Privacy Policy

Last updated: 16 June 2026

This Privacy Policy is published at https://facedebloat.app/privacy. It explains how Face Debloat ("Face Debloat," "we," "us," or "our") collects, uses, and protects your information when you use the Face Debloat mobile application (the "App"). Face Debloat is a cosmetic and wellness "face coach" app. It is not a medical service and does not provide a diagnosis. Please also read our Terms of Use & EULA at https://facedebloat.app/terms.

We have written this policy to be read, not buried. If anything here is unclear, contact us at [email protected].

1. THE SHORT VERSION

You can use most of Face Debloat without an account. Without an account, your quiz answers and Bloat Score history stay on your device, except your face scan, which is sent to our AI provider to compute your score and is stored securely by us (see 3.3).
If you choose to create an account, we store your email address and sync your quiz answers and, only if you opt in, your progress photos so you can use them across devices.
Keeping photos is optional. A scan needs a photo to estimate your score, but you choose whether to keep any photos afterward. Photos you keep are stored privately to you, are never used for advertising, and are never sold.
We never sell your personal data and we do not share it for cross-context behavioral advertising.
Subscriptions are billed by Apple and managed through our payments provider RevenueCat. We do not see or store your full card number.
You can delete your account and associated data at any time from inside the App, in Settings.
Face Debloat is for users 17 and older. It is not directed to children.

2. WHO IS RESPONSIBLE FOR YOUR DATA

The data controller is Mira Health Labs LLC, 2810 N Church St, PMB 91234, Wilmington, DE 19802, USA. For privacy questions, data requests, or to exercise your rights, contact [email protected].

3. WHAT WE COLLECT, WHY, AND THE LEGAL BASIS

We collect only what the App needs to function. The table below maps each category to its purpose and, for users in the EU/EEA and UK, the GDPR legal basis.

3.1 Account information (only if you sign in)

What: Email address; a hashed authentication identifier.
Why: To create and secure your account, sync your data across devices, restore your plan, and send essential service messages (for example, a password or magic-link email).
Legal basis: Performance of a contract (providing the account you requested).
Sign-in is optional. You are never required to create an account to use the App's core features.

3.2 Quiz answers and plan data

What: Your responses to the onboarding quiz (for example, your stated goal, lifestyle inputs, and timeframe), your generated result, and your 30-day plan progress, streaks, and check-ins.
Why: To generate your personalized result and plan, and to track your adherence and progress over time.
Where it lives: On your device by default. It is synced to our servers only if you have an account.
Legal basis: Performance of a contract; otherwise consent.

3.3 Face scans and your Bloat Score

What: The selfie you take when you scan your face, and any photos you keep to track visible change over time.
Why: To estimate your Bloat Score and let you compare your own progress inside the App.
How your scan is analyzed: When you take a scan, the photo is sent over an encrypted connection to our AI provider, OpenAI, which estimates your facial puffiness and returns a score. We then store your scan photo and its scores securely in storage that is private to us, to operate, review, and improve the service. OpenAI does not use API inputs to train its models.
Important:
Your scan photos are stored securely in storage that is private to us. You can delete your stored scans at any time (see Section 9).
We do not run facial recognition, do not use your face to identify you, do not build a biometric identity profile, do not sell your photos, and do not use them for advertising or to train AI models.
Legal basis: Your explicit consent, obtained before your first scan. You can withdraw consent and delete your photos at any time.

3.4 Subscription and purchase data

What: The subscription product you purchase, trial and renewal status, transaction identifiers, and platform receipt data. Purchases are processed by Apple through Apple's in-app purchase system and managed by our provider RevenueCat.
Why: To unlock and maintain your subscription, restore purchases, prevent fraud and abuse, and provide support.
What we do NOT receive: Your full payment card number, CVV, or bank details. Apple handles payment; we and RevenueCat receive only the subscription status and transaction metadata needed to grant access.
Legal basis: Performance of a contract; legitimate interest in preventing fraud; compliance with tax and accounting law.

3.5 Diagnostics and analytics

What: Aggregated, app-level usage and crash diagnostics (for example, screens viewed, feature usage counts, crash logs, device model, and OS version).
Why: To fix bugs, understand which features help users stick with their plan, and improve the App.
How: We minimize this data and, where feasible, collect it in a way that is not linked to your identity. We do not use third-party advertising SDKs or ad trackers.
Legal basis: Consent where required (we will ask via Apple's App Tracking Transparency prompt only if any tracking is ever introduced); otherwise legitimate interest in maintaining and improving the App.

*(Founder note: if you ship without an analytics SDK, delete or simplify this section so the policy matches the actual build. The App Privacy label must match this section exactly.)*

3.6 Support communications

What: Messages you send us and the email address you send them from.
Why: To respond to and resolve your request.
Legal basis: Legitimate interest in providing support.

