Privacy Policy for Supplement AI Inc.
Effective Date: June 29, 20261. Introduction
Supplement AI Inc. ("Supplement AI," "we," "us," or "our") respects your privacy and is committed to protecting the personal data we collect from you. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our website and services (collectively, the "Service").
2. Information We Collect
We collect the following categories of personal data:
- Identification Information: Name and email.
- Transactional Information: Account details and purchase history.
- User Activity Information: Device information, IP addresses, usage analytics.
- Supplement and Health Data: health-adjacent information you voluntarily provide, such as current supplements, medications, conditions, goals, dietary constraints, DOB, sex, activity level, diet, Regimen Optimizer history, saved snapshots, and product interactions.
- Uploaded Images and Extracted Product Data: supplement label photos you choose to upload, and information extracted from those photos, such as brand name, product name, barcode, serving information, ingredients, amounts, and units.
Supplement AI is not a healthcare provider, health plan, healthcare clearinghouse, or business associate unless we separately agree in writing. The Service is not designed to receive medical records from covered entities, insurance records, or information you expect to be protected as HIPAA Protected Health Information. Any health-adjacent information you provide is voluntary and is used to operate educational and informational supplement decision-support features.
3. How We Use Your Data
We process your personal data to:
- Provide personalized supplement decision support, product search, Regimen Optimizer scoring, upgrade detail, history, and saved snapshots based on your account state and scientific research.
- Analyze supplement label photos you upload to identify product details, serving information, ingredients, amounts, and units.
- Generate AI-assisted summaries and explanations while maintaining service history for continuity.
- Facilitate user onboarding and dashboard functionalities.
- Conduct research search and analysis related to supplements.
- Track user interactions, progress, and feedback.
- Process transactions and manage billing.
- Improve our Service through analytics, error tracking, and internal research using pseudonymized and aggregated data.
- Analyze usage patterns, trends, and behaviors to enhance recommendations, features, and overall Service quality.
- Protect data and ensure Service security.
Your data is strictly used for educational and informational purposes. We may use de-identified, pseudonymized, or aggregated data for research, analytics, and service improvements without restriction.
4. Sharing of Data
We never sell your data. Supplement AI will not sell, rent, or share your personal data with third parties for their own commercial purposes. Your data is shared only with trusted subprocessors as necessary to deliver the Service, or as required by law.
Supplement AI engages the following subprocessors to deliver the Service:
- MongoDB: Encrypted data storage (has access to stored user data).
- Firebase: User authentication and identity management (has access to email addresses for authentication).
- OpenAI: AI-powered summaries and natural language processing (receives the limited prompt/context needed for the feature; does not receive name or email unless you explicitly include it in submitted text).
- Google: AI-powered image analysis (receives uploaded images and related context).
- PostHog: Analytics and product insights (receives pseudonymized user identifiers only; does not receive names or email addresses).
- SendGrid: Transactional email services (has access to email addresses for delivery purposes only).
- Cloudflare: CDN and security services (processes connection data).
- Vercel: Hosting, deployment, and performance monitoring (has access to application data).
- Stripe: Payment processing services (processes payment information only).
When you upload supplement label photos, we use them to analyze the product label and create or update the product and regimen information you request. We do not save the uploaded photos after analysis. We may retain and use extracted label information, such as brand names, product names, serving information, ingredient rows, amounts, and units, to operate the Service and to add or improve products in the Supplement AI product database.
These service providers process data on our behalf under contractual obligations and are prohibited from using your data for their own purposes. We implement data minimization practices to limit the information each subprocessor receives to only what is necessary for their specific function. We do not sell your personal information, and we do not use health-adjacent profile data for cross-context behavioral advertising.
5. Data Security
We use commercially reasonable technical and organizational security measures including:
- Encryption of direct identifiers: Names and email addresses are encrypted at rest using AES-256-CBC encryption.
- Encryption in transit: All data transmitted is encrypted using HTTPS/TLS protocols.
- Pseudonymization: User data is associated with unique identifiers (UIDs) in system operations.
- Regular security assessments and testing.
- Controlled user identification and access management.
- Event logging and secure systems configuration.
- Data minimization, quality assurance, and limited data retention.
Health and personal data is protected through access controls, pseudonymization, and secure database configurations. All subprocessors maintain SOC 2 and/or ISO 27001 certifications.
6. Data Transfers
Supplement AI operates primarily in the United States. Your data may be transferred internationally to our subprocessors and service providers. Where required by law, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards approved by data protection authorities for international transfers of personal data, ensuring compliance with GDPR, UK GDPR, and other applicable laws.
7. Your Data Rights
You have rights regarding your personal data, including:
- Access to your data.
- Correction or update of your data.
- Request deletion of your data, including account profile data, Regimen Optimizer history, saved snapshots, and export artifacts retained by the Service.
- Data portability: Request a copy of your personal data in a commonly used, machine-readable format, including available account, regimen, optimizer, and export records.
- Opt-out: Request that we not sell or share your personal information (note: we do not sell personal data).
- Withdraw consent at any time where applicable.
These rights are provided in accordance with applicable laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). To exercise your rights, contact us at [email protected].
8. Retention of Data
We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, provide ongoing Service functionality, or as required by applicable laws. You may request deletion of your account and associated data at any time through your account settings or by contacting us.
9. Cookies and Tracking Technologies
We use cookies, local storage, and similar technologies to enhance user experience, maintain preferences, analyze traffic, and improve Service functionality. By using our Service, you consent to our use of these technologies. Where required by law (such as in the European Union or United Kingdom), we will obtain your consent before placing non-essential cookies or similar tracking technologies on your device.
10. Compliance with Laws
We comply with all applicable data protection and privacy laws, including GDPR and CCPA. Supplement AI is classified as a "service provider" under CCPA.
11. Changes to This Privacy Policy
We may update this policy occasionally. Any changes will be posted on this page, with the "Effective Date" updated accordingly.
12. Contact Information
If you have questions or concerns about this Privacy Policy, please contact:
Adam Schorr, FounderSupplement AI Inc.
1111B S Governors Ave STE 26626
Dover, Delaware 19904
[email protected]
By using Supplement AI, you acknowledge and agree to the practices described in this Privacy Policy.