Privacy Policy
Daily Delta ("we," "our," or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the Daily Delta mobile application and website (collectively, the "Service"). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.
1. Information We Collect
We collect information you provide directly to us, information generated through your use of the Service, and limited technical information from your device.
Account information. When you register, we collect your email address and a hashed password. You may also sign in with Google, in which case we receive your name and email address from Google. We do not store plaintext passwords. Authentication is handled through Supabase, a third-party service operating under its own security standards.
Content you submit for analysis. The Service supports three input modes:
- Photos — images of meals, grocery items, packaged food, or receipts taken from your camera or photo library
- Text descriptions — typed descriptions of a food item or purchase you want scored
- Barcode scans — UPC/EAN barcodes scanned from product packaging; the numeric barcode value (not an image) is captured and used to look up product data
All submitted content is transmitted to our backend service for processing. Images are stored in Supabase Storage associated with your account. Text descriptions and barcode values are recorded as part of your scan history. We do not use your images to train AI models.
Image privacy processing. After an image is uploaded, our backend automatically runs a privacy redaction pipeline on it. This pipeline uses an AI image classifier (ResNet-50 via Cloudflare Workers AI) to detect whether a person is visible in the image. If a person is detected, the image is block-pixelated across the full frame to obscure identifying features. If no person is detected, EXIF and metadata (such as GPS coordinates embedded by your camera) are stripped. A processed derivative image is stored in our infrastructure. The original image URL is also retained in your account record. Neither the original nor the derivative is used to train AI models.
AI-generated scores and analysis. The scores generated from your submissions — including planet, health, money, and delta scores, along with tips, summaries, detected item names, and (for receipts) merchant names, line items, and totals — are stored in your account so you can track your history and trends over time.
Barcode enrichment data. When you scan a barcode, we may look up the associated product in the USDA FoodData Central database (a US government food nutrition database) and optionally Open Food Facts to retrieve product name and nutritional information. These lookups use only the barcode number, not any personal information.
Submission metadata. Each scan submission records the following technical metadata alongside your content: app version, device operating system and version, timezone, source type (image, text, or barcode), file size (for images), and a SHA-256 cryptographic hash of the image file. This metadata is used to operate, debug, and audit the Service.
Commercial data consent. On first use, the app presents a one-time consent choice asking whether you agree to allow your de-identified scan data — product names, barcodes, category and nutrition data, AI-generated scores, and privacy-redacted scan images from which faces and personal information have been removed — to be used for commercial and product purposes. These purposes include improving our nutrition database and scoring models and creating, licensing, or selling aggregated, de-identified datasets to third parties. This consent is entirely optional, defaults to off, and never includes your identity, email, precise location, or any image that contains a recognizable face or personal document. Your choice is recorded with a consent version and timestamp, and you can change it at any time under Settings → Data & Privacy. We describe this data as "de-identified" rather than "anonymized" because each record is stripped of direct identifiers but may retain a pseudonymous account key internally; we do not re-link it to your identity for the commercial dataset.
Usage and analytics data. We collect app usage events — such as which screens you visit and which features you use — through Firebase Analytics (a Google service). This data is used to understand how the app is used and to improve the Service. We also collect crash and error reports through Firebase Crashlytics to help us identify and fix technical issues. We do not collect precise location data.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Process submitted images, text descriptions, and barcodes and return AI-generated scores
- Apply our privacy redaction pipeline to images you upload
- Enrich barcode scans with product nutrition data from USDA FoodData Central
- Generate your weekly AI-written digest summarizing your recent scan patterns (Pro tier)
- Track your usage history and trends within your account
- Manage your account, subscription status, and daily scan limits
- Send transactional emails such as account verification and password reset
- Monitor app performance and diagnose crashes using Firebase services
- Respond to support requests and feedback
- Comply with applicable legal obligations
- If, and only if, you have opted in to commercial data use: process de-identified scan data — including product names, barcodes, category and nutrition data, AI-generated scores, and privacy-redacted scan images from which faces and personal information have been removed — for commercial and product purposes, including improving our nutrition database and scoring models and creating, licensing, selling, or otherwise transferring aggregated, de-identified datasets to third parties
We never sell or license data that identifies you personally — your name, email, account identity, precise location, or images that contain a recognizable face or personal document. We do not use your data for advertising profiling or share it with advertising networks. The commercial dataset described above is built only from de-identified, redacted data, and only for users who have affirmatively opted in. See "Sale and Licensing of De-Identified Data" and "Your California Privacy Rights" below for how to opt out at any time.
3. Sale and Licensing of De-Identified Data
If you opt in to commercial data use, we may create aggregated, de-identified datasets from your scan activity — product and category data, nutrition data, AI-generated scores and trends, and privacy-redacted images with faces and personal information removed — and we may license, sell, or otherwise transfer those datasets to third parties (for example, food and nutrition companies, researchers, or data partners). Under laws such as the California Consumer Privacy Act (CCPA/CPRA), this activity may be considered a "sale" or "sharing" of information even though the data has been de-identified.
