TrackLiquid

TrackLiquid Calculator — Privacy Policy

Effective Date: September 28, 2025

This Privacy Policy (“Policy”) is adopted by Iron Sphere Holdings LLC, a California limited liability company, doing business as TrackLiquid (“TrackLiquid,” “we,” “us,” or “our”), and governs your use of the TrackLiquid Calculator mobile and web applications, websites, and related services (collectively, the “Service”).

This Policy is intended to comply with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), California Online Privacy Protection Act (CalOPPA), Virginia Consumer Data Protection Act (CDPA), Personal Information Protection and Electronic Documents Act (PIPEDA), and the Children’s Online Privacy Protection Act (COPPA), each as may be amended from time to time (collectively, the “Applicable Laws”).

By accessing or using the Service, you acknowledge and agree that you have read, understood, and accepted this Policy. This Policy is hereby incorporated by reference into our Terms of Service, and capitalized terms not defined herein shall have the meaning set forth in the Terms of Service.

1) Scope & Definitions

Personal Information (PI) / Personal Data: Information that identifies, relates to, or could reasonably be linked, directly or indirectly, to an identified or identifiable natural person, as defined under Applicable Laws.

Sensitive Personal Information (SPI): Categories of PI designated as sensitive under Applicable Laws, including but not limited to government identifiers, precise geolocation, financial account credentials, health data, racial or ethnic origin, religious or philosophical beliefs, trade union membership, genetic/biometric data, sexual orientation, and contents of communications (as applicable under CPRA and GDPR Art. 9).

Processing: Any operation performed on PI, whether or not by automated means (e.g., collection, recording, storage, alteration, retrieval, use, disclosure, deletion).

Controller / Business: TrackLiquid determines the purposes and means of Processing.

Processor / Service Provider: A third party that processes PI on our behalf under contract.

Targeted Advertising / Sale / Share: As defined by Applicable Laws (terminology and scope may differ by jurisdiction).

2) Information We Collect

We collect only the categories of PI reasonably necessary to achieve the purposes described herein. Notwithstanding the foregoing, we may, from time to time and to the extent permitted by Applicable Law, expand or limit such collection in response to changes in regulatory obligations, security requirements, or functionality of the Service.

  • Account & Contact Information (if accounts exist): name, email, password or auth token, organization (optional).
  • App Usage & Diagnostics: feature interactions, session metadata, performance metrics, crash logs, error traces, in-app event counts, generalized coarse location (derived from IP), device language/locale, OS/app version, device model, timestamps.
  • Device/Network Identifiers: IP address, device IDs/instance IDs, advertising identifiers (if used and permitted), user agent.
  • User-Provided Inputs (Calculator Data): pool dimensions, chemical readings, and related notes you enter. We do not require you to enter names or contact info within calculator fields and we do not link calculator inputs to your identity unless the product explicitly provides accounts/workspaces that you choose to join.
  • Support & Communications: emails/support tickets, in-app feedback, and associated metadata.
  • Cookies / Local Storage / SDK Signals (Web & Mobile): functional cookies/storage for sign-in persistence; analytics and crash reporting SDK events; (if present) consent state.

We do not intentionally collect government IDs, payment card numbers, or biometrics via the calculator. If you submit such data incidentally, we treat it as PI and delete or minimize it.

3) How We Collect It

  • Directly from you: account registration, forms, calculator inputs, support requests.
  • Automatically: app telemetry, diagnostics, and device/network data (via SDKs and logs).
  • From service providers: e.g., crash analytics or hosting platforms that generate technical logs.

In all cases, we rely on lawful bases for such collection, and we require third parties to provide assurances of confidentiality, integrity, and lawful Processing of PI.

4) Why We Collect It (Purposes)

  • Provide the Service: render calculator features, store preferences, maintain sessions.
  • Reliability & Security: prevent abuse; detect/debug issues; monitor availability and performance.
  • Improve & Develop: aggregate analytics to prioritize features and fix bugs.
  • Communications: send essential notices (service changes, incidents); optional product updates with consent or where permitted.
  • Compliance: satisfy legal obligations, enforce Terms, and respond to lawful requests.

No selling of PI. We expressly disclaim any intent to “sell” PI within the meaning of the CCPA/CPRA. If we ever engage in “sale” or “share” of PI or “targeted advertising” as defined by law, we will update this Policy and provide required opt-out controls before doing so.

5) Legal Bases (GDPR / UK GDPR)

Where required, our legal bases include: performance of a contract, legitimate interests (security, product improvement, fraud prevention), consent (where required, e.g., certain analytics/marketing), and legal obligation. We reserve the right to rely on any lawful basis recognized under Applicable Law.

