← Back to App

Privacy Policy

Last updated: March 25, 2026

1. Data Controller

BioTrakk is operated by FlowBoard Labs, LLC, a Delaware limited liability company. Registered Agent: Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, US.

Data Protection Officer: Karim Gaad — privacy@biotrakk.com

2. Data We Collect

Data you provide:

• Account data: Phone number, PIN (hashed with scrypt), language preference, timezone
• Health data: Food logs, supplement intake, activities, body metrics (weight, etc.), blood work results, sleep data, biomarkers
• Profile data: Age, height, weight, goals, allergies, dietary restrictions
• Media: Food photos, voice notes (processed and discarded -not stored permanently)

Data from third-party integrations:

• Wearable data: Steps, heart rate, sleep stages, exercise sessions, body composition (from Strava, Google Fit, Oura, Garmin, WHOOP, Withings)
• OAuth tokens for connected services (stored encrypted)

Data collected automatically:

• IP address (for rate limiting only -not stored)
• Usage patterns (entry counts, feature usage -for service improvement)

3. How We Use Your Data

• Provide and improve the tracking and analysis Service
• Generate AI-powered nutritional estimates and health insights
• Sync data across platforms (WhatsApp, Telegram, Web)
• Process payments (via Stripe -we never see your card details)
• Send daily summaries and insights (if enabled)

4. Data Processing (AI)

Your food descriptions, photos, and health queries are processed by third-party AI services (Anthropic Claude, Google Gemini, OpenAI Whisper) to provide nutritional analysis and insights. These services process your data per their respective privacy policies. We minimize data sent to AI services to what is necessary for the specific feature.

5. Data Storage & Security

• Data stored in Supabase (PostgreSQL) with row-level security
• PINs hashed with scrypt (salted, not reversible)
• All connections use TLS encryption
• Session tokens expire after 30 days
• Authentication rate-limited to prevent brute force

6. Data Retention

• Health entries: Retained until you delete them or your account
• Conversations: Expire after 24 hours
• Voice notes: Transcribed and immediately discarded (not stored)
• Photos: Processed for food recognition, not stored permanently unless explicitly saved

7. Your Rights (GDPR / CCPA)

You have the right to:

• Access: View all your data through the app
• Export: Download all your data as JSON (Settings > Privacy > Export)
• Delete: Permanently delete your account and all data (Settings > Privacy > Delete Account)
• Rectify: Correct your data through the app's edit features
• Restrict: Disconnect integrations at any time (Settings > Integrations)
• Object: You may stop using the Service at any time
• Portability: Export your data in a standard JSON format

8. Data Sharing

We do NOT sell your data. We share data only with:

• AI providers (Anthropic, Google, OpenAI) -for food recognition and analysis
• Stripe -for payment processing (phone number + subscription status only)
• Supabase -for data storage (our database provider)
• Twilio -for WhatsApp messaging

All providers are GDPR-compliant and process data under data processing agreements.

9. Cookies & Local Storage

The web app uses browser localStorage to store:

• Authentication token (session)
• Chat message history (last 100 messages)
• User phone number (for display)

We do not use tracking cookies or third-party analytics cookies.

10. Children

The Service is not intended for children under 16. We do not knowingly collect data from children under 16.

11. International Transfers

Data may be processed in the EU and US (via our cloud providers). All transfers comply with GDPR requirements, including standard contractual clauses where applicable.

12. Supervisory Authority

If you are located in the EU, you have the right to lodge a complaint with your local supervisory authority. For users in Spain, this is the AEPD (Agencia Española de Protección de Datos) — www.aepd.es.

13. Changes to This Policy

We will notify users of material changes via the Service. Continued use constitutes acceptance.

14. Contact

For privacy-related requests or questions, contact us at privacy@biotrakk.com.

FlowBoard Labs, LLC
Registered Agent: Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, US