Privacy Policy
Last updated: June 17, 2026
Overview
This policy explains what data TrackMRR collects, how we use it, and how we keep it secure. We collect the minimum needed to show you your consolidated revenue.
Data we collect
- Account data: your name, email address, and a securely hashed password.
- Connected provider credentials: Stripe connects through the official Stripe Marketplace app (a read-only OAuth grant); for Polar and RevenueCat you add read-only API keys. Credentials are encrypted at rest and never shown again after entry.
- Revenue metrics: subscription counts, MRR/ARR and revenue figures we fetch from your connected providers, normalized and stored as periodic snapshots.
- Purchase and entitlement data: billing provider customer IDs, App Store transaction IDs, product IDs, subscription status, renewal dates, cancellation status, refund/revocation status, and related metadata needed to keep your TrackMRR plan in sync. We do not store full payment card details.
How we use your data
We use your data solely to operate the Service: to authenticate you, fetch and display your consolidated revenue, verify purchases, grant or revoke paid entitlements, process subscription renewals and refunds, and provide support. We do not sell your data or use it for advertising.
Storage & security
- Provider API keys are encrypted with AES-256-GCM. Plaintext keys are never logged or returned to clients.
- Keys are read-only, so even in the unlikely event of compromise, no funds can be moved.
- All traffic is encrypted in transit (HTTPS).
Third parties
We share data only with the processors required to run the Service:
- Stripe, Polar, RevenueCat: we read your data from them using your keys.
- Stripe (billing): processes TrackMRR web subscription payments. We never store full card details.
- Apple App Store: processes iOS in-app purchases and sends purchase, renewal, refund, and subscription status updates.
- Hosting & database providers: store the data described above on our behalf.
Data retention
We retain your data while your account is active. When you delete a connection, its keys and snapshots are removed. When you delete your account, all associated TrackMRR data is deleted. Payment processors and app stores may retain transaction records under their own legal, tax, fraud-prevention, and customer-support obligations.
Your rights
You can access, correct, export, or delete your data at any time from your account, or by contacting us. We honor applicable data-protection rights (including GDPR/CCPA).
Cookies
We use a single, essential session cookie to keep you signed in. We do not use third-party advertising or tracking cookies.
Changes
We may update this policy; material changes will be communicated via the Service or email.
Contact
Privacy questions? Reach us via the contact page.