Core trust model
Can Trackself read our task titles or descriptions?
No. Sensitive task content is protected before it syncs. Trackself cloud infrastructure stores ciphertext and wrapped keys, not readable work logs.
Where does decryption happen?
Decryption happens in the browser or desktop app after the user unlocks access. The cloud service does not need plaintext task content to provide sync, review, or reporting workflows, and it does not hold the decryption paths needed to recover that content on its own.
What can the cloud service still see?
It can see that encrypted records exist and manage the sync workflow around them, but it is not designed to read protected task titles, descriptions, or categories as plaintext.
Deployment and evaluation
Does Trackself store data in the cloud?
It depends on the path you choose. The free tier uses local storage you control yourself. Premium uses Trackself cloud sync. Enterprise buyers can discuss on-premises deployment.
Is the free tier the same thing as the cloud plan trial?
No. Free means local storage use. Premium evaluation is a separate cloud path for portal access, Jira integration, and team workflows. Paid plans start with a 14-day free trial. Add billing details to begin, and you will not be charged until the trial ends unless you continue.
Can we run Trackself on-premises?
Yes, that is part of the enterprise/on-premises path. It is handled as a custom engagement rather than a self-serve public plan.
Operational limits
What happens if all access methods are lost?
If every unlocked device and every saved access method are lost, protected content cannot be recovered. That is part of the shared-nothing privacy model: the same design that keeps Trackself from reading protected task content also means Trackself cannot recover it for you after all decryption paths are gone.
Does Trackself already solve every offboarding and revocation concern?
No. Offboarding and revocation still depend on careful key-management policy and operational process. Trackself provides strong privacy foundations, but organizations should still plan how access is issued, rotated, and withdrawn when people or devices leave.
What about app stores and their telemetry?
Trackself may be distributed through app stores or platforms that have their own privacy policies and telemetry. That is separate from Trackself’s protected task-content model and should be evaluated per store.
Does Trackself collect update-check analytics?
Yes, but only limited server-side update metrics. The appcast endpoint records aggregate update and installation data, including app version, platform, update channel, country or Cloudflare colo, user-agent family, and a monthly salted hash of the requester IP address for approximate monthly unique counts. Raw IP addresses, full user agents, account IDs, license keys, device IDs, and cookie IDs are not stored in the analytics dataset. The monthly hash is not designed to track users across months.