← Back to TrackRank

Privacy Policy

Last updated: February 2026

1. Who we are

TrackRank is a mobile-first athletic performance tracking application designed for decathlon athletes, coaches, and followers. This policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).

2. What data we collect

  • Account data: your email address (used for authentication via magic-link sign-in).
  • Athlete profile data: athlete names, dates of birth, nationalities, and World Athletics athlete IDs.
  • Competition results: competition names, dates, scores, event performances, finish positions, and ranking categories.
  • Watchlist data: athletes you follow, including their names, nationalities, and ranking information.
  • Consent records: timestamps of when you agreed to this privacy policy.

3. Legal basis for processing

  • Consent (Art. 6(1)(a) GDPR): you provide explicit consent when signing in and agreeing to this policy.
  • Legitimate interest (Art. 6(1)(f) GDPR): processing publicly available athletic data from World Athletics for the purpose of providing a coaching and performance tracking tool.
  • Contract performance (Art. 6(1)(b) GDPR): processing necessary to provide you with the TrackRank service.

4. How we use your data

We use your data to:

  • Authenticate your account and maintain your session.
  • Display athlete profiles, competition results, and rankings.
  • Calculate ranking scores and performance projections.
  • Manage your watchlist of followed athletes.

5. Third-party processors

We use the following third-party services to operate TrackRank:

  • Resend — email delivery for magic-link authentication. Processes your email address only.
  • Supabase — database hosting (PostgreSQL). Stores all application data. Servers located in the EU.
  • Vercel — application hosting and deployment.

6. Data retention

We retain your data for as long as your account is active. When you delete your account, all associated data (athlete profiles, competition results, watchlist entries, and session data) is permanently removed from our systems. Backup copies may persist for up to 30 days before being automatically purged.

7. Your rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15): request a copy of all personal data we hold about you. Use the “Export My Data” feature in the app menu.
  • Right to erasure (Art. 17): delete your account and all associated data. Use the “Delete Account” option in the app menu.
  • Right to data portability (Art. 20): receive your data in a structured, machine-readable format (JSON). Available via the “Export My Data” feature.
  • Right to rectification (Art. 16): correct inaccurate personal data by editing your profile or competition results.
  • Right to withdraw consent: you may withdraw consent at any time by deleting your account.

8. Data security

We protect your data using industry-standard measures including encrypted connections (HTTPS/TLS), secure authentication tokens (JWT), and database-level access controls. We do not store passwords — authentication is handled exclusively via magic-link email verification.

9. Publicly available data

TrackRank retrieves certain athletic data (competition results, world rankings) from publicly available sources on the World Athletics website. This data is already in the public domain and is used under the legitimate interest legal basis to provide coaching insights.

10. Contact

If you have questions about this privacy policy or wish to exercise your data rights, please contact us at: privacy@trackrank.app

11. Changes to this policy

We may update this policy from time to time. Significant changes will be communicated via email. Continued use of TrackRank after changes constitutes acceptance of the updated policy.