Quick Summary
- We process your uploaded food photos to estimate nutrition and store results when you’re signed in.
- We do not “sell” or “share” your personal information as those terms are defined under California law (CCPA/CPRA).
- We use trusted service providers (e.g., Supabase for auth/DB, Wasabi for storage, OpenAI for AI inference) under contracts that limit their use of your information to providing services to us.
- You can delete individual meals from their page. To delete your account and associated data, email contact@photoprotein.com.
Information We Collect
Account & Authentication
If you sign in with Google (via Supabase Auth), we receive your email. We set a short-lived, HttpOnly session cookie (sb_access_token) so server-rendered pages (e.g., /profile) recognize you.
Uploads & Nutrition Results
When signed in, the Service stores: a thumbnail of your meal photo (in Wasabi S3), nutrition items and totals derived from the photo, a short meal title, timestamps, and (for abuse prevention) IP address at upload. Anonymous uploads are processed ephemerally and not persisted.
Device/Usage
We collect basic technical data needed to operate the Service (e.g., request logs, rate-limit counters keyed to your account or IP). The site also uses local storage for simple UI preferences (e.g., last selected tab/range).
Support
If you contact us, we collect the information you provide in your message.
How We Use Information
- To operate, secure, and improve the Service (including image moderation and quality checks).
- To display your meals and stats when you are signed in.
- To enforce rate limits and prevent abuse.
- To comply with law and respond to lawful requests.
- To analyze aggregated or de-identified usage to improve features. We do not attempt to re-identify de-identified data.
No “Sale” or “Sharing” of Personal Information
We do not sell or share your personal information as those terms are defined by the CCPA/CPRA (including no cross-context behavioral advertising). We also honor the Global Privacy Control (GPC) signal. If our practices change, we will update this Policy and provide legally required notices and choices.
Service Providers & Processing
We use third parties that process information on our behalf and under our instructions:
- Supabase (authentication, database, role-level security).
- Wasabi (S3-compatible storage for thumbnails via presigned URLs).
- OpenAI (AI vision/text inference and moderation to estimate nutrition and screen images).
These providers are contractually restricted from using personal information for their own independent purposes.
Cookies & Local Storage
sb_access_token(cookie): short-lived session token (typically ~8 hours) to authenticate server-rendered pages.- Local storage keys such as
pp:lastTab,pp.statsRange,pp.detailedChartto remember UI preferences.
We do not use tracking cookies for targeted advertising.
Retention & Deletion
- Anonymous uploads: processed ephemerally and not persisted.
- Signed-in uploads: retained until you delete them (you can delete an individual meal from its page).
- Account deletion: email contact@photoprotein.com to request deletion of your account and associated data.
- Logs/rate-limit records: retained for a reasonable period to secure the Service and comply with law, then deleted or anonymized.
Your Privacy Rights
Depending on your location, you may have rights to access, correct, delete, or obtain a copy of your information, and to object or restrict certain processing. We honor CCPA/CPRA rights for California residents (including the right to know and delete). To exercise a right, email contact@photoprotein.com. We may need to verify your identity and, if applicable, your authority as an agent.
Security & International Transfers
We use reasonable technical and organizational measures to protect information (e.g., access controls, presigned media URLs, and role-based database policies). No method of transmission or storage is 100% secure. Our service providers may store or process information in the United States or other countries. By using the Service, you understand your information may be transferred to and processed in the United States.
Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13.
Changes & Contact
We may update this Privacy Policy from time to time. We will post the updated version and change the “Effective date” above. If changes are material, we will take additional steps as required by law.
For questions or requests, contact: contact@photoprotein.com
Legal entity: AI DESIGN EXPERTS LLC (a New York state LLC)