Privacy Policy

Information We Collect

Information you provide directly

When you use AviorTrack, the following information is stored on your device only:

• Caregiver name — used to identify who logged an entry (e.g., "Mom," "Teacher"). You may use any name or nickname.
• Child profiles — first names or nicknames you create. We do not collect dates of birth, school names, diagnoses, or other identifying details.
• Behavioral log entries — timestamps, selected behaviors, severity levels, triggers, notes, and observer names. These are your private records and never leave your device unless you explicitly enable cloud sync.
• App preferences — notification settings, display options, and other configuration you set in the app.

Information collected automatically

• Anonymous usage analytics (opt-out available in Settings → Analytics) — If you have not opted out, we collect anonymized data about which features are used (e.g., "report generated," "entry saved"). This data contains no personal information, no names, no log entries, no notes, and no information about the children in your care. See the PostHog section below.
• Subscription status — Whether your account has an active AviorTrack Pro subscription, processed through RevenueCat. See the RevenueCat section below.

How Your Data Is Stored

All behavioral data, child profiles, and caregiver information is stored locally on your device using your device's standard app storage. It is not transmitted to any server unless you choose to enable cloud backup or family sync.

Your encryption vault key — the key that protects synced data — is stored in your device's secure enclave (iOS Keychain on iPhone, Android Keystore on Android). AviorTrack's servers cannot access this key. Neither can we.

End-to-End Encryption

When you enable cloud sync, your data is encrypted on your device before it ever leaves it, using XSalsa20-Poly1305 encryption (via the NaCl cryptography library). This means:

• Your data travels to and is stored on our sync servers in fully encrypted form.
• The sync servers can see that data exists, but cannot read any of its contents — not the child's name, not the behavior logged, not any notes.
• Only devices that hold your vault key can decrypt the data.
• Your vault key is represented as a 24-word recovery phrase. If you lose this phrase and lose access to all enrolled devices, your cloud data cannot be recovered. Store your recovery kit somewhere safe.

Cloud Account and Sync (Optional)

Cloud features — including account creation and family sync — are optional. If you choose to create an account:

• Your email address and a hashed password are stored with Supabase, our authentication and cloud storage provider. See the Supabase section below.
• A family group identifier is stored in Supabase to associate devices that belong to the same family sync group. This record includes your account's unique identifier and the family group you belong to.
• Your encrypted behavioral entries, child profiles, behaviors, triggers, and other app data are stored in Supabase as encrypted payloads. The content of these records is encrypted on your device before transmission and cannot be read by Supabase or AviorTrack.

If you never create an account, no data ever leaves your device.

Camera Use

AviorTrack requests access to your device's camera only for scanning the QR code shown on another caregiver's device during family vault setup. The camera is not used to capture, store, or transmit photos or video. You may decline camera access and enter the invite code manually instead.

Third-Party Services

Supabase

Used for account authentication and cloud storage. Supabase stores your email address and hashed credentials to manage your login. When you enable cloud sync, Supabase also stores your family membership record and the encrypted payloads of your synced data. The content of your entries, child profiles, and notes is encrypted on your device before reaching Supabase and cannot be read by Supabase or by us. Supabase's privacy policy is available at supabase.com/privacy.

RevenueCat

Used to manage AviorTrack Pro subscriptions and in-app purchases. RevenueCat receives a device-specific anonymous identifier and your purchase history (e.g., which subscription plan you purchased and its status). If you create a cloud account, RevenueCat also receives a pseudonymous account identifier to link your subscription to your account. RevenueCat does not receive your name, email, or any information from your behavioral logs. RevenueCat's privacy policy is available at revenuecat.com/privacy.

PostHog

Used for anonymous usage analytics, only if you have not opted out in Settings. PostHog receives anonymized events such as which app screens you visit and which features you use. PostHog never receives names, log entry contents, notes, child profiles, or any personally identifiable information. You can opt out of analytics at any time in Settings → Analytics. PostHog's privacy policy is available at posthog.com/privacy.

Notifications

Teaching reminders, daily entry reminders, and backup reminders are scheduled locally on your device using iOS or Android's built-in notification system. No notification content is transmitted to any external server.

Children's Privacy

AviorTrack is designed for use by parents, caregivers, and educators. The app is not directed at children, and children do not interact with the app directly. Information about children — such as first names and behavioral observations — is entered by adults and stored under the adult's account.

We do not knowingly collect personal information from children under 13. All information about children in the app is provided by the caregiver who uses the app and is stored under their control, on their device.

Because behavioral health data is sensitive, we have taken deliberate steps to keep it private: it is stored locally by default, encrypted when synced, and never used for advertising, data brokerage, or any purpose other than displaying it back to you in the app.

Data Retention and Deletion

You are in control of your data.

• To delete all your data: Tap Delete All Data in the Danger Zone section of Settings. This permanently removes all entries, child profiles, and settings from your device. If you are signed in to a cloud account, it also deletes your account record, family membership, and all encrypted cloud backups from our servers. You may alternatively contact us at support@aviortrack.com to request cloud account deletion; all cloud data is fully purged within 30 days of your request.
• To export your data: Go to Settings → Data Export (CSV) to generate a CSV file, or Settings → Manual File Backup & Restore to export a full JSON backup to your device.

If you uninstall the app without resetting, local data may remain on your device per your operating system's standard behavior. Your cloud account and encrypted sync data will remain until you request deletion.

Your Rights

Depending on where you live, you may have rights regarding your personal information, including the right to access, correct, or delete it. Because most data in AviorTrack lives on your own device, you can exercise most of these rights directly within the app. For anything related to your cloud account, contact us using the information below.

If you are located in the European Economic Area or the United Kingdom, you may have additional rights under the GDPR, including the right to data portability and the right to lodge a complaint with your local supervisory authority. If you are a California resident, you may have rights under the CCPA, including the right to know what personal information is collected and the right to request deletion.

Data Security

We take reasonable technical measures to protect your information:

• Vault keys are stored in hardware-backed secure storage (iOS Keychain / Android Keystore).
• Cloud-synced data is encrypted end-to-end before transmission using XSalsa20-Poly1305 (NaCl).
• Passwords are never stored in plain text.
• No behavioral data is ever used for advertising or sold to third parties.

No system is perfectly secure. If you have a security concern, please contact us directly.

Changes to This Policy

If we make material changes to this privacy policy, we will update the "Last updated" date above. For significant changes, we will notify you within the app.