Privacy Policy

Effective date: July 5, 2026

Theme Park Tracker (“TPT”, “we”) is a social ride diary for theme park fans. This policy describes what we collect, why we collect it, and the choices you have. It applies to our website at themeparktracker.com and to our iOS and Android apps. Questions? Contact us at support@themeparktracker.com.

What we collect

Account information. When you create an account we collect your email address, a username you choose, and optionally a profile photo and bio. If you sign in with Google or Discord, we receive your name, email address, and avatar from that provider — nothing else, and we never see your password for those services.

Content you create. Check-ins (attraction, star rating, wait times, notes, and timestamps), comments, likes, lists, follows, and park or attraction submissions.

Push notification token. If you enable notifications in our mobile apps, we store a device push token so we can notify you about likes, comments, and new followers.

What we don’t collect. No advertising or analytics SDKs, no location tracking, and no access to your contacts. If you use biometric unlock (such as Face ID or fingerprint), it is processed entirely on your device by the operating system — biometric data never reaches our servers.

How we use your information

We use your information to operate the service (profiles, feeds, and social features), deliver push notifications you’ve enabled, send transactional email such as account verification and password resets, and keep the service safe through moderation. We do not sell your data or use it for advertising.

What other users can see

Your username, profile photo, bio, check-ins, comments, likes, follows, and public lists are visible to other TPT users. Private lists are visible only to you.

Service providers

We use a small set of processors to run TPT: Supabase (authentication, database, and file storage), Expo (push notification delivery), Resend (transactional email), and Google and Discord (sign-in only). Each receives only what’s needed for its function.

Data retention and deletion

Your data is retained while your account is active. You can request deletion of your account and associated data by emailing support@themeparktracker.com. We delete or anonymize your data within 30 days of a verified request.

Security

Data is encrypted in transit (TLS). Auth tokens are stored in your device’s secure storage. Database access is restricted by row-level security.

Children

TPT is not directed at children under 13, and we do not knowingly collect data from them.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data. Email support@themeparktracker.com and we’ll honor verified requests.

Changes

We’ll update this page when our practices change and revise the effective date above.