Privacy Policy

Daily Delta ("we," "our," or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the Daily Delta mobile application and website (collectively, the "Service"). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

1. Information We Collect

We collect information you provide directly to us, information generated through your use of the Service, and limited technical information from your device.

Account information. When you register, we collect your email address and a hashed password. You may also sign in with Google, in which case we receive your name and email address from Google. We do not store plaintext passwords. Authentication is handled through Supabase, a third-party service operating under its own security standards.

Content you submit for analysis. The Service supports three input modes:

• Photos — images of meals, grocery items, packaged food, or receipts taken from your camera or photo library
• Text descriptions — typed descriptions of a food item or purchase you want scored
• Barcode scans — UPC/EAN barcodes scanned from product packaging; the numeric barcode value (not an image) is captured and used to look up product data

All submitted content is transmitted to our backend service for processing. Images are stored in Supabase Storage associated with your account. Text descriptions and barcode values are recorded as part of your scan history. We do not use your images to train AI models.

Image privacy processing. After an image is uploaded, our backend automatically runs a privacy redaction pipeline on it. This pipeline uses an AI image classifier (ResNet-50 via Cloudflare Workers AI) to detect whether a person is visible in the image. If a person is detected, the image is block-pixelated across the full frame to obscure identifying features. If no person is detected, EXIF and metadata (such as GPS coordinates embedded by your camera) are stripped. A processed derivative image is stored in our infrastructure. The original image URL is also retained in your account record. Neither the original nor the derivative is used to train AI models.

AI-generated scores and analysis. The scores generated from your submissions — including planet, health, money, and delta scores, along with tips, summaries, detected item names, and (for receipts) merchant names, line items, and totals — are stored in your account so you can track your history and trends over time.

Barcode enrichment data. When you scan a barcode, we may look up the associated product in the USDA FoodData Central database (a US government food nutrition database) and optionally Open Food Facts to retrieve product name and nutritional information. These lookups use only the barcode number, not any personal information.

Submission metadata. Each scan submission records the following technical metadata alongside your content: app version, device operating system and version, timezone, source type (image, text, or barcode), file size (for images), and a SHA-256 cryptographic hash of the image file. This metadata is used to operate, debug, and audit the Service.

Commercial data consent. On first use, the app presents a one-time consent modal asking whether you agree to allow anonymized scan data (product names, barcodes, and category data — never your identity, email, or images containing faces) to be used to improve our nutrition database and scoring models. Your choice is recorded with a version number and timestamp. You can change this preference at any time under Settings → Data & Privacy.

Usage and analytics data. We collect app usage events — such as which screens you visit and which features you use — through Firebase Analytics (a Google service). This data is used to understand how the app is used and to improve the Service. We also collect crash and error reports through Firebase Crashlytics to help us identify and fix technical issues. We do not collect precise location data.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process submitted images, text descriptions, and barcodes and return AI-generated scores
• Apply our privacy redaction pipeline to images you upload
• Enrich barcode scans with product nutrition data from USDA FoodData Central
• Generate your weekly AI-written digest summarizing your recent scan patterns (Pro tier)
• Track your usage history and trends within your account
• Manage your account, subscription status, and daily scan limits
• Send transactional emails such as account verification and password reset
• Monitor app performance and diagnose crashes using Firebase services
• Respond to support requests and feedback
• Comply with applicable legal obligations
• If you have opted in: use anonymized scan data (product names, barcodes, category data) to improve our scoring models and nutrition database

We do not sell your personal information. We do not use your data for advertising profiling or share it with advertising networks.

3. Third-Party Services

Daily Delta uses the following third-party services to operate. Each service operates under its own privacy policy; we encourage you to review them.

• Supabase — authentication, database, and file storage (including your images and scan history)
• OpenAI — AI analysis of submitted images and text via the GPT-4.1 API family; free-tier users are analyzed with GPT-4.1 Mini, Pro-tier users with GPT-4.1
• Cloudflare Workers — backend API hosting; also runs our in-worker privacy redaction pipeline using Cloudflare Workers AI (ResNet-50)
• Firebase Analytics — app usage and event analytics (a Google service)
• Firebase Crashlytics — crash reporting and error diagnostics (a Google service)
• Google AdMob — advertising shown to free-tier users; AdMob may collect device identifiers per Google's privacy policy
• Google Play — app distribution and in-app purchase processing for Pro subscriptions; Play verifies subscription tokens server-side
• USDA FoodData Central — US government food nutrition database used for barcode product lookups (optional; only the barcode number is sent)
• Open Food Facts — open-source food product database used as a secondary fallback for barcode lookups (optional; only the barcode number is sent)

We are not responsible for the privacy practices of third-party services.

4. Data Retention

We retain your account data, scan history, scores, and submitted images for as long as your account is active. If you delete your account, we will delete your personal information and associated data, including your scan history and submitted images, within 30 days. Subscription billing records may be retained for up to 7 years for legal and tax compliance. Anonymized aggregate usage data with no personal identifiers may be retained indefinitely.

Consent audit records (user_consents) that document your data-use preference choices are retained for compliance purposes even after account deletion, but contain only your user ID (not your email) and the choice you made.

If you wish to request earlier removal of your data, contact us at [email protected].

5. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information, including:

• Access. You may request a copy of the personal data we hold about you.
• Correction. You may request correction of inaccurate or incomplete data.
• Deletion. You may request deletion of your account and all associated data at any time by using the Delete Account option in the app under Settings, or by emailing [email protected]. See our Account Deletion page for full details.
• Portability. You may request an export of your analysis history in a machine-readable format.
• Consent withdrawal. You may change your commercial data-use consent at any time in the app under Settings → Data & Privacy. Withdrawing consent does not affect data already processed under your prior consent.
• Opt-out of analytics. You may limit Firebase Analytics tracking through your device's privacy settings.
• Opt-out of ads. Free-tier users are shown ads via Google AdMob. You may limit ad tracking through your device's privacy settings.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

6. Data Security

We implement industry-standard security measures to protect your information, including encrypted data transmission (TLS), hashed password storage, access-controlled cloud infrastructure, and our automated image redaction pipeline which removes EXIF metadata and obscures any persons visible in submitted images. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at [email protected] and we will take steps to delete it.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

9. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at [email protected].

Daily Delta
Chula Vista, CA, United States
dailydelta.app