Last updated: June 5, 2026
This Privacy Policy explains how personal data is collected and processed when you use the TrackerSuite ecosystem, including the website, the web application at trackersuite.app, and related mobile applications such as BodyTracker.
TrackerSuite is designed to give users control over their body metrics, fitness progress, nutrition-related logs, account data, and optional AI-assisted features. Some features can be used locally on your device, while other features require a TrackerSuite Cloud Account.
Data Controller under GDPR:
Noah Schweizer
c/o Impressumservice Dein-Impressum
Stettiner Straße 41, 35410 Hungen, Germany
Email: contact@noahschweizer.com
You may also use the email address above for privacy-related requests, including access, correction, deletion, restriction, portability, objection, and withdrawal of consent.
Depending on how you use TrackerSuite, we may process the following categories of data:
We process personal data only where a legal basis under the GDPR applies:
Body weight, body fat percentage, body measurements, fitness values, nutrition-related logs, and similar information may qualify as health data and therefore as special category data under Art. 9 GDPR. We treat this data as sensitive.
If you use the iOS app without creating a TrackerSuite Cloud Account, your health and body data remains on your device unless you explicitly choose otherwise. With your permission, the app may read from or write to Apple Health / HealthKit, for example weight, body fat, step count, active energy, or similar metrics.
HealthKit permissions are controlled by you through iOS. You can grant, deny, or revoke these permissions at any time in the iOS Health app or system settings. HealthKit data is not used for advertising, is not sold, and is not shared with data brokers.
If you create a TrackerSuite Cloud Account and enable cloud-based features, your health, body, progress, and nutrition-related data may be transmitted to and stored in our cloud infrastructure so that you can access it across devices and through the web dashboard. This processing is based on contract performance under Art. 6(1)(b) GDPR and, where health data is involved, on your explicit consent under Art. 9(2)(a) GDPR.
TrackerSuite may include nutrition-related features, estimations, calculations, image-based food recognition, and AI-assisted functionality. These features are intended for logging, convenience, and estimation only.
Nutrition values, calorie estimates, macro estimates, body fat estimates, AI-generated responses, and similar outputs may be inaccurate or incomplete. They are not medical advice, nutritional advice, diagnosis, treatment, or a substitute for professional guidance.
AI-assisted features are optional and are only available when you create and use a TrackerSuite Cloud Account. If you do not use AI-assisted features, your prompts or AI requests are not sent to an AI provider.
TrackerSuite uses OpenRouter as a technical provider for optional LLM / AI-assisted features. OpenRouter provides access to different AI models through a unified API and may route requests to selected third-party model providers.
When you actively use an AI-assisted feature, the content necessary to process your request may be transmitted to OpenRouter and, depending on the selected model or routing configuration, to the relevant model provider. This may include your prompt, selected context, generated response, model name, token usage, timestamps, and technical request metadata.
We do not automatically send your entire TrackerSuite account, full health history, full nutrition history, payment details, or unrelated personal data to OpenRouter. Only the data necessary for the specific AI request is sent.
Because TrackerSuite involves health, body, and nutrition-related data, you should avoid entering information into AI features that you do not want to be processed by an external AI provider. If an AI request includes health-related or nutrition-related information, that information may qualify as sensitive data under Art. 9 GDPR.
The legal basis for optional AI processing is contract performance under Art. 6(1)(b) GDPR, because the AI feature is provided at your request. Where AI requests include health-related data or other special category data, processing is based on your explicit consent under Art. 9(2)(a) GDPR.
OpenRouter and downstream model providers may have their own logging, abuse prevention, security, and retention rules. Where technically and commercially reasonable, we may configure AI requests to reduce retention, restrict provider routing, or use providers with stronger privacy settings. However, no AI provider should be treated as a private medical professional or confidential health advisor.
We use carefully selected service providers to operate TrackerSuite. These providers process data only as necessary to provide their services to us and, where required, under data processing agreements.
You may be able to sign in using email authentication, Sign in with Apple, or Google login. When you use a third-party login provider, that provider may process your data according to its own privacy policy and terms.
We receive only the information necessary to create and maintain your TrackerSuite account, such as your email address, provider user ID, and authentication status.
Depending on where you purchase a subscription, payment processing is handled either by Apple or by Stripe.
Payment and invoice data may be retained as long as required for tax, accounting, chargeback, and legal compliance purposes.
We use privacy-conscious analytics and diagnostics to understand product usage, detect bugs, improve reliability, and maintain security. We do not send your health data, body metrics, nutrition logs, personal notes, private progress entries, or AI prompt content to analytics providers.
Analytics and telemetry are used to improve the service and are not used to create advertising profiles based on health data.
Some of our service providers or their sub-processors may be located outside the European Economic Area, including in the United States. This may include providers involved in hosting, authentication, payments, email delivery, analytics, and optional AI / LLM processing.
Where personal data is transferred to countries without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses, data processing agreements, technical security measures, encryption, and transfer risk assessments where required.
Despite these safeguards, data processing in third countries may involve different legal protections than within the European Union.
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law.
You can delete your TrackerSuite Cloud Account from the app or web dashboard. Account deletion is intended to permanently delete your account and associated cloud data, including synced health data, body metrics, progress logs, nutrition logs, AI-related data stored in your TrackerSuite account, and user-generated content, unless retention is legally required.
Deleting your cloud account does not automatically cancel subscriptions managed by Apple or Stripe if they are handled separately by those providers. You may need to cancel active subscriptions through the App Store subscription settings or the Stripe billing portal.
Some residual data may remain temporarily in backups, logs, fraud prevention records, invoices, AI provider logs, abuse prevention records, or legal records where deletion is technically delayed or legally restricted.
Subject to the conditions of the GDPR, you have the following rights:
To exercise your rights, contact us at contact@noahschweizer.com.
If you withdraw consent for processing health-related data in optional AI-assisted features, you may no longer be able to use those AI features with health, body, or nutrition-related context.
TrackerSuite is intended for users aged 16 or older. We do not knowingly collect personal data from children under 16. If you believe that a child under 16 has provided us with personal data, please contact us so that we can take appropriate action.
We use appropriate technical and organizational measures to protect your data, including access controls, encrypted transmission, provider-level security measures, and separation of sensitive data where reasonably possible. No system can be guaranteed to be completely secure, but we work to reduce risks and protect your data responsibly.
We may update this Privacy Policy from time to time, for example when we add new features, change service providers, change AI model providers, introduce or modify AI-based functionality, or adapt to legal requirements. The latest version will always be available on this page. If changes are material, we may notify you through the app, website, or email where appropriate.