Privacy Policy

Last updated: May 9, 2026 · Effective: May 9, 2026

Short version: WellSnap AI collects only what it needs to provide personalized health guidance. We do not sell your data. Health data stays in your private account — we never share it with advertisers.

1. Who We Are

WellSnap AI ("we," "our," "us") is operated by Naga Dharma (help@wellsnapai.com). The app is available on Android as WellSnap AI — Health & Nutrition.

2. Information We Collect

Account Data

Email address or phone number used for sign-in via one-time passcode (OTP). We do not store passwords.

Health & Profile Data

Age, gender, weight, height, health conditions, dietary preferences, and fitness goals you voluntarily enter. This powers AI personalization and is stored in your private Supabase account.

Food & Activity Logs

Meal photos (processed via our backend AI), calorie logs, and nutrition data you choose to save.

Images for Analysis

Photos you upload for food analysis, lab reports, skin/wound assessment, plant health, pet health, or baby health. Images are sent to our AI provider (Anthropic Claude or Google Gemini) over an encrypted connection and are not stored after analysis.

Voice Recordings

Audio recordings when you use the microphone in the Health AI assistant. Audio is uploaded for transcription and deleted from our servers within 24 hours.

Baby Profile Data

If you use the Baby tab: baby name, birth date, weight, feed/diaper logs, and photos. Activity logs are auto-purged after 28 days. Photos persist until you delete them.

Usage Data

App version, platform, crash reports, and feature usage (via Sentry error monitoring). No personally identifiable health information is included in crash reports.

Push Token

Expo push token to deliver meal reminders and health tips. You can disable notifications in device Settings at any time.

3. SMS & Phone Number Use

WellSnap AI uses your phone number solely for account authentication via one-time passcodes (OTP). We do not send marketing or promotional text messages.

You enter your phone number on the sign-in screen to request an OTP
We send a single 6-digit code via SMS to verify your identity
The OTP expires in 10 minutes and is never reused
Message frequency: 1 message per sign-in attempt
Opt-out: Reply STOP to any message. Reply HELP for assistance.
Message and data rates may apply

SMS messages are sent via Twilio from toll-free number +18667532338. Twilio's privacy policy: twilio.com/legal/privacy

4. How We Use Your Data

Provide personalized AI nutrition and health guidance
Analyze food, lab reports, skin conditions, and plant/pet health via AI
Authenticate your identity via OTP (email or SMS)
Send optional meal reminders and wellness tips (with your consent)
Maintain your subscription and billing via RevenueCat
Respond to support tickets you submit in-app
Monitor app stability and fix crashes

We do not use your data for advertising, sell it to third parties, or share it with data brokers.

5. Third-Party Services

We work with the following third-party services. Each processes only the data necessary for its function.

Cloud Database Provider — Stores your account, profile, and meal logs securely with row-level access controls so only you can read your own data.

Anthropic (Claude AI) — Processes images and text for health analysis. Data is not retained by Anthropic after processing. Privacy Policy →

Google AI — Fallback AI provider for nutrition and health analysis. Data is not retained by Google after processing. Privacy Policy →

Twilio — Delivers SMS one-time passcodes for authentication. Privacy Policy →

RevenueCat — Manages in-app subscriptions and purchase receipts. Privacy Policy →

Error Monitoring Service — Receives anonymized crash reports. All personally identifiable information is stripped before transmission.

Push Notification Service — Delivers optional reminders to your device. No health data is included in notifications.

Cloud Hosting & Caching — Our API server and short-term response cache (24h–7 days). No persistent user data is stored in the cache.

Railway — API server hosting (no persistent data storage). Privacy Policy →

Upstash Redis — Rate limiting and short-term AI response caching (24h–7 days). Privacy Policy →

6. Data Retention

Your profile and meal logs are retained as long as your account is active. You can delete your account and all associated data at any time from Profile → Settings → Delete Account. We delete data within 30 days of account deletion.

Voice recordings: deleted within 24 hours of transcription
Baby activity logs: auto-purged after 28 days
AI response cache (Redis): 24 hours (food) / 7 days (lab, pet, plant, skin)
Crash reports (Sentry): 90 days
Subscription receipts: 7 years (legal/accounting)

7. Children's Privacy

WellSnap AI is intended for users 13 years of age and older. The Baby tab is designed for parents or legal guardians to track their own child. We do not knowingly collect personal information directly from children under 13. If you believe a child has provided us data, contact us at help@wellsnapai.com and we will delete it promptly.

8. Health Data Disclaimer

WellSnap AI provides general wellness guidance powered by AI and is not a substitute for professional medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional for medical decisions. AI analysis features (lab reports, skin assessment, etc.) are for informational purposes only and do not establish a doctor–patient relationship.

9. Your Rights

Depending on your location, you may have rights to:

Access the personal data we hold about you
Correct inaccurate data (most fields are editable in Profile settings)
Delete your data — Profile → Sign Out → Delete Account
Export your data in a portable format (email request)
Opt out of push notifications in device Settings
Opt out of SMS by replying STOP to any message

To exercise any right, email help@wellsnapai.com. We respond within 30 days.

10. Security

All network traffic uses TLS 1.2+. Auth tokens are stored in your device's secure keystore (iOS Keychain / Android Keystore). API keys are stored server-side only. We use Sentry with PII redaction before any error data leaves the device.

11. International Transfers

If you are outside the United States, your data may be processed in the US and other countries where our service providers operate. For EEA/UK users, we rely on Standard Contractual Clauses with our processors.

12. Changes to This Policy

We may update this Privacy Policy. When we do, we will update the "Last updated" date above and notify you via in-app notification for material changes.

13. Contact

For privacy questions, data requests, or SMS opt-out assistance:
help@wellsnapai.com
WellSnap AI — wellsnapai.com