Privacy Policy

1. Introduction

SteadyTrack ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our educational tracking platform designed for Alberta high school students.

We built SteadyTrack with privacy as a core principle. We don't sell your data, we don't use ads, and we only collect what's necessary to provide you with a personalized study tracking experience.

2. Information We Collect

2.1 Local Browser Data

SteadyTrack does NOT collect or store any personal information on our servers. All data you create stays on your device in your browser's localStorage:

• Your study plan (subjects, grade level, duration, dates)
• Your study progress (which units you've completed)
• Your study streaks (days studied, longest streak, current streak)
• Your resource completion tracking
• Your infinite learning session progress
• Your quick check activity

This data is stored locally using keys prefixed with steadytrack:v1: and remains entirely on your device. We cannot access, view, or retrieve this data.

2.2 No Account Required

SteadyTrack does not require account creation or authentication:

• No email address required
• No passwords or credentials
• No sign-up or login process
• No user identifiers stored on our servers

2.3 Analytics Data

We collect minimal, anonymized analytics to improve SteadyTrack:

• Vercel Analytics (third-party): anonymized page views and basic device info (e.g., pages visited, browser type/version, device type, country/region). No cookies are used and this data cannot identify individual users.

We do NOT collect any personal usage data. Your study activity, progress, and streaks are stored locally on your device only and are never transmitted to our servers.

2.4 Error, Performance, and Session Replay Data

We use Sentry to help us detect, investigate, and fix errors and performance issues. When an error occurs, Sentry may collect details such as error messages, stack traces, page URLs, timestamps, basic device and browser information, and approximate location derived from IP address. We also use Sentry Session Replay on a sampled basis to see how the app behaved around errors to improve reliability.

• Session Replay sampling: approximately 10% of sessions are captured; sessions with errors may be captured at a higher rate.
• What Replay can capture: page content, clicks, scrolls, navigation, and UI state. Sentry masks form inputs by default, and we take care to minimize personal data in error contexts; however, visual content shown on screen may appear in a replay.
• PII scrubbing: we proactively redact common identifiers (e.g., emails, tokens) from logs and contexts where feasible before sending to Sentry.
• No advertising use: error, performance, and replay data are used solely to improve the service and are not sold.

2.5 Rate Limiting Identifiers

To protect the service from abuse, we enforce rate limits using Upstash Redis. For this purpose, we temporarily process identifiers derived from your IP address together with the API path you are calling. These identifiers are used solely to count requests and are retained only for the rate limit window.

2.6 Cookies and Local Storage

SteadyTrack uses localStorage to save your data:

• No cookies: SteadyTrack does not set any cookies for authentication, tracking, or any other purpose.
• Anonymized analytics: Vercel Analytics does not set cookies.
• Local storage: All your study data (plan, progress, streaks) is stored in your browser's localStorage with keys prefixed with steadytrack:v1:. This data remains on your device and can be cleared at any time from your browser settings or from within the app.

Because we don't use cookies or authentication, you can use SteadyTrack immediately without any cookie consent banners or account setup.

3. How We Use Your Information

Because SteadyTrack is local-first with no server-side user data storage, we do NOT use your personal information. Your study data (plan, progress, streaks) stays on your device and is never transmitted to our servers.

We use anonymized, aggregated data from Vercel Analytics and Sentry solely to:

• Understand how users navigate the platform
• Detect and fix errors and performance issues
• Improve the user experience and platform stability

We will never:

• Sell your data to third parties
• Use your data for advertising or marketing
• Share your data with schools or educational institutions
• Track you across other websites or apps
• Link your study activity to your identity

4. How We Store and Protect Your Data

4.1 Local-First Data Storage

All your personal study data (plans, progress, streaks) is stored exclusively in your browser's localStorage on your device. We do NOT store any personal study data on our servers or in any cloud database.

What this means for you:

• Your data never leaves your device
• We cannot access, view, or retrieve your study data
• You have complete control over your data
• Works offline after curriculum content is cached

4.2 Security Measures

• All network traffic uses HTTPS encryption to protect data in transit
• Curriculum content is fetched anonymously from Supabase (no authentication required)
• No authentication or session tokens means no risk of account compromise
• Your localStorage data is protected by your browser's same-origin policy

4.3 Data Retention

Your study data persists in your browser's localStorage until you explicitly clear it. You can clear your data at any time by:

• Clearing your browser's localStorage for this site
• Using your browser's "Clear browsing data" feature
• Deleting your plan from within the app (if we implement this feature)

We recommend exporting your data periodically as a backup in case you accidentally clear your browser data.

5. Third-Party Services

SteadyTrack uses the following third-party services:

5.1 Vercel Analytics

We use Vercel Analytics for anonymized usage statistics. Vercel does not use cookies and does not track users across sites. Learn more: https://vercel.com/docs/analytics/privacy-policy

5.2 Supabase (Content Hosting Only)

We use Supabase exclusively for anonymous, read-only access to curriculum content (microcards and educational materials). Supabase does NOT store any personal user data for SteadyTrack. All queries are anonymous and do not require authentication.

Supabase's Privacy Policy: https://supabase.com/privacy

5.3 Sentry (Error Tracking & Session Replay)

We use Sentry to monitor errors and performance, and to collect sampled session replays to help diagnose issues. Sentry may process error details, event metadata (e.g., user agent, URL), and replay data as described in section 2.5. Learn more in Sentry's Privacy Policy: https://sentry.io/privacy/

5.4 Upstash Redis (Rate Limiting)

We use Upstash Redis to enforce rate limits and protect against abuse. Upstash stores request counters and identifiers (e.g., IP address combined with the API path) for the duration of the rate limit window. Upstash's Privacy Policy: https://upstash.com/legal/privacy

6. Your Rights and Data Control

Because SteadyTrack stores all your data locally on your device, you have complete control over your personal information:

6.1 Access and Viewing

Your data is always accessible to you through the app. You can view your study plan, progress, and streaks anytime from your dashboard. All data is stored in your browser's localStorage under keys prefixed with steadytrack:v1:.

6.2 Modification

You can modify your study plan and update your progress directly through the app interface. Changes are immediately reflected in your localStorage.

6.3 Deletion and Clearing Data

You can clear your SteadyTrack data at any time by:

• Using your browser's "Clear browsing data" or "Clear storage" feature for this site
• Clearing localStorage for steadytrack.com in your browser's developer tools

Note: Clearing your data is permanent and cannot be undone. We do not store backups of your data on our servers.

6.4 Data Portability

Your data is stored in standard JSON format in localStorage. You can manually export it using your browser's developer tools if needed. We may add an export feature in the future for easier data backup.

7. Children's Privacy

SteadyTrack is designed for high school students (typically ages 14-18). We do not knowingly collect information from children under 13. If you are under 13, please do not use SteadyTrack or provide any information.

If we learn that we have collected personal information from a child under 13, we will delete that information as quickly as possible. Parents who believe we may have information about a child under 13 should contact us at contact@steadytrack.ca

8. International Users

SteadyTrack is designed for students in Alberta, Canada. Because all your personal data is stored locally on your device, there is no data transfer to servers in any jurisdiction. Curriculum content is served from Supabase (hosted in Canada) via anonymous queries.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will post a prominent notice on the platform.

Your continued use of SteadyTrack after changes are posted constitutes your acceptance of the updated Privacy Policy. We recommend checking this page periodically for updates.

10. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

• Email: contact@steadytrack.ca
• Service: SteadyTrack
• Created by: Samuel Kahessay