# Privacy Policy
*Last updated: April 19, 2026 (v2)*
KeepEatClean (the "App") is operated by Velcrest Group LLC, a Texas limited liability company, with a contact address at 7696 Texas 183A Toll Rd, Building 1A, Leander, TX 78641, and contact email [contact@velcrestgroup.com](mailto:contact@velcrestgroup.com) (the "Company", "we", "us", or "our"). "KeepEatClean" is a brand of Velcrest Group LLC.
This Privacy Policy explains what personal data the App collects, how we use it, who we share it with, your rights, and how to contact us. Please read it carefully. By using the App, you agree to the practices described here.
## The Personal Data We Collect
### Account Information
When you create an account we collect the email address you sign up with (or, if you use Sign in with Apple, an email address provided by Apple — which may be Apple's private relay address that forwards to your real inbox). We also store your chosen username, an avatar identifier, and an optional bio.
### Health & Fitness Data (Apple HealthKit)
With your explicit permission, the App reads data from Apple HealthKit, which may include steps, distance, flights climbed, active and resting energy, heart rate, resting heart rate, heart rate variability, blood oxygen, respiratory rate, body temperature, body mass, body fat percentage, BMI, blood pressure, VO2 max, walking heart rate average, exercise time, stand time, dietary water, sleep analysis, and similar metrics. With your permission, the App may also write the following back to HealthKit: body mass, body fat percentage, BMI, body temperature, blood pressure, dietary water, dietary energy consumed, active energy burned, and sleep analysis. Raw HealthKit data is processed on-device. Specific milestones (e.g., completed fasts, water/step goals) and any body measurements you attach to a progress photo or share to your Squad feed are stored in our cloud database (Supabase).
### Health & Fitness Data (Whoop, optional)
If you connect a Whoop account, we receive an OAuth access token and refresh token from Whoop. The access token is used to fetch your sleep, recovery, workouts, day strain, and body-measurement data from Whoop's API. Tokens are stored securely in your device's iOS Keychain and are not transmitted to our servers. You can disconnect Whoop at any time from Settings, which immediately invalidates the locally stored tokens.
### Profile & Community Data
Your profile (username, avatar, bio, longevity level, streaks, friend connections), your posts to the Squad feed, your reactions, and your comments are stored in our cloud database (Supabase). Profile defaults are explained under "Profile Visibility & Discoverability" below.
### Photos
Photos you upload to your Squad feed, your team posts, or your progress-photo timeline are stored in our cloud storage (Supabase Storage). Squad photos and team-post photos are checked by an AI image-moderation service before upload to block sexually explicit, violent, or otherwise prohibited content. Progress photos are stored in a private bucket and are not shown to other users unless you explicitly choose to share a progress snapshot to your feed.
### Voice & Speech Data
If you use voice meal logging, the App requests microphone access and uses Apple's Speech framework to transcribe your spoken description. Audio may be processed on-device by Apple or, depending on your iOS version and configuration, sent to Apple for processing. We do not retain raw audio recordings on our servers. The resulting transcript may be sent to OpenAI through our analysis proxy in order to estimate the meal's nutritional content (see "Food Label Scans & Meal Estimation" below).
### Food Label Scans & Meal Estimation
When you scan a food label or log a meal photo, the image and any text we have extracted from it on-device using Apple Vision are sent to our backend proxy at eatclean-api.vercel.app, which then forwards the request to OpenAI's API for analysis. The request is authenticated using your Supabase access token. We do not permanently store the scanned image after analysis is complete. Brief operational logs (request timestamp, user identifier, error codes) may be retained by our infrastructure providers for security and abuse prevention.
### Push Notification Tokens
If you enable push notifications, the App stores an Apple Push Notification service (APNs) device token in our cloud database so we can deliver alerts (meal reminders, fasting nudges, friend activity, team posts, weekly recaps). You can disable push notifications at any time from iOS Settings.
### Anonymous Sessions
To allow you to try the App before signing up, the App may create an anonymous Supabase session that is tied to your device. Any data created during an anonymous session (preferences, scans) lives under that anonymous identifier until you sign up, at which point the anonymous session is upgraded to a real account. If you never sign up and uninstall the App, the anonymous session becomes orphaned and is purged on a rolling basis.
### Device & Technical Information
We log basic technical information needed to operate the App: app version, iOS version, device model class, locale, and crash diagnostics. This information is used for security, abuse prevention, and engineering reliability — not for advertising.
## How We Use Your Information
We use the personal data described above to:
- provide AI-powered food and meal analysis, health-trend visualization, and longevity-related insights;
- power the social Squad feed, team feeds, leaderboards, friend connections, reactions, and comments;
- calculate streaks, milestones, and gamification features;
- send the notifications you have opted into;
- detect and prevent fraud, abuse, and violations of our Terms of Service;
- comply with legal obligations and respond to lawful requests from authorities;
- improve the App through aggregated, anonymized usage patterns.
