Privacy Policy

1. Information We Collect

IrisInsight is designed with a privacy-first approach. We minimize the data we collect and process.

Information You Provide

• Eye Photographs: When you use the analysis feature, you select or take photos of your eyes. These photos are sent to our AI processing service for analysis. Photos are stored locally on your device only and are never uploaded to our servers.
• Analysis Results: Text-based analysis results are stored locally on your device and backed up to your secure account in our cloud database (Supabase) for history synchronization.
• Account Information: If you sign in with Apple, we receive your Apple-provided user identifier. We do not receive or store your email address unless you choose to share it. Anonymous accounts are created automatically for users who don't sign in.

Information We Do NOT Collect

• Your name, phone number, or physical address
• Location data or GPS coordinates
• Contacts or address book information
• Browsing history or search queries
• Financial or payment information (payments are processed entirely by Apple)

Automatically Collected Information

• Anonymous Usage Data: We collect basic, anonymous analytics to understand how the App is used. This data cannot identify individual users.

2. How We Use Your Information

• AI Iris Analysis: Eye photographs are transmitted to our secure AI processing service (via Supabase Edge Functions) solely for generating your iridology analysis. Photos are processed in real-time and are not retained on our servers after analysis.
• History Sync: Analysis text is stored in your account so you can access your history across sessions. Eye photos remain local to your device.
• App Improvement: Anonymous usage analytics help us improve features and performance.

We do not sell, rent, or share your personal data with third parties for marketing or advertising. The App contains no advertising SDKs or tracking frameworks.

3. Data Storage and Security

• Local Storage: Eye photos and analysis data are stored locally on your device, protected by your device's built-in security (passcode, Face ID, Touch ID).
• Cloud Storage: Analysis text (not photos) is stored in our Supabase database hosted in the European Union (Frankfurt, Germany), protected by Row Level Security policies ensuring only you can access your data.
• Encrypted Transmission: All data transmitted between the App and our services uses industry-standard TLS/SSL encryption.
• Authentication: We use Supabase Auth with anonymous sign-in and Apple Sign In. Your authentication tokens are securely stored on your device.

4. Third-Party Services

• Supabase: We use Supabase for authentication, database, and serverless functions. Supabase processes data in accordance with their privacy policy and GDPR compliance.
• AI Processing Service: Eye photographs are processed by a third-party AI service via our secure server-side function. Our AI provider processes images in real-time and does not retain your images after analysis is complete.
• Apple: The App is distributed through the Apple App Store. Apple processes all purchases and payments. See Apple's Privacy Policy.

We do not integrate advertising networks, social media SDKs, or other third-party tracking services.

5. In-App Purchases

IrisInsight offers consumable credit packs for premium analyses. All purchases are processed entirely by Apple through the App Store. We do not collect or have access to your payment information. Credits are tracked in your secure account profile.

6. Biometric Information

Eye photographs may be considered biometric data under certain laws (such as the Illinois Biometric Information Privacy Act). We want you to understand how we handle this data:

• Eye photographs are transmitted solely for the purpose of generating your iridology analysis
• Our AI service processes images in real-time and does not retain, store, or create biometric templates from your photos
• Photos stored locally on your device are under your control and are deleted when you remove them or uninstall the App
• We do not use eye photographs for biometric identification or authentication purposes
• We do not sell, lease, or trade biometric data

7. Data Retention

• Eye Photographs: Stored locally on your device only. Retained until you delete them within the App or uninstall the App.
• Analysis Results: Cloud-stored analysis text is retained in your account until you delete individual analyses or request full account deletion.
• Account Data: Account information is retained as long as your account exists. Upon account deletion request, all associated data is permanently removed within 30 days.

8. Legal Basis for Processing (GDPR)

If you are in the European Economic Area, we process your data on the following legal bases:

• Consent: You initiate each analysis by selecting photos and tapping "Analyze." This constitutes consent to process your eye photographs.
• Contract Performance: Account management, credit tracking, and history synchronization are necessary to provide the service you requested.
• Legitimate Interest: Anonymous usage analytics help us improve the App without identifying individual users.

You may withdraw your consent at any time by ceasing to use the analysis feature. Withdrawal does not affect the lawfulness of prior processing.

9. International Data Transfers

Your analysis text is stored in the European Union (Frankfurt, Germany). However, eye photographs are transmitted to our AI processing service, which may process data in the United States. These transfers are protected by:

• Industry-standard TLS/SSL encryption during transmission
• Real-time processing with no server-side retention of images
• Our AI provider's compliance with applicable data protection frameworks

10. Children's Privacy

IrisInsight is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13, in compliance with COPPA and similar regulations. If you believe a child under 13 has used the App, please contact us.

11. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of your personal data.
• Deletion: Delete individual analyses within the App. Contact us to request complete deletion of your account and all cloud-stored data. We will respond within 30 days.
• Portability: Share your analysis results from within the App.
• Restriction: Request that we restrict processing of your personal data.
• Objection: Object to processing based on legitimate interest.
• Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of prior processing.
• Complaint: Lodge a complaint with your local data protection supervisory authority.

California Residents (CCPA/CPRA)

We do not sell or share your personal information for cross-context behavioral advertising. We do not use or disclose sensitive personal information for purposes other than providing the service. You have the right to know, delete, and opt-out. To exercise these rights, contact us at the email below.

European Residents (GDPR)

The data controller is IrisInsight. To exercise any of the rights listed above, or for any data protection inquiries, contact us at the email below.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we do, we will update the "Effective Date" above. We encourage you to review this policy periodically.

13. Contact Us

If you have questions or requests regarding this Privacy Policy, please contact us: