Privacy Policy

1. Information We Collect

Personal Information

• Name
• Email address
• Date of birth
• Profile photo
• Timezone and location preferences

Health Information

• Dietary logs and food tracking
• Symptom tracking data
• Apple HealthKit data (with your explicit consent)

Usage Information

• App interaction and feature usage
• Device information
• Crash reports and diagnostic data

2. How We Use Your Information

Service Provision

• Personalized oxalate tracking and dietary management
• Health insights and pattern analysis
• Reminders and notifications
• Cross-device data synchronization

AI Processing

• File and document analysis
• Personalized insights for Elite tier subscribers
• Secure processing through our AI service providers

Service Improvement

• Feature enhancement and development
• Anonymized pattern analysis
• Bug fixing and debugging

3. Information Sharing

Limited Sharing

We may share your information only in the following circumstances:

• With your explicit consent
• Legal obligations: When required by law or legal process
• Service providers: Third parties who help us operate the app
• Anonymized research: Aggregated, de-identified data (opt-in only)

Third-Party Services

• Apple Health: HealthKit integration (with your authorization)
• Supabase: Secure database hosting and authentication
• Stripe: Payment processing (we do not store payment details)

4. Data Security

Technical Measures

• Encryption at rest: AES-256 encryption for stored data
• Encryption in transit: TLS 1.3 for all data transmission
• Security audits: Regular security assessments and testing
• Key management: Secure cryptographic key handling

Access Controls

• Multi-factor authentication (MFA) available for your account
• Role-based access controls for our team
• Regular access reviews and monitoring

5. Data Retention

Active Accounts

• Data retained while your account is active
• Health logs retained for trend analysis and insights
• Deleted items retained for 30 days before permanent removal

Inactive Accounts

• 12 months: Inactivity reminder sent
• 18 months: Account archived
• 24 months: Data permanently deleted

6. Cookies & Tracking

Essential Cookies Only

• Authentication tokens
• User preferences
• Session management

What We Don't Do

• No third-party advertising cookies
• No cross-site tracking
• No behavioral advertising

7. Children's Privacy (COPPA)

Age Requirements

• Minimum age: 13 years old
• Ages 13-17: Parental or guardian consent required
• Under 13: Not permitted to use the app

Age Verification

• Date of birth collected during signup
• Users under 13 are blocked from registration

Parental Consent Process

• Verification email sent to parent or guardian
• Consent must be confirmed before account activation

Parental Rights

• Review: Request to see your child's data
• Delete: Request deletion of your child's data
• Refuse: Decline further data collection
• Opt-out: Remove your child from the service
• Access: Obtain a copy of collected data

Enhanced Privacy for Minors

• Additional privacy protections for users under 18
• No targeted advertising for users under 18

8. International Data Transfers

• Primary servers: Located in the United States
• EU user data: Stored in EU regions where applicable
• Transfer safeguards: Standard Contractual Clauses (SCCs) for international transfers

9. California Privacy Rights (CCPA/CPRA)

Your Rights Under California Law

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate information
• Right to Opt-Out: Opt-out of sale or sharing of personal information
• Right to Limit: Limit use of sensitive personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices

Categories of Information Collected

• Identifiers: Name, email, device identifiers
• Commercial Information: Subscription and purchase history
• Health Information: Dietary logs, symptom data
• Internet Activity: App usage and interaction data
• Geolocation: Timezone and location preferences
• Inferences: Health patterns and dietary insights
• Sensitive Personal Information: Health data (with consent)

How to Exercise Your Rights

• Email: privacy@bflux.co
• Subject line: "CCPA Request"
• Response time: 45 days

10. European Privacy Rights (GDPR)

Legal Basis for Processing

• Consent: For health data and optional features
• Contract: To provide the services you've requested
• Legitimate Interests: For security, fraud prevention, and service improvement

Additional Rights for EU/EEA Users

• Right to Lodge a Complaint: With your local data protection authority
• Right to Withdraw Consent: At any time, without affecting prior processing
• Right to Transparency: Clear information about data processing

11. Your Data Rights

Rights Available to All Users

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a portable format
• Object: Object to certain types of processing
• Restrict: Limit how we process your data

How to Exercise Your Rights

• Support Portal: bflux.co/support/low-ox-life/
• Response Time: Within 30 days

Contact Us