← Back
Privacy Policy
Last Updated: December 10, 2025
Quick Summary: We collect minimal personal information (name, email, signature, IP address) when you sign a quote. We use this data solely to provide the signature service and maintain legal records. We do not sell your data. You have rights to access, correct, and delete your information.
1. Introduction
This Privacy Policy describes how Commoner Apps LLC ("Trackara Pro," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use our electronic signature portal ("Service").
By using the Service, you consent to the data practices described in this policy.
2. Information We Collect
2.1 Information You Provide
When you sign a quote through our Service, you provide:
- Name: Your full name as entered in the signature form
- Email Address: Optional email address for receiving confirmation
- Electronic Signature: Your digital signature captured on the signature pad
- Quote Approval: Your consent and approval of the specific quote details
2.2 Automatically Collected Information
When you use the Service, we automatically collect:
| Information Type |
Purpose |
| IP Address |
Fraud prevention, legal compliance, signature authentication |
| Device Information |
Browser type, operating system, screen resolution |
| Timestamp |
Record exact time of signature for legal purposes |
| User Agent |
Browser and device identification |
| Geographic Location |
Approximate location (country/region) based on IP address |
| Session Duration |
Time spent reviewing the quote before signing |
2.3 Quote-Related Information
We store the complete quote you sign, including:
- Service descriptions and line items
- Pricing information (subtotal, tax, total)
- Vehicle information
- Service Provider (mechanic) details
- Quote version and modification history
3. How We Use Your Information
We use the collected information for the following purposes:
3.1 Primary Purposes
- Provide the Service: Enable electronic signature functionality
- Legal Compliance: Maintain legally valid records of signed agreements
- Fraud Prevention: Detect and prevent fraudulent signatures
- Authentication: Verify the identity and authenticity of signers
- Dispute Resolution: Provide evidence in case of disputes
3.2 Secondary Purposes
- Communication: Send confirmation emails (if email provided)
- Service Improvement: Analyze usage patterns to improve functionality
- Technical Support: Troubleshoot technical issues
- Security: Monitor for security threats and vulnerabilities
4. Data Sharing and Disclosure
4.1 Who We Share With
We share your information only in the following circumstances:
- Service Provider (Mechanic): The mechanic or auto repair shop who sent you the quote receives your signature, name, email, and quote approval
- Cloud Storage Provider: We use Google Firebase to securely store signature data
- Hosting Provider: Our web hosting service (Hostinger) hosts the application
- IP Address Service: We use ipify.org to collect your IP address
4.2 Legal Requirements
We may disclose your information if required by law, such as:
- Responding to subpoenas, court orders, or legal processes
- Complying with government investigations
- Protecting our legal rights or defending against claims
- Preventing fraud or illegal activity
- Protecting safety of users or the public
4.3 Business Transfers
If Commoner Apps LLC is acquired, merged, or sells assets, your information may be transferred to the new owner. You will be notified of any such change via email or prominent notice on the Service.
4.4 What We DO NOT Do
We DO NOT:
- Sell your personal information to third parties
- Share your data with advertisers
- Use your signature for any purpose other than the quote you signed
- Rent or lease your contact information
5. Data Retention
5.1 Retention Period
We retain your information for the following periods:
- Signed Quotes: 7 years (standard business record retention)
- Electronic Signatures: 7 years (legal requirement for contract enforcement)
- Audit Trails: 7 years (compliance and legal defense)
- IP Addresses: 7 years (fraud prevention and dispute resolution)
5.2 Rationale
We retain data for this duration to:
- Comply with legal obligations (statute of limitations for contracts)
- Resolve disputes that may arise years later
- Maintain audit trails for regulatory compliance
- Provide evidence in legal proceedings
5.3 Deletion After Retention Period
After the retention period expires, we will securely delete or anonymize your personal information unless we are legally required to retain it longer.
