Privacy Policy

Introduction

SuppaLog ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website.

We take your privacy seriously. This policy describes what data we collect, why we collect it, how we use it, and your rights regarding your personal information.

Contact Us: If you have questions about this Privacy Policy, please contact us at hello@suppalog.app. We typically respond within 48 hours.

What Data We Collect

SuppaLog collects the following types of information to provide and improve our service:

1. Contact Information

• Name: Used to personalize your experience and display in your profile
• Email Address: Used for account authentication, password resets, and important service communications

2. Health Data

This is the core of our app's functionality. We collect:

• Supplement Logs: Daily supplement intake, dosages, and timing
• Nutrient Data: Vitamins, minerals, and other nutrients from supplements
• Body Metrics: Age, gender (for RDA calculations), height, weight (optional)
• Life Moments: Custom health events you track (pregnancy, training, stress periods, etc.)
• Check-in Data: Daily mood, energy levels, and wellness notes

3. Photos and Videos

• Supplement Label Photos: When you use our AI Vision feature to scan supplement labels, we temporarily store photos to extract nutrition information. Photos are deleted after processing unless you choose to save them.

4. User Content

• Supplement Stacks: Your custom supplement routines
• Notes and Comments: Any notes you add to logs or stacks
• Custom Supplements: Supplements you manually add to the database

5. User ID and Account Data

• Account ID: Unique identifier for your account
• Authentication Tokens: Secure tokens for login sessions
• Account Settings: Preferences, notification settings, theme choices

6. Usage Data

• App Interactions: Features you use, screens you visit, actions you take
• Session Data: App launch times, session duration
• Device Information: Device type, OS version, app version

7. Crash Data

• Error Logs: Technical information when the app crashes or encounters errors
• Stack Traces: Code execution paths that led to errors

8. Performance Data

• App Performance: Load times, response times, resource usage
• Network Performance: API response times, data transfer speeds

How We Use Your Data

We use your data for the following purposes:

App Functionality

• Track your supplement intake and calculate nutrient totals
• Generate personalized RDA comparisons based on your age, gender, and region
• Provide barcode scanning and AI label analysis
• Enable supplement stack creation and management
• Authenticate your account and secure your data
• Sync data across your devices
• Provide customer support

Product Personalization

• Show personalized nutrient recommendations
• Display insights tailored to your health profile
• Provide AI-powered chat responses relevant to your data
• Suggest supplements based on your goals and deficiencies

Analytics and Improvement

• Understand how users interact with the app
• Identify and fix bugs
• Improve performance and user experience
• Develop new features based on usage patterns
• Analyze aggregate trends (anonymous)

Communications

• Send account-related emails (password resets, account changes)
• Notify you of app updates and new features
• Respond to your support requests
• Send important service announcements

We do NOT:

• ❌ Use your data for advertising
• ❌ Sell your data to third parties
• ❌ Share your health data with data brokers
• ❌ Use your data to target ads

Data Sharing and Third Parties

We work with trusted third-party services to operate SuppaLog. Your data is shared with:

Supabase (Database & Authentication)

• Purpose: Secure data storage and user authentication
• Data Shared: All user data (encrypted)
• Location: EU servers (GDPR compliant)
• Security: Row Level Security (RLS) ensures users only access their own data
• Privacy Policy: supabase.com/privacy

RevenueCat (Subscriptions)

• Purpose: Manage SuppaLog Pro subscriptions
• Data Shared: User ID, subscription status
• Payment Info: We never see your payment information - handled directly by Apple/Google
• Privacy Policy: revenuecat.com/privacy

PostHog (Analytics)

• Purpose: Understand app usage and improve user experience
• Data Shared: User ID, usage events, device info
• Health Data: NOT shared - only app interaction data
• Privacy Policy: posthog.com/privacy

Anthropic (AI Features)

• Purpose: Power AI chat and label analysis
• Data Shared: Your questions and supplement photos (when using AI features)
• Data Retention: Processed data is deleted after 30 days
• Privacy Policy: anthropic.com/privacy

Apple/Google (App Stores)

• Purpose: App distribution and in-app purchases
• Data Shared: Purchase history, subscription status (managed by Apple/Google)

Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your device and our servers uses TLS 1.2+ encryption
• Encryption at Rest: Your data is encrypted in our database
• Row Level Security: Database-level policies ensure users can only access their own data
• Secure Authentication: Password hashing, secure token management, optional biometric authentication
• Regular Audits: We regularly review and update our security practices
• Access Controls: Limited employee access to user data, only when necessary for support

However: No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Your Rights (GDPR Compliance)

You have the following rights regarding your personal data:

1. Right to Access

You can access all your data within the app. Go to Settings → Export Data to download a complete copy in JSON format.

2. Right to Rectification

You can edit your profile, supplement logs, and settings anytime within the app.

3. Right to Erasure ("Right to be Forgotten")

You can delete your account and all associated data at any time. Go to Settings → Account → Delete Account. This is permanent and cannot be undone.

4. Right to Data Portability

Export your data in a machine-readable format (JSON) from Settings → Export Data.

5. Right to Object

You can object to data processing for analytics by contacting us at hello@suppalog.app.

6. Right to Withdraw Consent

You can withdraw consent for optional data collection (e.g., analytics) or delete your account entirely.

To exercise your rights: Email us at hello@suppalog.app or use the in-app features. We will respond within 30 days.

Data Retention

• Active Accounts: Your data is retained as long as your account is active
• Deleted Accounts: When you delete your account, all data is permanently deleted within 30 days
• Backups: Deleted data may persist in encrypted backups for up to 90 days for disaster recovery
• Legal Obligations: We may retain certain data if required by law (e.g., for tax records)

Children's Privacy

SuppaLog is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal information, please contact us at hello@suppalog.app and we will delete it.

While our App Store age rating is 4+, the app is designed for adults or use under parental supervision for supplement tracking.

Do We Use Your Data for Tracking?

No. We do NOT use your data for tracking as defined by Apple's App Tracking Transparency framework.

We do NOT:

• Link your data with third-party data for advertising
• Share data with advertising networks
• Use data brokers
• Track you across other apps or websites

We DO use first-party analytics (PostHog) to improve the app, but this is for app functionality, not advertising.

Cookies and Similar Technologies

Website: Our website uses minimal cookies for basic functionality (e.g., remembering your theme preference).

Mobile App: The app stores data locally on your device (AsyncStorage) for offline functionality and preferences. This is not accessible to other apps.

International Data Transfers

Your data is primarily stored on EU servers (Supabase) to comply with GDPR. However, some services we use (Anthropic, PostHog) may process data in the United States. These services are GDPR-compliant and provide adequate data protection.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

• We will update the "Last Updated" date at the top
• We will notify you via email if changes are significant
• You will be asked to review the updated policy when you next open the app
• Continued use of the app after changes means you accept the updated policy

We recommend reviewing this policy periodically.

Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Consent: You provide explicit consent when creating an account
• Contract Performance: Processing is necessary to provide the service you requested
• Legitimate Interests: Analytics and app improvement (balanced against your privacy rights)
• Legal Obligation: Compliance with laws (e.g., tax, data breach notification)

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (we don't sell your data)
• Right to non-discrimination for exercising your CCPA rights

To exercise these rights, email us at hello@suppalog.app.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Email: hello@suppalog.app
Response Time: Within 48 hours for general inquiries, within 30 days for data requests
Website: suppalog.app
Support: suppalog.app/support