We only support updates to the 0.3.x versions of Tracksy.

If you discover a vulnerability in Tracksy, please do not post an issue on GitHub. Instead you should use the private security reporting feature provided by Github on this project.

Tracksy is designed as a privacy-first, client-side-only application.

All user data stays in the browser. There is no backend, no API, and no database server. Uploaded streaming history files are processed entirely within the user's browser session using DuckDB WASM, which runs as a local in-memory database. No user data is ever transmitted to an external server.

While uploaded files are checked against expected filename patterns and MIME types, these validations are intentionally lightweight and do not provide strong guarantees regarding file integrity or safety prior to processing.