Privacy Policy

Last updated: May 12, 2026

Short version: PeakAI collects only what we need to run the app and improve it. We do not sell your data. You can read everything we have, export it, or delete it.

Overview

PeakAI is a nutrition tracking app made by PeakAI (the operator of the PeakAI app). This Privacy Policy explains what information we collect when you use the app, why we collect it, how we use it, who we share it with, and the choices you have. If something here is unclear, email us at support@peakai.app and we will explain in plain words.

Information We Collect

Account information

• Email address (required to sign in)
• Display name (if you set one)
• Authentication identifier from Apple, Google, or email sign-in

Health and nutrition preferences

• Your goal (such as eat cleaner, build muscle, manage energy)
• Diet preferences (vegan, keto, halal, kosher, gluten free, and so on)
• Allergies and ingredients you avoid
• Body stats you choose to enter (height, weight, age, sex assigned at birth) used to calculate your personal Truth Score
• Food logs you create (scans, meals, supplements)

App usage and diagnostics

• Anonymous analytics events such as which screens you open and which features you use, without your name attached
• Crash reports if the app fails, with health and personal data scrubbed before it leaves your device
• Device type, operating system version, and app version

Voice, camera, and photos

• When you talk to JARVIS, your voice is processed to transcribe what you said and produce an answer. The audio itself is not stored after the answer is delivered, unless you ask the app to save it.
• When you point the camera at a barcode, label, menu, or meal, the image is processed to identify the product or food. Images are not stored after processing unless you save a meal to your food log.
• If you upload a photo from your library, the same rules apply.

Feedback submissions

• The message you write
• An optional contact email if you provide one
• Optional diagnostics you choose to include with a support request
• Anti-abuse metadata such as submission timing and spam signals

How We Use Information

• To run the app and the features you use
• To calculate your personal Truth Score based on your goal, diet, and allergies
• To respond to your support and feedback requests
• To monitor abuse, spam, and reliability issues
• To improve product quality and fix bugs
• To comply with legal obligations

What We Do Not Do

• We do not sell your personal information. See Do Not Sell or Share My Personal Information for the full declaration.
• We do not share your personal information for cross-context behavioral advertising.
• We do not use your voice, photos, or food logs to train third-party AI models without your consent.
• We do not give medical advice. PeakAI is a nutrition information tool. Always consult a qualified healthcare professional for medical decisions.
• We do not store your payment card. Apple and Google handle subscription billing.

Third-Party Services We Use

We use a small number of trusted services to operate the app. Each is named below with what it does for us.

• Supabase: account authentication, database storage, and backend functions. Your data lives on Supabase infrastructure.
• Apple App Store and Google Play: payment processing, subscription management, and refunds. We never see your payment card.
• RevenueCat: subscription state and entitlement checks. Receives a user identifier and subscription status, no payment data.
• PostHog: anonymous product analytics events. Configured with no personal identifiers and no advertising integration.
• Sentry: crash reporting. Breadcrumbs are scrubbed of health and personal data before leaving your device.
• Anthropic and OpenAI: language model providers used by our backend to power JARVIS. We use enterprise tiers configured so your data is not used to train their models.
• ElevenLabs: voice synthesis for JARVIS responses when voice is enabled. Receives the response text, not your account email.
• NIH Dietary Supplement Label Database: the public reference dataset for supplement labels. We send a product identifier and receive label data. No personal information is sent.
• USDA FoodData Central and Open Food Facts: public food databases. We send a barcode or food name and receive nutrition facts.

Your Rights

Everyone

• Right to know what we collect
• Right to access and export your data
• Right to correct inaccurate data
• Right to delete your account and data
• Right to withdraw consent for optional processing

EU and UK residents (GDPR and UK GDPR)

• Right of access (Article 15)
• Right to rectification (Article 16)
• Right to erasure (Article 17)
• Right to restrict processing (Article 18)
• Right to data portability (Article 20)
• Right to object (Article 21)
• Right to lodge a complaint with a supervisory authority

California residents (CCPA and CPRA)

• Right to know what categories of personal information we collect
• Right to delete your personal information
• Right to correct inaccurate personal information
• Right to limit the use of sensitive personal information
• Right to opt out of the sale or sharing of personal information. We do not sell or share your personal information for cross-context behavioral advertising. See Do Not Sell or Share My Personal Information.
• Right not to be discriminated against for exercising your rights

How to Exercise Your Rights

Email support@peakai.app from the email tied to your PeakAI account. Include what you would like us to do (access, export, correct, delete, opt out). We respond within 30 days, with a possible 30-day extension if the request is complex. For California requests under CCPA and CPRA, we respond within 45 days, with a possible 45-day extension. We may need to verify your identity before acting.

Data Retention

• Account data: kept while your account is active, then deleted within 90 days after account deletion, with limited records kept longer only where law requires.
• Food logs and scans: kept while your account is active. Deleted with your account.
• Feedback and diagnostics: kept for 18 months and then deleted.
• Anonymous analytics events: kept for 13 months, the default retention window in our analytics provider.
• Crash reports: kept for 90 days, then deleted.
• Anti-abuse metadata: kept up to 24 months to protect the service.

Children's Privacy

PeakAI is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided information to us, contact support@peakai.app and we will delete it. In the EU, the threshold is 16. In South Korea, the threshold is 14. Below the local threshold, parent or guardian consent is required.

International Transfers

PeakAI is operated from the United States, and your data is processed there. If you are in the European Economic Area, the United Kingdom, or another region with cross-border transfer restrictions, we rely on Standard Contractual Clauses or equivalent safeguards approved by your local authority. Email us if you want a copy of the safeguards in place.

Security

• All data is transmitted over HTTPS with modern TLS
• Account data is stored encrypted at rest on Supabase infrastructure
• Sensitive credentials use zero-knowledge handling, never logged in plaintext
• Sentry breadcrumbs are scrubbed of health and personal data before they leave your device
• We follow the principle of least privilege internally, and we keep audit logs of access

Changes to This Policy

We will update this page when our practices change. Material changes will be communicated by an in-app notice and an email to active accounts. The Last updated date at the top of this page reflects the most recent revision.

Contact

Privacy questions, requests, and complaints can be sent to support@peakai.app. We try to answer every request within two business days.