Skratch Tracker — Privacy Policy

Effective date: 16 May 2026

This Privacy Policy explains how Skratch Tracker (the “App”) collects, uses, stores and shares personal data. The App is operated by Harry Roderick Johannes Spiller (“we”, “us”, “our”). Contact: hrjs781@icloud.com.

This policy is written for the current pre-release/TestFlight version of the App. If the App is later transferred to a company, or if advertising such as Google AdMob is introduced, this policy must be updated before that change goes live.

1. Who is responsible for your data?

The data controller for data processed by the App is Harry Roderick Johannes Spiller, currently based in the United Kingdom. Email: hrjs781@icloud.com.

Where third-party services process data under their own terms or for their own legally permitted purposes, including Apple and Google/Firebase, their own privacy notices may also apply.

2. App features and data map

The App currently uses Firebase Authentication, Cloud Firestore, Firebase AI Logic, Firebase App Check, Firebase Analytics, Firebase Crashlytics and Firebase Cloud Messaging/Messaging. The Firestore database location is europe-west2 (London).

Most symptom tracking data is intended to remain local to your device. Local data may include symptom logs, skin photographs, treatment records, self-check and recovery quiz answers, region preference and PDF exports created by you. Photos are stored on-device and are not sent to Firebase AI or Firestore by the App in the current version.

If you create an account or enable online signal-sharing features, limited account and signal-sharing data is stored in Firebase. This may include your Firebase user ID, Sign in with Apple account identifiers made available to the App, signal-sharing profile records, linked-contact relationship records, invite/link records, generic concern-level status or signal state, treatment-status category needed for signal logic, timestamps and technical metadata.

Signal sharing is designed to share a generic status/signal with linked users. It is not designed to share symptom details, photographs, names of contacts, free-text notes, email addresses, Apple identifiers, invite codes or full raw logs.

3. Health-related and sensitive data

Information about symptoms, skin photographs, treatment use, contacts, AI questions and app context may reveal health-related information. We treat this as sensitive and seek to minimise what is processed outside your device.

Signal sharing does not share symptom details. It uses a generic alert/status to linked users if your concern level reaches the highest threshold and signal sharing is enabled.

The AI feature may receive health-related context only if you choose to use AI and, for app-context mode, opt in to sending a minimised app-context summary. Do not use the AI feature for emergencies or for confidential information you do not want processed by an external AI service.

4. Legal bases for processing

For UK GDPR and EU GDPR purposes, we rely on the following legal bases where applicable:

• Contract or steps necessary to provide the requested service: to operate core app functionality, account features, signal sharing, Firestore-backed linking, AI responses requested by you, and account deletion.
• Explicit consent / consent: for optional analytics collection; for context-aware AI where health-related app context is sent to Firebase AI / Google; and for optional AI-improvement review where AI questions, AI responses and selected app context are stored or reviewed to improve the feature.
• Legitimate interests: for security, fraud prevention, abuse prevention, app reliability, Crashlytics diagnostics, App Check and necessary service logs, provided this does not override your rights and freedoms.
• Legal obligation: where we must retain or disclose limited information to comply with law, regulator requests or legal process.

5. Analytics consent

Firebase Analytics is optional. The App is intended not to enable Firebase Analytics until you have been shown a clear choice and you select “Allow analytics” or equivalent. If you decline, the App should remain usable and Firebase Analytics should stay disabled.

Analytics is used only to monitor aggregate app and feature use. We do not use Analytics for advertising, profiling, eligibility decisions, medical decisions or automated decision-making. We do not knowingly send symptom details, photographs, AI question text, treatment entries, body areas, contact names, invite codes, Apple identifiers, email addresses, free-text notes, or quiz answers to Analytics.

Analytics events should be broad feature-use events only, such as opening a screen, using export, opening AI, using signal sharing or completing a non-content-specific flow. You can withdraw Analytics consent in the App’s settings where implemented.

6. Crashlytics and diagnostics

Firebase Crashlytics helps us detect and fix crashes. Crash reports may include technical details such as device model, iOS version, app version, timestamps, stack traces and diagnostic state. We do not intentionally log symptom details, AI question text, photographs, treatment notes, contact names, email addresses, Apple identifiers, invite codes or other health content into Crashlytics.

7. Authentication and account deletion

If you use signal sharing or online features, you may sign in using Sign in with Apple and Firebase Authentication. We use this to create a Firebase user ID and to associate Firestore signal-sharing records with your account.

Where the App provides an account deletion function, we will use reasonable efforts to delete your Firebase Authentication account and Firestore records controlled by the App and associated with your signal-sharing profile, links, invites, signals and any AI-improvement records stored by the App for that account. Local data may need to be cleared separately using the local clear-data function where available, or by uninstalling the App.

Deletion does not necessarily remove data already exported, shared with another person, stored locally unless separately cleared, retained in backups or logs for a limited period, retained by third-party providers under their own terms, or retained where required for legal, security or abuse-prevention reasons. We do not promise deletion of data outside our control.

8. AI feature, app-context mode and AI-improvement review

The Intelligence feature uses Firebase AI Logic / Google to generate responses. AI output is generated automatically and may be inaccurate, incomplete or unsuitable for your circumstances. It is not medical advice, diagnosis or treatment.