## Legal Bases for Processing (GDPR / UK GDPR)
If you are in the European Economic Area or the United Kingdom, the legal bases on which we process your personal data are:
- Performance of a contract with you (Article 6(1)(b) GDPR) — to provide the App's core features (account, scans, social feed, subscription);
- Your explicit consent (Article 6(1)(a) and Article 9(2)(a) GDPR) — for processing health data through HealthKit, Whoop, microphone input, and notifications. You can withdraw consent at any time through iOS Settings or in-App Settings without affecting the lawfulness of prior processing;
- Our legitimate interests (Article 6(1)(f) GDPR) — for product security, fraud prevention, abuse moderation, and aggregated analytics where these interests are not overridden by your interests or rights;
- Compliance with a legal obligation (Article 6(1)(c) GDPR) — when we must respond to lawful government requests or comply with applicable law.
## Sharing & Subprocessors
We do not sell your personal data. We share personal data only with the third-party service providers ("subprocessors") that are necessary to operate the App:
- Supabase, Inc. — authentication, database, file storage, and serverless functions.
- Vercel Inc. — our serverless API proxy at eatclean-api.vercel.app, which fronts our calls to OpenAI and other third-party APIs.
- OpenAI, L.L.C. — generative AI (Chat Completions, model gpt-4o-mini) for food label analysis and meal estimation, and image moderation (model omni-moderation-latest).
- Apple Inc. — App Store Connect for distribution and subscription billing; Apple HealthKit for the health data integration; Apple Speech for voice transcription; Apple Push Notification service (APNs) for push notifications; Sign in with Apple for authentication.
- Whoop, Inc. — only if you connect a Whoop account (read-only access to the Whoop data categories you select).
- U.S. Department of Agriculture — public USDA FoodData Central nutrition reference data is fetched through our proxy. No personal data is sent to the USDA.
Each subprocessor processes personal data only for the purposes described above and only on our instructions. Where required, transfers from the EU/UK to the United States rely on the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, or the EU-US Data Privacy Framework, depending on the subprocessor.
## AI Model Training
We do not train AI models on your personal data. The data we send to OpenAI through the /api/analyze, /api/meal-estimate, and /api/moderate endpoints is sent under OpenAI's commercial API terms, which prohibit OpenAI from using API inputs and outputs to train its models. We do not authorize any other subprocessor to use your personal data for AI model training.
## Profile Visibility & Discoverability
By default, your profile and your Squad-feed posts are visible only to you and to users you have accepted as friends ("friends-only"). You may opt in to public discoverability from Settings → Privacy. When public discoverability is enabled:
- your profile may appear in user search results;
- your Squad-feed posts may be eligible to appear in App-wide discovery surfaces such as Trending and Clean Finds;
- your profile page may be viewed by users who are not your friends.
Teams are inherently shared communities. Posts you make to a team are visible to other members of that team. Public teams may be discovered by any user.
Existing users who created accounts before April 19, 2026 may have been defaulted to public discoverability under our prior policy. We are prompting affected users to confirm or change their visibility setting on their next session.
## Data Storage, Security & International Transfers
Local data (scan history, preferences, health profile, longevity snapshots, Whoop tokens) is stored on your device using standard iOS storage and the iOS Keychain. Cloud data (account, profile, posts, friend connections, photos, push tokens) is stored in Supabase, primarily in U.S. regions. All network communication uses HTTPS/TLS encryption, and cloud data is encrypted at rest. Row-level security policies are enforced in Supabase to prevent unauthorized cross-account access.
If you are accessing the App from outside the United States, your personal data will be transferred to and processed in the United States and other countries where our subprocessors operate. We rely on the safeguards described under "Sharing & Subprocessors" for international transfers.
No security control is perfect. We work to protect your data but cannot guarantee absolute security.
## Data Retention
We retain your account data for as long as your account remains active. When you delete your account (Settings → Account → Delete Account), we delete or anonymize your personal data from our active systems within thirty (30) days, except for limited information we may retain to comply with legal obligations, resolve disputes, prevent fraud or abuse, or enforce our Terms of Service. Encrypted backups containing residual copies of deleted data are purged on the standard rotation schedule of our infrastructure providers (typically within thirty (30) days). De-identified or aggregated data that cannot reasonably be used to identify you may be retained indefinitely.
## Account Deletion
You can delete your account at any time from Settings → Account → Delete Account. Deletion removes your profile, your activity-feed events, your reactions, your comments, your friend connections, your team memberships and team posts, your progress photos, your Squad-feed photos, your push notification tokens, and your authentication record. Some content may persist transiently in encrypted backups (see "Data Retention" above) and in the form of references in other users' notification history (for example, a friend may still see "Alex sent you a friend request" in their notification list even after Alex has deleted their account). Reports filed against your content for moderation purposes may be retained in anonymized form for safety and abuse-prevention purposes.
