This privacy policy describes how Forest Resources, Inc. (“we”, “us”, “our”) collects, uses, and protects your information when you use the TimberTrak mobile application (“the App”).
Information We Collect
Account Information
Email address and password (password is stored as a secure hash; we never store it in plain text)
Full name and optional profile photo
Account role (administrator or team member)
Business Data
Contacts — names, phone numbers, email addresses, mailing addresses, company names, notes, and file attachments
Tracts — property names, legal descriptions, county/state, acreage, GPS coordinates, and boundary polygons
Invoices — invoice numbers, amounts, line items, dates, and payment status
Expenses — amounts, vendors, categories, dates, descriptions, and receipt images
Field notes — free-form text notes associated with tracts
Supply tracking — item names, quantities, costs, and usage records
Team & Time Tracking Data
Team member names, usernames, and roles
Clock-in/clock-out timestamps, hourly rates, and calculated earnings
Geographic & Tract Data
GPS coordinates and tract boundary polygons manually entered by the user
County, state, legal descriptions, and PLSS (Public Land Survey System) information provided by the user
Device & Usage Information
Device type, operating system version, and application error data collected via Sentry crash reporting (enabled in production at a 20% session sample rate)
Device Permissions
The App may request access to:
Location (while in use) — to show your current position on the map while you have the App open, so you can orient yourself when viewing or drawing tract boundaries, tracks, and waypoints (see Section 03)
Camera — to photograph receipts for expense scanning and to capture images for contact attachments
Photo Library — to select existing images for attachments
Microphone — to record audio within the App
Notifications — to send you relevant alerts
Each permission is requested at the time of use and can be revoked in your device settings at any time. The App only uses the “While Using the App” (foreground) location permission — it does not access your location in the background, and it does not access your location at all when the App is closed. Your location is never transmitted to or stored on our servers.
On Android, the App requests precise foreground location (ACCESS_FINE_LOCATION) and approximate foreground location (ACCESS_COARSE_LOCATION). The App does not request ACCESS_BACKGROUND_LOCATION. The App may also request permissions for internet access, storage access (to save and retrieve files), and vibration for haptic feedback. These are standard Android permissions required for core App functionality.
Location & Maps
The App uses your device’s location only to display your current position on the in-app map while you are actively using the App. This helps you orient yourself when viewing or drawing tract boundaries, tracks, and waypoints in the field.
Foreground only
Location is accessed only while the App is open and in use. The App does not access your location in the background or when the App is closed.
Your location is never transmitted to or stored on our servers. It is used only locally on your device to render the blue “you are here” dot on the map.
Clock-in / clock-out
Clocking in and clocking out records the time of the action — not your location. The App does not capture, store, or transmit location data as part of time tracking.
Tract boundaries and tracks
GPS coordinates, tract boundary polygons, tracks, and waypoints are entered or drawn manually by a user. These are stored as part of your organization's mapping records and are visible to members of your organization based on your role.
You can revoke the location permission at any time in your device settings. The App will continue to function, but the “you are here” indicator on the map will not be available.
How We Use Your Information
To provide and operate the App's core features (tract management, invoicing, expense tracking, time tracking, and team management)
To authenticate your identity and secure your account
To process receipt images for automated data extraction — receipt images are sent to our backend servers and processed using the Google Gemini API for text recognition and data extraction
To display tract locations and boundaries using platform-native mapping services (Apple Maps on iOS, Google Maps on Android)
To generate invoices and financial reports
To diagnose technical issues and improve app stability via crash reporting (see Section 07 for details)
How We Store Your Information
Your data is stored using Supabase, a cloud platform hosted on Amazon Web Services (AWS) infrastructure located in the United States. Data is encrypted at rest and in transit (via HTTPS).
Authentication tokens are stored securely on your device using the operating system’s secure keychain (iOS Keychain / Android Keystore).
A local cache and offline mutation queue are maintained on-device using SQLite to support offline functionality. This data remains on your device and syncs with the server when connectivity is restored.
Receipt images are transmitted securely from the App to a Supabase Edge Function, which forwards the image data to Google’s Gemini API for text recognition and data extraction. Processed receipt images are stored in your account’s secure storage bucket on Supabase. Google may process image data according to its own data handling policies.
Third-Party Services
We use the following third-party services to operate the App:
Supabase — database, authentication, file storage, and serverless functions
Apple Maps (iOS) / Google Maps (Android) — map rendering and tract boundary display via the device's native mapping service
Google Gemini API — receipt image processing and automated data extraction
Sentry — error and crash reporting, enabled only in production when configured
Expo — application build infrastructure, over-the-air updates, and push notification delivery
Your use of mapping features is subject to Apple’s Privacy Policy on iOS and Google’s Privacy Policy on Android. We do not sell, rent, or share your personal information with third parties for marketing purposes.
Data Retention
We retain your data for as long as your account is active. If you delete your account, all associated data — including profile information, business records, files, and team data — is permanently removed from our systems.
Crash reports and error logs collected by Sentry are sampled at 20% of sessions and are retained according to Sentry’s data retention policies (typically 90 days). Reports may include device type, OS version, error stack traces, and application state at the time of the error.
Account Deletion
You can delete your account and all associated data directly within the App under your account settings, or at any time on the web at timbertrak.app/account/delete. Account deletion is permanent and cannot be undone. Upon deletion:
Your profile and authentication credentials are removed
All business data (contacts, tracts, invoices, expenses, field notes, supply records, and time entries) is permanently deleted
All uploaded files (receipts, attachments) are removed from storage
If you are an account owner, all team members under your account and their associated data are also deleted
Backups containing your data are purged within 30 days of deletion.
Data Security
We implement reasonable technical and organizational measures to protect your data, including:
Encryption at rest and HTTPS encryption for all data in transit
Secure password hashing
Row-level security policies ensuring users can only access their own data
Role-based access controls (admin vs. team member permissions)
Secure on-device storage for authentication tokens
Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information. Residents of California and other states with comprehensive privacy laws may have the following rights:
Right to Know — you may request details about the categories of personal information we collect, the purposes for collection, and any third parties with whom we share it
Right to Delete — you may request deletion of your personal information, which you can also do directly in the App under account settings
Right to Correct — you may request correction of inaccurate personal information
Right to Non-Discrimination — we will not discriminate against you for exercising your privacy rights
We do not sell or share your personal information as defined by the California Consumer Privacy Act (CCPA/CPRA) or any other state privacy law. We do not use your data for profiling or automated decision-making.
To exercise any of these rights, contact us at support@forestresourcesinc.com. We will respond to verified requests within 45 days.
Data Breach Notification
In the event of a data breach that affects your personal information, we will notify affected users and applicable regulatory authorities as required by law. We aim to provide notification within 72 hours of becoming aware of a qualifying breach, including a description of the breach, the types of information involved, and the steps we are taking in response.
Children's Privacy
The App is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from individuals under 18. If you believe someone under 18 has provided us with personal information, please contact us so we can delete it.
Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes through the App or via email. Changes will also be posted on this page with an updated effective date. Continued use of the App after changes constitutes acceptance of the revised policy.
Contact Us
If you have questions about this privacy policy, your data, or wish to exercise your privacy rights, contact us at:
Forest Resources, Inc.
support@forestresourcesinc.com