Skip to content

Privacy Policy

Last updated 17 Jul 2026

This policy explains what TrackBritain collects, why, how long we keep it, and how you stay in control of it. We've tried to write it in plain English rather than the minimum legally defensible text — if anything here is unclear, contact us and we'll fix the wording, not just answer the question once.

Who we are

TrackBritain ("we", "us") is the data controller for the personal data described in this policy. You can reach us using the contact details at the bottom of this page, or via our contact form.

What we collect, and why

Account basics: your email address and a hashed password, so you can sign in. We never store your password in plain text.

Profile — kept deliberately minimal: month and year of birth (not a full date of birth), your broad UK region (one of 12 ITL1 areas, not a postcode), and — only where a specific benchmark genuinely needs it — your sex, which is always optional and "prefer not to say" is a first-class choice, never a forced field. We collect the minimum a benchmark needs to place you in a cohort, and nothing more.

The values you log: whatever you choose to track — a weight, a savings balance, a mood score, a salary. This is the core of the service and it is never shared, sold, or used to train any third-party model.

Technical data: IP address (stored as a one-way hash, not the raw address), browser/device information, and basic usage analytics — only once you've consented to analytics cookies (see our Cookie Policy).

Special-category health data — Article 9

Some trackers record health data as defined by UK GDPR Article 9 — for example weight, blood pressure, blood sugar (HbA1c), cholesterol, or a quit-smoking streak. Health data gets a materially higher bar than the rest of your account:

Explicit consent, every time. Turning on a health tracker asks for a separate, specific opt-in naming that exact tracker — enabling "blood pressure" is never treated as consent for "HbA1c", and neither is ever bundled into accepting these terms or creating your account.

Granular and withdrawable. You can withdraw consent for any single health tracker at any time, independently of the others, from that tracker's settings. Withdrawing consent stops future processing; it does not retroactively delete history you've already asked us to keep, unless you separately request erasure (see "Your rights", below).

Recorded, not assumed. Every grant and withdrawal is written to an append-only consent record, tied to the exact wording of the policy you saw at the time — so we can always show you (or a regulator) exactly what you agreed to and when.

Never sent to analytics. Analytics tools (Google Analytics 4) only ever receive an event name and a tracker's category — e.g. that you viewed "weight" — never the number itself. Sending your actual weight, blood pressure reading or mood score to an analytics platform would be sending special-category data to a third party with no lawful basis for doing so, and we have designed the system so that isn't possible, not merely promised that it won't happen.

Our legal basis for processing

Account data and the values you log: performance of a contract — we need this data to provide the service you signed up for.

Health data specifically: your explicit consent (UK GDPR Article 9(2)(a)), obtained separately for each health tracker as described above.

Analytics: your consent, via the cookie banner — see our Cookie Policy.

Fraud prevention and abuse protection (rate limiting, bot detection on public forms): our legitimate interest in keeping the service secure and available.

Who we share it with

We do not sell your data. We do not share it with data brokers. We do not advertise inside your dashboard, and we never will (see our Pricing page).

We use a small number of processors strictly to run the service, each bound by a data-processing agreement: our hosting and network provider (a dedicated server behind Cloudflare, which runs the application and provides content-delivery and DDoS protection); Amazon Web Services (Simple Email Service), to send verification codes and, if you opt in, the weekly digest; Cloudflare Turnstile, to tell humans from bots on public forms; Sentry, an error-monitoring service that receives the technical details of a crash so we can fix it — never your logged values, which are stripped out before anything is sent; and — only once you've consented — Google Analytics 4, which never receives your logged values (see above). If we ever enable paid plans, card payments would be handled by Stripe, and we would never see or store your full card details.

Where your data is processed

Your account database is hosted within the UK. Some of our processors operate globally, so limited personal data may be transferred outside the UK:

Email — verification codes and, if you opt in, the weekly digest — is sent via Amazon Web Services SES, which processes it in the United States. Cloudflare (content delivery and bot protection) and, only with your consent, Google Analytics 4 may process technical data in the United States and elsewhere. Error diagnostics are processed by Sentry in the European Union (Germany) — a jurisdiction the UK recognises as providing an adequate level of data protection, so no additional safeguard is required.

Where data leaves the UK for a country without a UK adequacy decision, it is protected by an appropriate safeguard under UK GDPR — the UK's International Data Transfer Agreement, or the UK Extension to the EU–US Data Privacy Framework under which these providers are certified. Your logged tracker values are never transferred for analytics, advertising or error monitoring.

How we protect your data

Security is designed in, not bolted on:

Passwords are hashed with bcrypt and never stored in plain text. Session tokens are stored only as a one-way hash, so a database leak yields no usable login. Optional two-factor authentication stores its secret encrypted with AES-256-GCM. IP addresses are stored as a one-way hash, never in the raw.

The database runs on a private network, is not exposed to the public internet, and its backups are encrypted. And analytics can never receive one of your logged values or a health reading — that restriction is enforced in code, not merely promised in a policy.

No system is perfectly secure, but we hold your health and financial data to the standard its sensitivity demands.

How long we keep it

Your account and logged history are kept for as long as your account is open — this is a decade-long product by design, and we do not auto-delete a user's own history. If you delete your account, we remove your personal data and logged entries; a minimal audit trail proving the deletion happened (not its contents) is kept for our own compliance record. Consent records are kept for as long as the consent they describe is relevant, so we can always demonstrate what you agreed to.

Your rights

Under UK GDPR you have the right to access your data (Article 15), have it corrected, have it erased (Article 17, "the right to be forgotten"), restrict or object to processing, and receive it in a portable format (Article 20). We've built these as self-service tools rather than a support ticket queue — see our Data Rights page for exactly how to exercise each one. Where a right can't be self-served yet, contact us and we'll action it within one calendar month, as UK GDPR requires.

Automated decisions and profiling

TrackBritain shows you patterns in your own data — a Life Score, correlations between your trackers, and where you stand against UK official statistics. These are descriptive and arithmetic: they describe your own numbers and public statistics, and they never make a decision about you, take an action against you, or produce a legal or similarly significant effect. We do not carry out automated decision-making of the kind covered by UK GDPR Article 22, and — by deliberate design, enforced as a hard rule in our code — our insights never give financial or medical advice or tell you what to do.

Children

TrackBritain is not directed at, and is not intended for, anyone under 18. We do not knowingly collect data from children.

Complaints

If you're unhappy with how we've handled your data, please contact us first — we'd like the chance to put it right. You also have the right to complain to the Information Commissioner's Office (ICO), the UK's data-protection regulator, at ico.org.uk or on 0303 123 1113. Complaining to us does not affect your right to complain to the ICO.

Changes to this policy

If we change this policy materially, we'll tell you — by email if the change affects health data specifically, and always by updating the date below. We won't apply a materially different use of your existing data without asking you first.

Questions about this policy

Use our contact form, or write to us using the address on that page.