Privacy Policy

Last updated: June 2, 2026

Stack (the “App”, “we”, “us”, “our”) is an independently developed application. Questions: hello@trackyourstack.app.

The short version

Stack is local-first. Your data lives on your device, in an encrypted database.
We have no servers, no accounts, and no logins. We never receive your data.
We do not run analytics, show ads, track you, or sell or share your personal or health information.
Data only ever leaves your device when you choose — e.g. when you create a backup file or share a stack code and send it somewhere yourself.
Label scanning runs on your device; the App does not upload your photos.

1. Scope

This policy covers the Stack mobile application. It does not cover any third-party service you choose to send your data to (for example, a cloud drive where you save a backup).

2. What the App stores on your device

Everything you enter is stored locally on your device, including:

Compounds/medications, doses, units, titration ladders, schedules, and reminders;
Injection sites and rotation history;
Vial/supply amounts and projections;
Bloodwork/lab results, weight entries, side effects, and notes;
Adherence history, streaks, titles/milestones, and app settings.

This is held in an encrypted on-device database (SQLCipher). The encryption key is stored in your device’s secure storage (Android Keystore). We do not have a copy and cannot access it.

3. What we do NOT collect

Because we operate no servers and no accounts, we do not collect, receive, or store:

Your identity, email, or login (there is no sign-up);
Your health or medication data;
Analytics, usage tracking, advertising identifiers, or crash logs;
Your location, contacts, or advertising/device identifiers.

The App does not transmit your personal or health data to us or to any third party for our benefit.

4. Camera and photos (label scanning)

The “Scan a label” feature uses your camera, or a photo you choose, and reads the text entirely on your device using Google’s ML Kit on-device text recognition. The image is processed locally to pre-fill fields. The App does not upload your photos, and it does not save the image after reading it.

5. Backups and sharing — you’re in control

Backups: You can create an encrypted backup file protected by a password you choose. The App writes the file and hands it to your device’s share sheet so you can save it wherever you like. Once you send it somewhere, that destination’s own terms apply. We never receive your backup, and we cannot recover your backup password — keep it safe.
Stack sharing: Stack-share codes/QR are encrypted and shared directly by you with whoever you choose. Nothing passes through our servers (we have none).

6. Notifications

Dose reminders are local notifications generated and shown on your device. They are not sent through any server.

7. Permissions the App may request, and why

Notifications / exact alarms — to deliver your dose reminders on time.
Camera — only when you use “Scan a label.”
Photos / media — only when you pick a label image or save/share a backup file.
Biometric / device credential — only if you enable the optional app lock; this is handled by your operating system and we never receive your biometrics.

You can grant or revoke these in your device settings; some features won’t work without them.

8. Third-party components

Google ML Kit (on-device text recognition) — runs locally for label scanning; the App does not send your images to Google.
Your operating system, and any app you choose to receive a shared backup or stack code.

We do not integrate advertising, analytics, or tracking SDKs.

9. How your data is protected

On-device database encryption (SQLCipher); key stored in your OS secure storage;
Optional biometric/PIN lock to open the App;
Backup files are encrypted with your password before they leave the App.

No system is perfectly secure; you are responsible for securing your device and your backups.

10. Keeping and deleting your data

Because everything is local, you control retention. You can:

Delete individual entries in the App;
Use Settings → wipe all data to erase everything (irreversible);
Uninstall the App to remove its data from your device.

We hold nothing to delete on our side.

11. Children

Stack is intended for adults (18+) and is not directed to children. We do not knowingly collect data from anyone (we don’t collect data at all). If you are under 18, do not use the App.

12. Your privacy rights (GDPR / UK GDPR / CCPA-CPRA and similar)

Because your data stays on your device and we don’t collect it, you can exercise rights such as access, correction, deletion, and portability directly in the App (view, edit, export via backup, or wipe). We do not “sell” or “share” personal information as those terms are defined under U.S. state laws, and we do not process it on servers. Questions about your rights: contact us at the email above.

13. International users

The App runs locally on your device wherever you are; we do not transfer your data across borders because we never receive it.

14. Changes to this policy

We may update this policy as the App changes. If an optional cloud feature is ever added, we will describe it here and update the app stores’ data-safety information before that release. Material changes are reflected by the “Last updated” date.

15. Contact

Stack — hello@trackyourstack.app

← Back to Stack