Privacy Policy
Last updated: July 13, 2026
1. General
1.1. This Privacy Policy (the “Policy”) describes how information about users of the Oh My Tracker service, available at ohmytracker.ru, app.ohmytracker.ru, ohmytracker.app, and app.ohmytracker.app (the “Service”), is processed and protected.
1.2. By using the Service you agree to this Policy. If you do not agree, please stop using the Service.
1.3. The data controller is the owner and administrator of the Service (the “Operator”). Contact for data-related requests: support@ohmytracker.ru.
2. Core principle: minimal data
2.1. The Service is designed to process as little data as possible:
- no registration — the Service does not ask for your name, email address, phone number, or any other identifying information;
- your habit data does not leave your device by default — it is stored in your browser’s local storage (localStorage) and is not accessible to the Operator;
- no analytics counters, advertising trackers, or third-party scripts are used.
2.2. Some data is processed on the Operator’s server only when you enable optional features — sync and push reminders (sections 4 and 5).
3. Data stored only on your device
3.1. Your habit list, completion marks, and interface settings (including the color theme) are stored in the browser on your device and processed locally.
3.2. You can delete this data using your browser’s tools (clearing site data). The Operator has no access to it and cannot restore it after deletion.
4. Sync (optional feature)
4.1. When you enable sync, a “room” — a random identifier — and an AES-128-GCM encryption key are generated on your device. Habit data is encrypted on your device before it is sent (end-to-end encryption).
4.2. The encryption key is contained only in the device-connection link (in the URL fragment after the “#” character) and is never transmitted to the server under any circumstances.
4.3. The Operator’s server stores: the room identifier, encrypted records, and technical timestamps. The Operator is technically unable to decrypt or read the contents of the records.
4.4. A room is automatically and irreversibly deleted after 365 days of inactivity.
5. Push reminders (optional feature)
5.1. When you enable reminders, the following is processed: your browser’s push subscription address (endpoint), technical subscription keys (p256dh, auth), the device time zone, and the reminder schedule you set (time and days of week).
5.2. Push notifications are delivered by the push service of your browser vendor (e.g. Google, Apple, or Mozilla). By design of the Web Push protocol, the subscription endpoint is processed by the respective push service, which has its own privacy policy.
5.3. Reminder content is generated without any personal data. The subscription is deleted when you turn reminders off, and automatically after 180 days without contact from your device.
6. Technical data
6.1. When you access the Service, your IP address and standard HTTP request data (user agent, request time) are processed:
- the IP address is used for abuse protection (rate limiting) and is processed in the server’s memory;
- web server logs are kept to the extent standard for reliability and security purposes and are rotated regularly.
6.2. The Service uses a single functional cookie — theme-preference (your chosen color theme, stored for 1 year). It is not used for tracking and is not shared with third parties. Disabling it does not limit the Service.
7. Purposes and legal basis
7.1. Data is processed solely to provide the Service’s features (sync, reminders) and to keep the Service operational and secure.
7.2. The legal basis for processing is your consent, expressed by enabling the respective feature (sync, reminders), and the Operator’s legitimate interest in securing the Service.
7.3. Processing is automated. No profiling and no automated decision-making with legal effects take place.
8. Storage and protection
8.1. The Service’s server infrastructure is located in the Russian Federation.
8.2. Protection measures include: end-to-end encryption of sync data, secure connections (HTTPS/TLS) for all requests, restricted access to server infrastructure, and masking of room identifiers in application logs.
8.3. Retention periods: sync data — 365 days from the room’s last activity; push subscriptions and schedules — 180 days without device contact; web server logs — within a standard rotation cycle.
9. Sharing with third parties
9.1. The Operator does not sell or share user data with third parties, except as described in section 5.2 (browser vendors’ push services — strictly to the extent technically required to deliver notifications) and where disclosure is required by applicable law.
10. Your rights
10.1. You have the right to:
- obtain information about how your data is processed;
- delete your data: local data — by clearing site data in your browser; sync data — by disabling sync on your devices and/or by request to the Operator; the push subscription — by turning reminders off;
- withdraw consent by stopping use of the respective feature;
- contact the Operator with any data-related request and lodge a complaint with the competent data protection authority or a court.
10.2. Send requests to support@ohmytracker.ru. We respond within 30 days. Note: since there is no registration, processing a sync-data deletion request requires the room identifier.
11. Children
11.1. The Service is not designed to collect children’s data and does not request any information that would reveal a user’s age.
12. Changes to this Policy
12.1. The Operator may amend this Policy. The new version takes effect once published on this page; the last-updated date is shown at the top. Continued use of the Service after changes are published constitutes acceptance of the new version.
13. Contact
For any questions about this Policy or data processing: support@ohmytracker.ru.