## Your Privacy Rights (General)
Regardless of where you live, you have the following baseline rights with respect to your personal data:
- You can review and edit your profile information from Settings.
- You can revoke HealthKit permissions at any time through iOS Settings → Privacy & Security → Health.
- You can disable microphone access through iOS Settings → Privacy & Security → Microphone.
- You can disable push notifications through iOS Settings → Notifications.
- You can disconnect Whoop from Settings.
- You can delete your scan history at any time from Settings.
- You can delete your account from Settings → Account → Delete Account.
## Your EU/UK Privacy Rights
If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR / UK GDPR with respect to your personal data:
- Right of access — to obtain a copy of the personal data we hold about you.
- Right to rectification — to correct inaccurate personal data.
- Right to erasure ("right to be forgotten") — to request deletion of your personal data.
- Right to restriction of processing — in certain circumstances.
- Right to data portability — to receive your personal data in a structured, machine-readable format.
- Right to object — to processing based on our legitimate interests.
- Right to withdraw consent — at any time, without affecting prior lawful processing.
- Right to lodge a complaint — with your local supervisory authority (e.g., the Irish Data Protection Commission, the UK ICO, the French CNIL, the German Federal Commissioner for Data Protection and Freedom of Information).
To exercise any of these rights, email [contact@velcrestgroup.com](mailto:contact@velcrestgroup.com) or write to Velcrest Group LLC at the address above. We will respond within the timeframe required by applicable law (generally one month under GDPR).
Velcrest Group LLC does not currently maintain an establishment in the EU or UK. Inquiries from EU/UK residents should be directed to the contact email above.
## Your State Privacy Rights (United States)
If you are a resident of California, Texas, Virginia, Colorado, Connecticut, Utah, Oregon, or another U.S. state with a comprehensive privacy law, you have additional rights under that state's law, which may include:
- the right to know what personal information we collect, use, share, and disclose;
- the right to access and obtain a copy of your personal information;
- the right to delete your personal information;
- the right to correct inaccurate personal information;
- the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising;
- the right to limit the use and disclosure of sensitive personal information;
- the right not to be discriminated against for exercising any of these rights.
To exercise these rights, email [contact@velcrestgroup.com](mailto:contact@velcrestgroup.com). We may need to verify your identity before responding. You may also designate an authorized agent to make a request on your behalf, subject to verification.
Categories of personal information we collect (per CCPA/CPRA): identifiers (account email, device identifiers); customer records (username, avatar, bio); commercial information (subscription status); internet/network activity (in-app actions, crash logs); geolocation (only if derived from HealthKit, on a coarse, non-precise basis); sensory information (voice transcripts, photos you upload); professional or health information (HealthKit and Whoop data, food and fasting logs); inferences drawn from any of the above (longevity score, streaks, goals); and sensitive personal information (health and biometric data, account login credentials, contents of your messages and photos). We retain each category only for as long as is reasonably necessary for the purposes described in this Privacy Policy.
Sources of personal information: directly from you; from devices you use to interact with the App; from third-party services you connect (Apple HealthKit, Whoop, Sign in with Apple).
Disclosure for business purposes: we share personal information with the subprocessors listed under "Sharing & Subprocessors" in order to operate the App. We do not sell personal information for monetary value, and we do not share personal information for cross-context behavioral advertising.
## California "Do Not Sell or Share My Personal Information"
Velcrest Group LLC does not sell your personal information and does not share it for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (as amended by the California Privacy Rights Act). No opt-out is required because no such activity occurs. If our practices change in the future, this section will be updated and a "Do Not Sell or Share My Personal Information" link will be made available.
## Children's Privacy
The App is not directed to and is not intended for use by children under 13 years of age (or under 16 in jurisdictions where that is the applicable minimum age under the GDPR or local law). We do not knowingly collect personal information from children under those ages. If you believe we have inadvertently collected personal information from a child, please contact us at [contact@velcrestgroup.com](mailto:contact@velcrestgroup.com) and we will promptly delete it.
## Data Breach Notification
In the event of a confirmed personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within seventy-two (72) hours where required by GDPR, and we will notify affected users without undue delay where required by GDPR, U.S. state breach-notification laws, or other applicable law.
## Changes to This Policy
We may update this Privacy Policy from time to time. The version and "Last updated" date at the top of this document will reflect the latest revision. If we make a material change, we will notify you in the App and, where required by law, request your renewed acceptance before continued use.
## Contact Us
Velcrest Group LLC
7696 Texas 183A Toll Rd, Building 1A
Leander, TX 78641, USA
Email: [contact@velcrestgroup.com](mailto:contact@velcrestgroup.com)
For privacy or data-rights requests, please use the email above and include "Privacy Request" in the subject line.