This applies only to users who have affirmatively opted in, and only to de-identified, redacted data. We do not sell or license data tied to your identity. You may withdraw from commercial data use at any time under Settings → Data & Privacy or by emailing privacy@dailydelta.app; withdrawal stops future use but does not unwind datasets already licensed or transferred before withdrawal. See "Your Rights and Choices" for your right to opt out of sale/sharing.
4. Business Transfers
If Daily Delta is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of its assets, your information — including account data and any de-identified datasets — may be transferred to the successor or acquiring entity as part of that transaction. We will require the recipient to honor the commitments in this Privacy Policy with respect to your information, or we will provide notice and an opportunity to exercise your rights before your information becomes subject to a materially different privacy policy.
5. Third-Party Services
Daily Delta uses the following third-party services to operate. Each service operates under its own privacy policy; we encourage you to review them.
- Supabase — authentication, database, and file storage (including your images and scan history)
- OpenAI — AI analysis of submitted images and text via the GPT-4.1 API family; free-tier users are analyzed with GPT-4.1 Mini, Pro-tier users with GPT-4.1
- Cloudflare Workers — backend API hosting; also runs our in-worker privacy redaction pipeline using Cloudflare Workers AI (ResNet-50)
- Firebase Analytics — app usage and event analytics (a Google service)
- Firebase Crashlytics — crash reporting and error diagnostics (a Google service)
- Google AdMob — advertising shown to free-tier users; AdMob may collect device identifiers per Google's privacy policy
- Google Play — app distribution and in-app purchase processing for Pro subscriptions; Play verifies subscription tokens server-side
- USDA FoodData Central — US government food nutrition database used for barcode product lookups (optional; only the barcode number is sent)
- Open Food Facts — open-source food product database used as a secondary fallback for barcode lookups (optional; only the barcode number is sent)
We are not responsible for the privacy practices of third-party services.
6. Data Retention
We retain your account data, scan history, scores, and submitted images for as long as your account is active. If your account is inactive for 24 consecutive months, we may delete or de-identify your submitted images and scan content. If you delete your account, we will delete your personal information and associated data — including your scan history, submitted images, and subscription records — within 30 days of your request, except where we are required to retain certain records to comply with legal obligations. Google Play retains its own billing and transaction records independently of Daily Delta. De-identified, aggregated data that no longer identifies you — including datasets already created or transferred under an opt-in — may be retained indefinitely.
Consent audit records (user_consents) that document your data-use preference choices are retained for compliance purposes even after account deletion, but contain only your user ID (not your email) and the choice you made.
If you wish to request earlier removal of your data, contact us at privacy@dailydelta.app.
7. Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information, including:
- Access. You may request a copy of the personal data we hold about you.
- Correction. You may request correction of inaccurate or incomplete data.
- Deletion. You may request deletion of your account and all associated data at any time by using the Delete Account option in the app under Settings, or by emailing privacy@dailydelta.app. See our Account Deletion page for full details.
- Portability. You may request an export of your analysis history in a machine-readable format.
- Opt out of sale or sharing ("Do Not Sell or Share My Personal Information"). Commercial data use is off by default and happens only if you opt in. You may opt out at any time — and withdraw a prior opt-in — in the app under Settings → Data & Privacy, or by emailing privacy@dailydelta.app with the subject "Do Not Sell or Share." We do not knowingly sell or share the personal information of consumers under 16 years of age without opt-in consent.
- Consent withdrawal. You may change your commercial data-use consent at any time in the app under Settings → Data & Privacy. Withdrawing consent stops future commercial use but does not unwind de-identified datasets already created, licensed, or transferred under your prior consent.
- Non-discrimination. We will not deny you the Service, charge you a different price, or provide a different level of quality because you exercised any of these rights.
- Opt-out of analytics. You may limit Firebase Analytics tracking through your device's privacy settings.
- Opt-out of ads. Free-tier users are shown ads via Google AdMob. You may limit ad tracking through your device's privacy settings.
To exercise any of these rights, contact us at privacy@dailydelta.app. We will respond within 30 days. You may use an authorized agent to submit a request on your behalf.
8. Data Security
We implement industry-standard security measures to protect your information, including encrypted data transmission (TLS), hashed password storage, access-controlled cloud infrastructure, and our automated image redaction pipeline which removes EXIF metadata and obscures any persons visible in submitted images. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
9. Children's Privacy
The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. Users between 13 and 18 may use the Service only with the permission of a parent or legal guardian, as described in our Terms of Service. We do not knowingly include data from users we know to be under 18 in any commercial dataset, and we do not sell or share the personal information of users under 16 without affirmative opt-in consent. If you believe we have inadvertently collected information from a child under 13, or included a minor's data in a commercial dataset, please contact us immediately at privacy@dailydelta.app and we will take steps to delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@dailydelta.app.
Daily Delta
Chula Vista, CA, United States
dailydelta.app