Effective Date: July 31, 2025
This Privacy Policy describes how MyFlow ("we," "us," or "our") collects, uses, and discloses your information when you use our mobile application (the "Service").
We collect several types of information to provide and improve our Service.
Information you provide to us:
User Profile Data: When you create an account, we collect your email address, age, weight, and sleep goals.
Quiz Data: We collect your answers to a 5-question wellness form (sleep, mood, energy, focus, and diet preferences).
Supplement Interaction Meta: We retain your stack selections, daily intake logs, weekly scan history, and progress scores to support personalization.
Optional Notes: You may choose to add optional notes about your habits and progress.
Information we collect with your explicit consent:
Face Scan Data: We access your device's front camera only when you consent to a face scan. This scan is used to analyze surface-level indicators such as skin hydration, facial fatigue markers (e.g., under-eye darkness), skin clarity, and signs of inflammation. We do not store raw images, biometric templates, facial geometry maps, or identity data. The data is immediately abstracted into non-identifiable numerical health scores.
Heart Rate Data: Using flashlight-based pulse detection, we collect your resting heart rate in beats-per-minute (BPM). Raw videos or images are discarded immediately, and only the numerical value is stored.
Information we collect automatically:
Usage Data: We may collect information about how you access and use the Service, including your device type, operating system, and IP address.
We use the information we collect for the following purposes:
Personalization: Your face scan, heart rate, and quiz data are used to generate personalized supplement recommendations from our curated third-party database.
Progress Tracking: Weekly re-scans and daily logs allow you to track wellness trends and adherence, and help us provide re-optimization prompts.
App Improvement: We use anonymous aggregate pattern data to inform feature refinement and improve service relevance. We never use facial data for advertising or identity inference.
Support & Compliance: Data is used to assist with account recovery, troubleshooting, or handling user data requests.
We do not share raw facial or biometric data with any third parties. Processed data may be shared in the following limited situations:
With Third-Party AI Services: Processed data (e.g., numerical health scores) may be sent to trusted third-party AI services for real-time analysis. These services are bound by data processing agreements to destroy the data upon inference completion and are prohibited from storing, retaining, or reusing it.
For Legal Reasons: We may disclose data when required by law (e.g., a court order) or to prevent fraud.
Business Transfers: As part of a merger or acquisition, your anonymized data may be transferred to a new entity.
Raw Images/Videos: We do not store raw face images or heart rate videos after processing.
Analyzed Scores: Only the abstracted wellness insight values (e.g., hydration score, clarity score) are stored, tied to your user ID. These are retained for up to 12 months for user history and progress tracking, then purged.
User Logs & Profile: Your logs and profile information are retained until you delete your account or request full deletion.
Backup Copies: Backup copies are purged no later than 30 days following the original deletion.
You have certain rights regarding your personal information. You can:
View and export your profile, quiz results, scan scores, and progress logs.
Delete specific data or request full account deletion directly from the app settings or by contacting our support team.
Revoke camera or storage permissions at any time via your device settings, which will disable the relevant app features.
We take the security of your data seriously.
All data in transit is encrypted (HTTPS/TLS).
Databases are encrypted at rest.
We follow industry-standard security practices, including regular audits and penetration testing.
MyFlow is not intended for users under 16 in the EU or under 13 in the US. If a parent believes we have collected child data without consent, please contact us immediately to have it deleted.
If you reside outside our processing jurisdiction, your anonymized wellness data is still protected under GDPR/CCPA standards. We implement EU Standard Contractual Clauses for any cross-border transfers.
We may update this Privacy Policy periodically. Significant changes will be communicated via app notifications and by updating the “Effective Date” here. Continued use of MyFlow implies acceptance of the updated terms.
If you have any questions, you can contact us at:
Email: support@myflow.app