Privacy Policy

Last updated: May 21, 2026

1. Introduction

Welcome to PolicyTracker (referred to as "the App" or "PolicyTracker.online"). This Privacy Policy explains how we handle your data when you use our application. Because of our unique "zero-backend" architecture, we do not collect, store, or process any of your personal data on our servers.

2. Data Collection and Storage

PolicyTracker acts solely as a client-side interface between your browser and your personal Google Account. All data you enter into PolicyTracker (including family member profiles, insurance policy details, premium information, and payment histories) is stored directly in a Google Sheet hosted entirely on your personal Google Drive account.

Except for aggregate, anonymous usage tracking (detailed in Section 6), we do not operate any databases, analytics servers, or backend storage systems that hold or process your private information. Your personal data remains entirely in your possession.

3. Use of Google APIs (Data Accessed)

Our app requires explicit authorization to interact with your Google Account. We access and interact with the following specific types of Google User Data:

Google Profile Data (scopes: openid, profile, email): We access your basic profile information (such as your full name, email address, and profile photo URL) solely to display them within the application header to confirm which Google Account is currently signed in.
Google Drive Files (scope: https://www.googleapis.com/auth/drive.file): We create and manage a dedicated folder named "PolicyTracker_Data" (including a subfolder named "Documents" and a spreadsheet database named "PolicyTracker_Data") inside your Google Drive. This permission is used exclusively to save your policy lists, member information, premium payments, and to securely upload and store PDF/image policy documents that you choose to attach. We cannot access, view, or modify any other files or folders in your Google Drive.

PolicyTracker's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. Data Storage & Protection Practices

Since PolicyTracker is fully serverless, we implement the following practices to store and protect your data:

Infrastructure Security: Because all your data is stored directly in your Google Drive and Google Sheets, it is protected by Google's own enterprise-grade security infrastructure. This includes advanced encryption at rest and in transit, multi-factor authentication (2FA), and Google's threat protection systems.
No External Transmission: Your data is never transmitted to, stored on, or shared with PolicyTracker developers or any third-party servers. All communications occur directly and securely between your browser and Google's official API endpoints.
Local Caching: Your Google OAuth access token and session metadata are temporarily cached in your browser's local storage (localStorage) to maintain your login session so you don't have to authenticate every time you open the app. This local data is immediately and permanently deleted when you click the "Sign Out" button or run the "Wipe Data" utility.

5. Data Sharing and Third-Party Transfer

Because we do not collect or possess your private insurance data, we cannot and do not share, sell, or distribute your data to any third parties or advertising networks. Your private documents and database remain entirely within your personal Google Account ecosystem.

6. Third-Party Analytics

To help us understand application usage, monitor traffic, and optimize performance, PolicyTracker utilizes Google Analytics 4 (GA4) and Microsoft Clarity.

These tools collect anonymous, aggregate data regarding how users interact with the App (such as page views, clicks on call-to-action buttons, or scroll depth). Important Privacy Clarifications:

Landing Page Only Tracking (Clarity): Microsoft Clarity is loaded exclusively on our public landing and marketing pages (such as the homepage, privacy policy, and terms of service). It is strictly blocked and never loaded on the dashboard panel (app.html), ensuring that your private data is never captured, recorded, or transmitted.
No Private Data Access: Neither analytics tool has access to, or tracks, any of your private insurance policies, sum assured coverages, family member names, notes, uploaded PDF/image documents, or Google Account credentials.
Event Anonymization (GA4): In-app dashboard events (such as adding a member, saving a policy type, or recording a payment) are logged solely as generic event counts (e.g., "a policy was added" or "a payment was confirmed") without any associated personal identifiers or confidential data values.
Opt-Out: Analytics tags utilize cookies or local browser identifiers. You can opt out of tracking by using browser add-ons (such as the Google Analytics Opt-out Browser Add-on) or by managing cookie permissions in your browser settings.

7. Revoking Access and Data Deletion

You have full control over your data and access permissions:

You can revoke PolicyTracker's access to your Google Account at any time by visiting your Google Account settings page (Security > Third-party apps with account access). Revoking access will not delete your data, as your Google Sheet and uploaded policy documents will remain safely in your personal Google Drive.
If you wish to delete your data completely, you can delete the "PolicyTracker_Data" folder and spreadsheet directly from your Google Drive account, or click the "Wipe Data" button inside the App's settings tab.

8. Contact Us

If you have any questions about this Privacy Policy, please contact us via email at jaynesh1701+appsupport@gmail.com.