6) Sharing & Disclosure

We disclose PI only as described:

  • Service Providers / Processors: hosting, analytics, crash reporting, authentication, email delivery, content delivery. These parties are contractually bound to use PI only to provide services to us.
  • Business Transfers: in connection with merger, acquisition, financing, or sale of assets (your PI may transfer subject to this Policy).
  • Legal / Safety: to comply with laws or lawful requests; to protect rights, safety, and integrity of users, the public, and the Service.

We do not share PI with data brokers. We do not provide PI to advertisers for their independent use. If we use cross-context behavioral advertising or targeted ads in the future, we will disclose and provide opt-outs.

International transfers are subject to transfer impact assessments and recognized transfer mechanisms (e.g., Standard Contractual Clauses), where required.

7) Cookies, SDKs, and Tracking

  • Functional: sign-in state, load balancing, fraud prevention.
  • Analytics & Diagnostics: page/app performance, crash data, feature usage.
  • Advertising (if enabled in future): would be disclosed here with opt-out links and consent where required.

Do Not Track (CalOPPA): Browsers may send a DNT signal. The industry standard for DNT is not yet uniform. We currently do not respond to DNT signals. Where legally required, we honor Global Privacy Control (GPC) signals as an opt-out of sale/share where those concepts apply.

Where legally required (e.g., under the GDPR’s ePrivacy Directive implementation), we will obtain consent for the placement of non-essential cookies or SDKs.

8) Your Privacy Rights & Choices

Your rights depend on your jurisdiction. We honor requests required by Applicable Law and, where practical, offer similar controls to all users. We respond to verifiable requests within statutory timelines (typically 30–45 days, extendable as permitted). We may decline or limit requests as permitted (e.g., to protect trade secrets, honor legal privilege, or for technical infeasibility).

A. GDPR / UK GDPR (EU/EEA/UK)

Rights to Access, Rectification, Erasure, Restriction, Portability, Objection, and Withdraw Consent (where Processing is based on consent). You may lodge a complaint with an EU/UK supervisory authority. If we rely on legitimate interests, you may object and we will assess compelling grounds.

B. California (CCPA/CPRA)

Rights to Know/Access, Correction, Deletion, and Portability; Right to Opt-Out of Sale/Share of PI and Opt-Out of Targeted Advertising (if applicable); Right to Limit Use/Disclosure of Sensitive PI; Non-Discrimination for exercising your rights.

C. Virginia (CDPA)

Rights to Confirm Processing, Access, Correction, Deletion, Portability, and to Opt-Out of targeted advertising, sale of PI, and profiling for significant effects. Appeal: If we deny your request, you may appeal; we will explain our decision and how to contact the Attorney General if you disagree.

D. Canada (PIPEDA)

Rights to Access and Correction of PI; right to withdraw consent subject to legal/contractual limits.

E. Children

See Section 12 (COPPA). Parents/guardians may review/delete a child’s information and refuse further collection.

How to Submit a Request

Email: privacy@trackliquid.io or use our contact page at /contact. We may need to verify your identity (e.g., email confirmation, matching account signals).

Authorized Agents (CA): If you use an agent, we require proof of authorization and your verification, unless exempt by law.

Virginia Appeals: Email subject line “Privacy Appeal – TrackLiquid” to privacy@trackliquid.io. We will respond within the statutory timeframe.

9) Data Retention

We keep PI only as long as needed for the purposes above, to comply with law, or to resolve disputes. Typical practices:

  • Account data: retained while the account is active; deleted or anonymized within 60 days after closure unless required otherwise.
  • Diagnostics & logs: rotated and retained for approximately up to 180 days, then aggregated/anonymized.
  • Support records: retained for audit/compliance for up to 24 months.

We may anonymize data for legitimate business purposes (e.g., performance benchmarking).

10) Security

We use industry-standard safeguards: TLS in transit, encryption at rest, access controls, least-privilege, secure key management, and routine patching and monitoring. No system is 100% secure. If we detect a security incident affecting your PI, we will notify you and/or regulators as required by law.

11) International Transfers

We may process PI in the United States and other countries with different data protection laws. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses and transfer impact assessments) to protect PI transferred from the EEA/UK/Switzerland.

12) Children’s Privacy (COPPA & Related Laws)

The Service is not directed to children under 13 (or under 16 where a higher age is mandated). We do not knowingly collect PI from children without verifiable parental consent. If you believe a child has provided PI, contact us at privacy@trackliquid.io and we will promptly delete it.

California Minors (Eraser Law): If we permit users under 18 to post content, they may request removal as required by law.

SOPIPA: We do not design the Service for K-12 students; we do not sell student PI or use it for targeted advertising.