The App is intended to offer at least two AI modes. “Ask without app context” sends only the typed AI question and necessary technical request data. “Use app context” sends the typed AI question plus a minimised app-context summary, but only after you opt in to this context-aware processing.

The minimised app-context summary may include treatment status, recent symptom pattern, recent symptoms as broad categories, concern level, contact-risk estimate, contact-risk sharing status, region and other non-identifying app-state categories relevant to the response. The App is not intended to send photographs, names, email addresses, Apple identifiers, contact names, invite codes, free-text notes or full raw logs to Firebase AI in the current version.

AI-improvement review is separate from using the AI feature. If you explicitly opt in to AI-improvement review, the App may store and review your AI questions, AI responses and selected minimised app context to improve AI quality, safety, reliability and feature performance. This may include health-related information. You can use the AI feature without allowing AI-improvement review.

If you do not opt in to AI-improvement review, the App is not intended to store your AI conversation for product-improvement review. Firebase AI / Google may still process your request to generate a response and may process operational, safety, security, logging or legal-compliance data under applicable Firebase/Google terms and settings.

Firebase AI monitoring or prompt/response tracing is intended to be configured so that prompt/response content is not sampled or reviewed for users who have not opted in to AI-improvement review. If monitoring is used for opted-in users, it should be disclosed and limited to the minimum needed for improvement and safety review.

The App may offer a “Clear chat” control to remove the visible or locally held chat from the App. Clearing chat removes content controlled by the App; it does not necessarily delete information already processed by Firebase AI / Google for earlier response generation, safety, security, logging, service delivery or legal purposes.

9. Notifications

The App may use local notifications and/or Firebase Cloud Messaging. You can control notification permission through iOS Settings. Notification data should not contain detailed health information unless clearly explained and necessary for the notification you request.

10. Sharing with third parties

• Apple: Sign in with Apple, App Store/TestFlight, StoreKit and device-level permissions.
• Google/Firebase: Authentication, Firestore, AI Logic, App Check, Analytics, Crashlytics and Messaging as described above.
• External health-resource websites: if you tap a link to NHS, CDC, WHO, DermNet or similar resources, that website receives your request and handles data under its own policy.
• User-controlled exports/shares: if you export a PDF, send a coordinator message or share information outside the App, that information is handled by the recipient/app you choose.
• Legal/safety disclosures: we may disclose limited information where required by law or to protect rights, safety, security or prevent abuse.

We do not sell personal data. We do not currently serve advertising. If advertising or AdMob is added later, this policy and any required consent flows must be updated before launch of that feature.

11. International transfers

Cloud Firestore is configured with a europe-west2 (London) database location. Some Firebase/Google services, Apple services, analytics, crash reporting, AI processing, support or security processing may involve processing in other countries. Where required by applicable law, transfers are handled using safeguards or transfer mechanisms used by the relevant provider. Nothing in this policy creates responsibilities beyond those imposed by applicable law.

12. Retention

• Local data remains on your device until you delete it, clear app data or uninstall the App.
• Firestore signal-sharing data remains until you delete your account, remove links/invites/signals where supported, or until it is deleted under our operational processes, subject to legal, security, abuse-prevention, backup and technical limitations.
• AI chat history is not stored by the App in Firestore for ordinary AI use in the current version, unless you opt in to AI-improvement review.
• AI-improvement records, where you explicitly opt in, may be retained for up to 12 months and then deleted or anonymised unless a shorter period is required or you delete your account earlier.
• Crashlytics and Analytics data are retained according to Firebase/Google retention settings and operational requirements.
• Backups, logs and provider-retained records may persist for a limited period after deletion where technically necessary, legally required, or maintained by a third-party provider under its own lawful retention practices.

13. Your rights

Subject to applicable law, conditions and exemptions, you may have rights to request access, correction, deletion, restriction, objection, portability and withdrawal of consent where processing is based on consent. Nothing in this policy is intended to create rights beyond those required by applicable law.

For local-only data, you can usually control the data directly by editing or deleting it in the App, using local clear-data functions where available, or uninstalling the App. For account and Firestore data controlled by the App, use the in-app delete-account function where available or contact us.

You can withdraw optional Analytics consent, AI-context consent and AI-improvement review consent in the App’s settings where implemented. Withdrawal does not affect processing that occurred before withdrawal. Where technically and legally possible, future optional collection for that purpose should stop. Account deletion is subject to the limitations described in this policy.

14. Security

We use reasonable technical and organisational measures appropriate to a small pre-release app, including iOS sandboxing, platform security, Firebase security features, Firestore security rules and App Check. No system is completely secure. You are responsible for protecting your device, passcode, Apple account and any exported files or messages.

15. Children

The App is intended for users aged 16 and over. Users under 16 must not use the App. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data, contact us.

16. Changes to this policy

We may update this policy to reflect app, legal or technical changes. Updated versions may be made available in-app, through TestFlight/App Store release notes, or by another reasonable method. If a change materially expands optional processing such as Analytics, advertising or AI-improvement review, we will request any new consent required by applicable law.

17. Contact and complaints

Contact: Harry Roderick Johannes Spiller, hrjs781@icloud.com.

If you are in the UK, you may complain to the Information Commissioner’s Office where applicable. We ask that you contact us first where possible so we can try to resolve the issue. This policy does not create complaint or remedy rights beyond those required by applicable law.