4. WHAT WE DO NOT COLLECT

To be explicit, because this matters for an appearance-focused app used by young people:

We do not track your weight or calories, and the App contains no weight or calorie logging.
We do not build a biometric or facial-recognition profile from your photos.
We do not collect precise location.
We do not sell personal data, and we do not share it for cross-context behavioral advertising.
We do not require you to connect social media or import your contacts.

5. HOW WE USE YOUR DATA

We use the data above only to:

1. Generate your result and personalized plan.

2. Save your progress and keep your streak and check-ins accurate.

3. Sync across your devices and restore your subscription (account holders).

4. Process and maintain your subscription, and provide customer support.

5. Keep the App secure, prevent fraud and abuse, and fix bugs.

6. Comply with legal obligations.

We do not use your data to make automated decisions that produce legal or similarly significant effects about you. Your Face Debloat result is a cosmetic, informational estimate, not a medical determination.

6. WHO WE SHARE DATA WITH (PROCESSORS)

We share limited data with vendors who process it on our behalf, under contract, and only for the purposes above:

Apple, in-app purchase processing and App Store delivery.
RevenueCat, subscription management, entitlement, and receipt validation.
OpenAI, AI processing: your face scan is sent to estimate your Bloat Score, and your on-screen numbers power the in-app coach. Your scan photo is sent for that request only, is not used to identify you, and (per OpenAI's API terms) is not used to train OpenAI's models.
Supabase, secure cloud database, authentication, storage, and edge functions; we store your face scans (image and scores) in storage that is private to us, and for account holders we sync quiz answers and your Bloat Score numbers.
Resend, sending essential transactional account emails (for example, magic-link sign-in), only for account holders.
Sentry, crash and error diagnostics, per Section 3.5, only if diagnostics are enabled in the shipped build.

We may also disclose data if required by law, to enforce our Terms, or to protect the rights, safety, and security of our users and the public. If we are ever involved in a merger or acquisition, we will notify you and any successor will be bound by this policy.

We do not sell your personal information and have not sold or shared it for cross-context behavioral advertising in the preceding 12 months.

7. WHERE YOUR DATA IS STORED AND TRANSFERRED

Data for account holders is stored on secured cloud infrastructure that may be located outside your country, including in the United States. Where we transfer personal data out of the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses. Data for users without an account remains on their device, except your face scan, which is transmitted to our AI provider (in the United States) to compute your Bloat Score, then stored on our secured cloud infrastructure.

8. HOW LONG WE KEEP YOUR DATA

On-device data (no account): kept until you delete it or uninstall the App.
Account data: kept while your account is active. When you delete your account, we delete your synced quiz answers and photos and your account record, typically within 30 days, except where we must retain limited transaction records for legal, tax, or fraud-prevention purposes.
Backups: residual copies in encrypted backups are purged on our normal backup rotation.

9. SECURITY

We protect your data with encryption in transit (TLS) and at rest, access controls, and the principle of least privilege. Progress photos for account holders are stored in storage scoped privately to your account. No system is perfectly secure, but we work to protect your information and will notify you and regulators of a breach where the law requires.

10. YOUR RIGHTS AND CHOICES

10.1 In-app controls (everyone)

Delete Account & Data: Settings > Account > Delete Account. This permanently deletes your account and synced data.
Delete photos: remove any progress photo individually at any time.
Use without an account: keep all data local by simply not signing in.
Manage or cancel your subscription: through your Apple ID subscription settings, reachable from the App and from iOS Settings.

10.2 GDPR / UK GDPR rights (EEA & UK users)

You have the right to access, correct, delete, restrict, or object to processing of your personal data, the right to data portability, and the right to withdraw consent at any time without affecting prior processing. You may lodge a complaint with your local data protection authority.

10.3 CCPA / CPRA rights (California users)

You have the right to know what personal information we collect and how we use and disclose it, the right to delete it, the right to correct it, and the right to opt out of sale or sharing. We do not sell or share your personal information. We will not discriminate against you for exercising any right.

To exercise any right, use the in-app controls or email [email protected]. We will verify your request and respond within the time the law requires.

11. CHILDREN

Face Debloat is intended for users 17 and older and is rated accordingly on the App Store. The App presents an age gate and a compassionate reframe path for younger or developing users, but it is not designed or directed to children under 17, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact [email protected] and we will delete it.

12. CHANGES TO THIS POLICY

We may update this policy as the App evolves. We will revise the "Last updated" date and, for material changes, provide a prominent in-app notice. Continued use after an update means you accept the revised policy.

13. CONTACT

Face Debloat Privacy Team

Email: [email protected]

Postal: Mira Health Labs LLC, 2810 N Church St, PMB 91234, Wilmington, DE 19802, USA

This policy is hosted at https://facedebloat.app/privacy and is the URL referenced in App Store Connect, on the paywall, in the app's Settings, and on the website.