13) Third Parties & Service Providers

We rely on vetted providers for hosting, analytics, crash reporting, authentication, email, and content delivery. We require appropriate contractual protections (confidentiality, security, limited purpose). A current list or categories of subprocessors is available upon request or at /subprocessors.

14) Platform-Specific Disclosures (Apple & Google)

Apple (iOS): We maintain a public Privacy Policy URL; disclose data types in App Store Connect; and align with Apple’s Privacy Nutrition Labels. We are responsible for ensuring third-party SDKs comply with Apple’s policies.

Google Play: We provide a public Privacy Policy URL and complete the Data Safety section accurately and keep it current. We are responsible for third-party SDK compliance with Google Play policies.

Where This Policy Is Available: App Store / Play Store listing (Privacy Policy URL), in-app (Settings → Legal / Privacy), and on our website Legal/Privacy page. We also link it contextually wherever PI is collected (e.g., account creation, payment screens if any).

15) Your Controls

  • Access/Export/Edit/Delete: via in-app tools (if available) or by request (Section 8).
  • Marketing Preferences: opt-out links in emails; in-app toggles (where available).
  • Targeted Ads / Sale/Share (if ever enabled): prominent “Do Not Sell or Share My Personal Information” and “Opt-Out of Targeted Advertising” links will be provided.
  • Cookies/SDKs: browser/app settings, OS-level ad settings, and consent tools where required.

16) Do We Sell or Share Your PI? Use Targeted Ads?

Today: We do not sell PI and do not share PI for cross-context behavioral advertising. We do not use targeted advertising within the TrackLiquid Calculator.

If that changes: we will update this Policy, the app settings, our store disclosures, and provide legally required opt-out mechanisms before any such Processing begins.

17) Changes to This Policy

We may update this Policy from time to time. We will post updates with a new Effective Date and, where required, provide prominent notice (in-app banner, email, or modal). Material changes will become effective after notice as required by law.

18) Contact, Controller & Representatives

Controller: Iron Sphere Holdings LLC (DBA TrackLiquid)

Email: privacy@trackliquid.io

Postal: Los Angeles, CA, USA (We will publish our full registered business address here upon finalization; you may request it at the email above.)

EU/UK Representatives (if required): Not currently appointed. If and when appointed pursuant to GDPR/UK GDPR Art. 27, we will update this Policy with representative contact details.

Data Protection Officer (if appointed): Not currently appointed. If appointed, we will update this Policy.

19) Region-Specific Addenda (Summaries)

California (CCPA/CPRA): Rights to know/access, correction, deletion, portability; opt-out of sale/share; limit use of SPI; non-discrimination. Methods to submit: email/web form (Section 8). Categories collected may include: identifiers; internet/network activity; geolocation (coarse via IP); in-app events; device info; support communications. Sensitive PI is not required by the calculator; if provided incidentally, we minimize and restrict use.

Virginia (CDPA): Rights to confirm, access, correct, delete, portability; opt-out of targeted ads/sale/profiling; appeal process (Section 8). We currently do not sell PI or use targeted ads.

GDPR/UK GDPR: Controller, purposes, legal bases (Section 5), transfers (Section 11), retention (Section 9), rights (Section 8), DPO/rep where applicable (Section 18).

Canada (PIPEDA): Consent-based Processing; access and correction rights; contact (Section 18).

20) Notice of Financial Incentives (CCPA/CPRA)

We do not currently offer programs, discounts, or other price/service differences in exchange for personal information. If we introduce a financial incentive program in the future (for example, a discount or beta access in exchange for an email address or feedback), we will:

  • Provide a clear description of the material terms of the program at the point of enrollment, including the categories of PI involved and how it is used;
  • Explain how the program is reasonably related to the value of consumers’ data to us, as required by the CPRA;
  • Obtain your prior, opt-in consent, which you may revoke at any time; and
  • Provide methods to withdraw from the program and to exercise your privacy rights without penalty.

21) Governing Law & Venue

This Policy shall be governed by and construed in accordance with the laws of the State of California, United States of America, without regard to conflict of laws principles. Any disputes arising hereunder shall be subject to the exclusive jurisdiction of the state and federal courts located in Los Angeles County, California, unless otherwise required by Applicable Law.

22) Severability & Entire Agreement

If any provision of this Policy is held unlawful, void, or unenforceable, such provision shall be deemed severable and shall not affect the validity and enforceability of any remaining provisions. This Policy, together with our Terms of Service, constitutes the entire agreement with respect to privacy practices relating to the Service.

Hosting: This Policy is hosted on a public, non-geofenced URL and linked in the Apple App Store / Google Play Console and in-app Settings → Legal → Privacy. We also provide contextual links near data collection points. Third-party SDKs are disclosed in platform forms (Apple Privacy Nutrition Labels / Google Play Data Safety) and reviewed for compliance.