple in transit and at rest)
- Cryptographic verification of Apple StoreKit 2 JWS purchase tokens server-side
- JWT-based authorisation with short-lived access tokens and rotating refresh tokens
No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but commit to prompt notification of any breach affecting your personal information where required by law.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, for example, adding a new data type, a new third-party integration, or a feature like real account sign-in or location tracking, we will provide notice within the App or through the App Store update notes. Continued use of the App after changes take effect constitutes acceptance of the revised policy.
10. Contact Us
If you have questions, concerns, or requests relating to this Privacy Policy or the handling of your personal information, please contact:
Parker Siroishka
Calgary, Alberta, Canada
contacttrekka@gmail.com