6. Your Privacy Rights
6.1 General Rights
You have the following rights regarding your personal information:
- Right to Access: Request a copy of the personal information we hold about you
- Right to Correction: Request correction of inaccurate or incomplete information
- Right to Deletion: Request deletion of your information (subject to legal retention requirements)
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing of your data for certain purposes
6.2 California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights:
- Right to know what personal information is collected, used, shared, or sold
- Right to delete personal information (with exceptions for legal compliance)
- Right to opt-out of the "sale" of personal information (we do not sell data)
- Right to non-discrimination for exercising privacy rights
6.3 European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under GDPR:
- Right to data portability
- Right to restriction of processing
- Right to withdraw consent at any time
- Right to lodge a complaint with a supervisory authority
6.4 How to Exercise Your Rights
To exercise any of these rights, contact:
- The Service Provider (mechanic) who sent you the quote - They control quote data
- Trackara Pro: Email support@trackara.app for platform-level requests
We will respond to requests within 30 days (45 days for GDPR requests).
7. Data Security
7.1 Security Measures
We implement industry-standard security measures to protect your data:
- Encryption in Transit: SSL/TLS encryption (HTTPS) for all data transmission
- Encryption at Rest: Data stored in encrypted Firebase databases
- Access Controls: Restricted access to personal information
- Audit Logging: Comprehensive logs of data access and changes
- Regular Security Audits: Periodic security assessments
- Secure Authentication: Service Providers use secure authentication to access data
7.2 Limitations
Despite our efforts, no system is 100% secure. We cannot guarantee:
- Absolute security of data transmitted over the internet
- Protection against all cyber attacks or breaches
- Security of links you click in emails
You use the Service at your own risk.
8. Data Breach Notification
8.1 Our Commitment
In the event of a data breach affecting your personal information, we will:
- Notify you within 72 hours of discovering the breach (GDPR requirement)
- Describe the breach: What data was affected and how
- Explain the impact: Potential consequences to you
- Detail our response: Steps we've taken to address the breach
- Provide guidance: Recommended actions you should take
8.2 Notification Method
We will notify you via:
- Email (if you provided one)
- Prominent notice on the Service
- Contact through the Service Provider who sent you the quote
8.3 Regulatory Reporting
We will also report breaches to relevant regulatory authorities as required by law.
9. Cookies and Tracking Technologies
9.1 Cookies We Use
Our Service uses minimal cookies and tracking technologies:
- Essential Cookies: Required for the Service to function (session management)
- Firebase Cookies: Authentication and database connection
- Security Cookies: Fraud detection and prevention
9.2 Third-Party Services
We use these third-party services that may collect data:
- Google Firebase: Database and authentication (see Google Privacy Policy)
- ipify.org: IP address lookup (no cookies)
9.3 Analytics
We currently do NOT use analytics services (Google Analytics, etc.). If this changes, we will update this policy and notify you.
10. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.
11. International Data Transfers
Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to:
- United States (where our servers are located)
- Any country where Google Firebase operates
We ensure appropriate safeguards are in place for international transfers, including:
- Standard contractual clauses approved by the EU Commission
- Compliance with Privacy Shield principles (where applicable)
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last Updated" date at the top
- Material changes will be prominently posted on the Service
- For significant changes affecting your rights, we will notify you by email (if provided)
- Your continued use of the Service after changes constitutes acceptance
13. Do Not Track Signals
Our Service does not currently respond to "Do Not Track" (DNT) browser signals. We collect minimal tracking data as described in this policy regardless of DNT settings.
14. Contact Information
14.1 Privacy Questions
For questions about this Privacy Policy or to exercise your privacy rights, contact:
Privacy Officer
Commoner Apps LLC (Trackara Pro)
Email: support@trackara.app
Phone: (801) 946-9396
Website: https://pro.trackara.app
14.2 Data Controller
For GDPR purposes, the data controllers are:
- Trackara Pro (Commoner Apps LLC): Controls platform and signature data
- Service Provider (Mechanic): Controls quote and customer data
14.3 Response Time
We aim to respond to all privacy inquiries within:
- 30 days for general requests
- 45 days for GDPR requests (may extend to 90 days for complex requests)
- 10 business days for California CCPA requests
15. Your Consent
By using the Service and checking the "I agree to the Privacy Policy" box when signing a quote, you consent to:
- Collection of your personal information as described
- Use of your information for the purposes stated
- Sharing of information with parties listed in this policy
- Storage of your data for the retention periods specified
- International transfer of your data
This Privacy Policy was last updated on December 10, 2025. We recommend reviewing this policy periodically to stay informed about how we protect your information.
← Back to Quote