Privacy Policy for CoachingTrackr

As of: January 19, 2026

Summary (TL;DR)

Your data stays on your devices (local + optional iCloud)

Health data is end-to-end encrypted

No sharing with third parties

No tracking, no advertising

You have full control over your data

Exportable and deletable at any time

1. Data Controller

Responsible for data processing:

Ralf Rückert

Johannes-Gutenberg-Str. 4d, 61118 Bad Vilbel, Germany

privacy@reficio.de

2. Data Processing Principles

CoachingTrackr was developed to protect your data as best as possible. We adhere to the following principles:

Privacy by Design

Data protection is an integral part of the app

Data Minimization

We only collect necessary data

Local Storage

All data remains on your devices

No Sharing

Your data is not shared with third parties

No Tracking

We do not track your usage behavior

End-to-End Encryption

Sensitive health data is encrypted

3. Types of Data Collected

3.1 Personal Data of Your Clients

CoachingTrackr allows you to manage the following data of your clients:

  • •Master data: First name, last name, date of birth, photo
  • •Contact data: Email addresses, phone numbers, addresses
  • •Financial information: Bank details (IBAN), invoice data
  • •Coaching data: Session notes, goals, tasks, progress
  • •Documents: PDFs, images and other files you upload

3.2 Health-Related Data (special categories under Art. 9 GDPR)

  • •Intake questions and answers: Health status, emotional state, medication, therapy history, addiction behavior, stress levels, sleep, nutrition
  • •Diagnostic notes: Health notes you create

Special Protection: This data is stored with end-to-end encryption based on your Apple ID. Even we as developers cannot read this data.

3.3 Organization Data

  • •Company data of your business partners
  • •Employees

3.4 Technical Data

  • •Calendar synchronization: Access to your system calendar (only with your permission)
  • •Contact import: Access to your Contacts app (only with your permission)
  • •Biometric authentication: Face ID/Touch ID (only locally on device)
  • •TestFlight detection: To unlock features during beta phase
4. Purpose of Data Processing

All data is processed exclusively for the following purposes:

  1. Coaching management: Organization of your clients and sessions
  2. Appointment scheduling: Management of coaching appointments
  3. Business management: Invoicing, quotation creation
  4. Documentation: Storage of coaching progress and notes
  5. App functionality: Provision of all app features

No other purposes - Your data is NOT used for:

  • Advertising or marketing
  • Sale to third parties
  • Profiling or automated decisions
  • Tracking or analytics
  • Transfer outside the EU
5. Legal Basis for Processing

The processing of your data is based on:

5.1 Consent (Art. 6 para. 1 lit. a, Art. 9 para. 2 lit. a GDPR)

  • •Calendar access: You grant permission on first launch
  • •Contact import: You grant permission during import
  • •Face ID/Touch ID: You grant permission upon activation
  • •Health data: By using the intake function, you give your explicit consent to process special categories of personal data

5.2 Contract fulfillment (Art. 6 para. 1 lit. b GDPR)

  • •Provision of app features according to terms of service

5.3 Legitimate interest (Art. 6 para. 1 lit. f GDPR)

  • •Ensuring app security
  • •Technical troubleshooting
6. Data Storage and Security

6.1 Storage Location

Your data is stored:

  1. Locally on your device: Encrypted database
  2. iCloud Private Database (optional)
  • •Container: iCloud.com.reficio.coachingtrackr
  • •Only accessible to your Apple Account
  • •Encrypted during transmission and storage
  • •Server location: Apple data centers (EU for EU users)

6.2 End-to-End Encryption

Intake and diagnostic data are protected with end-to-end encryption:

  • •Encryption occurs on your device
  • •Key is based on your Apple ID (ubiquityIdentityToken)
  • •Uses AES-256-GCM encryption
  • •Even Apple and we as developers cannot decrypt this data

6.3 Transport Encryption

All data transfers occur via:

  • •HTTPS/TLS for network connections
  • •CloudKit encryption for iCloud sync

6.4 Device Lock

Optionally, you can lock the app with Face ID/Touch ID:

  • •Biometric data never leaves your device
  • •Authentication occurs only locally
  • •We have no access to biometric data
7. Data Sharing

7.1 No Sharing with Third Parties

CoachingTrackr does not share any data with third parties. No data is transmitted to:

  • Advertising networks
  • Analytics services
  • Data brokers
  • Social networks
  • Other companies

7.2 Apple iCloud (Data Processor)

When using iCloud synchronization, Apple acts as a data processor:

  • •Data processor: Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA
  • •Legal basis: Art. 28 GDPR
  • •Data protection level: Apple is certified under the EU-U.S. Data Privacy Framework
  • •Contract: Apple iCloud Terms of Service
  • •Your control: You can disable iCloud sync at any time
8. Storage Duration

8.1 User-Controlled Storage

All data is stored indefinitely until you delete it yourself

8.2 Soft-Delete Function

Deleted data is initially only marked (Soft Delete):

  • •Trash function: 30 days retention
  • •Permanent deletion: After 30 days or upon manual request
9.-14. Additional Information

9. Your Rights as Data Subject

Under GDPR, you have the following rights:

9.1 Right to Access (Art. 15 GDPR)

All your data is viewable in the app

9.2 Right to Rectification (Art. 16 GDPR)

You can edit all data at any time in the app

9.3 Right to Erasure (Art. 17 GDPR)

You can delete all data at any time in the app

9.4 Right to Data Portability (Art. 20 GDPR)

Export as PDF or JSON possible

14. Contact

For questions about data protection or to exercise your rights:

Ralf Rückert

Johannes-Gutenberg-Str. 4d, 61118 Bad Vilbel, Germany

privacy@reficio.de

© 2026 Ralf Rückert. All rights reserved.

We respect your privacy

We use cookies to improve your experience and optimize our service. You can adjust your settings at any time.