KanTrack KanTrack ← Back to app
Legal

Privacy & Cookie Policy

No tracking. No ads. No data sent anywhere. Here's the full picture.

Last updated: April 2026

1. Who we are

KanTrack is developed and operated by BTi – Bossless Tech Industries, a small software studio based in Portugal. BTi – Bossless Tech Industries is the data controller within the meaning of the General Data Protection Regulation (GDPR — EU 2016/679) for any personal data processed in connection with serving this application.

For any questions regarding this policy or to exercise your rights, contact us at: general@bosslesstechindustries.com.

2. How KanTrack works — a local-first app

KanTrack is a local-first application. All your tasks, notes, tags, and preferences are stored exclusively on your own device — in your browser's IndexedDB and localStorage — and are never transmitted to any server, including ours.

No account is required. No login exists. KanTrack has no backend and no database of its own. The application is delivered to your browser as static files, and everything you do inside it stays on your device.

Data Where it lives Who controls it
Tasks, notes, tags, priorities, history Your device (IndexedDB) You
Notebook pages & embedded images Your device (IndexedDB) You
UI preferences & permanent notes Your device (localStorage) You
Encryption keys (encrypted exports) Never stored — derived per session You

You can export all your data at any time (JSON, encrypted JSON, HTML, PDF) and delete it in full from within the app. KanTrack functions entirely offline once loaded.

3. Data we (or our infrastructure) may process

KanTrack itself collects no personal data. However, like any website, serving the application files involves network requests. When your browser loads KanTrack, standard HTTP request data — including your IP address and request metadata (browser type, timestamp, requested resource) — is processed by our hosting provider as part of delivering the service.

Lawful basis (GDPR Art. 6): This processing is necessary for the performance of delivering the service to you (Art. 6(1)(b)) and on the basis of our legitimate interest in operating a secure, reliable infrastructure (Art. 6(1)(f)).

Retention: Standard server logs (if any are retained at all) are subject to our hosting provider's retention policy. See Section 5 for details on Cloudflare's practices. We do not independently retain server logs.

KanTrack does not collect: email addresses, usernames, analytics events, click or page-view data, behavioral metrics, device fingerprints, or any other personal data.

4. Cookies

We do not set any first-party cookies.

KanTrack uses your browser's IndexedDB and localStorage — not cookies — to persist your data locally. There are no session cookies, preference cookies, analytics cookies, or advertising cookies set by this application. No cookie consent banner is required because we do not use cookies that require consent.

Cloudflare technical cookies: KanTrack is served through Cloudflare's network. As part of its bot management and DDoS-protection infrastructure, Cloudflare may set strictly necessary technical cookies (such as __cf_bm) on your device. These cookies are set by Cloudflare, not by us, and are strictly necessary for the security and integrity of the service. They do not track you across websites, do not require your consent under the ePrivacy Directive, and are governed by Cloudflare's Privacy Policy.

Should any non-essential cookies be introduced in a future version of this application, this policy will be updated and any required consent mechanism will be put in place before their use.

5. Third-party services & data processors

KanTrack is hosted on Cloudflare Pages (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). As our hosting provider, Cloudflare acts as a data processor on our behalf within the meaning of GDPR Art. 28. In this capacity, Cloudflare may process certain technical data (such as IP addresses and HTTP request metadata) as part of providing hosting, CDN, and DDoS-protection services.

Cloudflare's processing is subject to a Data Processing Addendum (DPA) in accordance with GDPR Art. 28, and data transfers outside the EEA are governed by Standard Contractual Clauses (SCCs). For further details, see Cloudflare's Privacy Policy.

KanTrack does not embed any social media widgets, advertising networks, analytics scripts, or other third-party services. All application code is self-hosted. The application's Content Security Policy enforces this by blocking any external script execution.

6. Your rights (GDPR)

If you are located in the European Union or European Economic Area, you have the following rights under the GDPR. As described above, the only personal data we may hold about you is standard HTTP request data processed by our hosting infrastructure. Your rights are listed below in full for transparency:

  • Right of access (Art. 15) — you may request confirmation of whether we hold any personal data about you, and a copy of it.
  • Right to rectification (Art. 16) — you may ask us to correct inaccurate or incomplete data.
  • Right to erasure (Art. 17) — you may ask us to delete any personal data we hold, where no legal obligation requires us to retain it.
  • Right to restriction of processing (Art. 18) — you may ask us to restrict how we use your data in certain circumstances.
  • Right to data portability (Art. 20) — where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.
  • Right to object (Art. 21) — you may object to processing based on legitimate interest. We will stop unless we can demonstrate compelling legitimate grounds.
  • Right to lodge a complaint (Art. 77) — you have the right to file a complaint with your local data protection authority. In Portugal, the competent authority is the CNPD — Comissão Nacional de Proteção de Dados.

Regarding your task data, notes, and all other app content: this data is stored exclusively on your own device and is under your sole control. You can export or permanently delete it at any time from within the KanTrack application — no request to us is needed.

To exercise any rights regarding infrastructure-level data, contact us at general@bosslesstechindustries.com. We will respond within 30 days as required by GDPR Art. 12.

7. Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with an updated date. Since we do not collect your email address, we cannot notify you directly — please check back if you have questions.