Privacy Policy
Last updated: June 20, 2026
TargetLog is a mobile application for precision shooting training, developed by B.Clean. This policy explains what data is collected, how it is used, and how we protect your privacy.
1. Photos and Camera
The application uses your device's camera or photo library to capture images of competition targets. These images are analyzed entirely on your device using computer vision to identify bullet holes and calculate scores based on ISSF competition rules.
Target images are analyzed entirely on your device — the analysis itself never leaves your phone. By default, images are stored locally only. If you sign in and turn on cloud sync, your images are also uploaded to encrypted cloud storage (Cloudflare R2) so you can back them up and restore them across devices; see Section 4 and Section 5 for details.
After analysis, images are stored locally on your device in the app's document directory. You can delete them at any time by removing individual sessions or uninstalling the application.
2. Data Collected
TargetLog is designed to minimize data collection. The following describes what data may be processed:
- Target images — Analyzed entirely on your device. Stored locally by default; uploaded to Cloudflare R2 only if you sign in and enable cloud sync.
- Session data — Scores, dates, discipline type, notes, and shot positions are stored locally on your device. Synced to your Supabase account (Supabase Postgres, hosted in the EU) only if you sign in and enable cloud sync.
- Account data — No account is required. If you choose to create one (email, or Apple/Google sign-in), the identifier needed to authenticate you (such as your email address) is stored by our authentication provider, Supabase, so you can back up and sync your data.
- Analytics & error reporting (PostHog) — We collect anonymized usage data (screens visited, features used) and, in the event of a crash or error, anonymized technical data (device type, OS version, error trace) to help us fix issues. No photos or personal data are included. See PostHog's Privacy Policy.
No account is required to use TargetLog — every core feature works fully on-device with data stored only on your phone. Cloud sync is strictly optional and only active when you are signed in and have chosen to enable it.
3. Permissions
- Camera — Used to capture photos of your competition targets for on-device analysis.
- Photo library — Used to select existing target photos from your device for analysis.
- Internet — Used for error reporting and analytics only. Target analysis is performed entirely on-device and does not require an internet connection.
4. Data Storage
By default, all shooting session data — including scores, shot positions, session metadata, and target images — is stored locally on your device. No data leaves your device unless you sign in and enable cloud sync.
When cloud sync is enabled, your session data is also stored in your Supabase account (Supabase Postgres, hosted in the EU) and your target images in Cloudflare R2, so you can restore them on a new device. You decide whether sync is on, and you can sign out or delete your account at any time to remove the synced copy.
You can delete your local data at any time by removing individual sessions within the app or by uninstalling the application. To remove synced data, sign out or delete your account in Settings.
5. Third-Party Services & Data Sharing
We do not sell your data. Your data is processed only by the following providers, and only where relevant to a feature you are using:
- On-device computer vision (OpenCV) — Bullet-hole detection and scoring run entirely on your device. No image data is sent anywhere for analysis.
- Supabase (authentication & cloud sync, hosted in the EU) — Authenticates your account and, only if you enable cloud sync, stores a synced copy of your session data. See Supabase's Privacy Policy.
- Cloudflare R2 (image storage) — Stores your target images only when cloud sync is enabled, under your account namespace.
- Apple & Google (sign-in) — Used only if you choose "Sign in with Apple" or "Sign in with Google." We receive a stable identifier, never your password.
- PostHog (product analytics) — Receives anonymized usage data to help us improve the app.
6. GDPR Rights
In accordance with the General Data Protection Regulation (GDPR), you have the following rights:
- Right to access your data
- Right to rectification
- Right to erasure
- Right to data portability
Because session data is stored locally on your device by default, these rights are exercised directly through the application or by deleting the app. If you use cloud sync, you can also sign out or delete your account in Settings to remove the synced copy of your data from Supabase and Cloudflare R2. For analytics or error reporting data, please contact us and we will process your request.
For more details, see our GDPR & Account Deletion page.
7. Contact
For any questions regarding this privacy policy, you can contact us at: [email protected]
8. Changes
This policy may be updated. Any changes will be posted on this page with a revised update date.