Legal

Privacy Policy

Effective date: March 18, 2026  ·  Last updated: June 25, 2026  ·  Questions: privacy@dailydelta.app

Daily Delta ("we," "our," or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the Daily Delta mobile application and website (collectively, the "Service"). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

1. Information We Collect

We collect information you provide directly to us, information generated through your use of the Service, and limited technical information from your device.

Account information. When you register, we collect your email address and a hashed password. You may also sign in with Google, in which case we receive your name and email address from Google. We do not store plaintext passwords. Authentication is handled through Supabase, a third-party service operating under its own security standards.

Content you submit for analysis. The Service supports three input modes:

All submitted content is transmitted to our backend service for processing. Images are stored in Supabase Storage associated with your account. Text descriptions and barcode values are recorded as part of your scan history. We do not use your images to train AI models.

Image privacy processing. After an image is uploaded, our backend automatically runs a privacy redaction pipeline on it. This pipeline uses an AI image classifier (ResNet-50 via Cloudflare Workers AI) to detect whether a person is visible in the image. If a person is detected, the image is block-pixelated across the full frame to obscure identifying features. If no person is detected, EXIF and metadata (such as GPS coordinates embedded by your camera) are stripped. A processed derivative image is stored in our infrastructure. The original image URL is also retained in your account record. Neither the original nor the derivative is used to train AI models.

AI-generated scores and analysis. The scores generated from your submissions — including planet, health, money, and delta scores, along with tips, summaries, detected item names, and (for receipts) merchant names, line items, and totals — are stored in your account so you can track your history and trends over time.

Barcode enrichment data. When you scan a barcode, we may look up the associated product in the USDA FoodData Central database (a US government food nutrition database) and optionally Open Food Facts to retrieve product name and nutritional information. These lookups use only the barcode number, not any personal information.

Submission metadata. Each scan submission records the following technical metadata alongside your content: app version, device operating system and version, timezone, source type (image, text, or barcode), file size (for images), and a SHA-256 cryptographic hash of the image file. This metadata is used to operate, debug, and audit the Service.

Commercial data consent. On first use, the app presents a one-time consent choice asking whether you agree to allow your de-identified scan data — product names, barcodes, category and nutrition data, AI-generated scores, and privacy-redacted scan images from which faces and personal information have been removed — to be used for commercial and product purposes. These purposes include improving our nutrition database and scoring models and creating, licensing, or selling aggregated, de-identified datasets to third parties. This consent is entirely optional, defaults to off, and never includes your identity, email, precise location, or any image that contains a recognizable face or personal document. Your choice is recorded with a consent version and timestamp, and you can change it at any time under Settings → Data & Privacy. We describe this data as "de-identified" rather than "anonymized" because each record is stripped of direct identifiers but may retain a pseudonymous account key internally; we do not re-link it to your identity for the commercial dataset.

Usage and analytics data. We collect app usage events — such as which screens you visit and which features you use — through Firebase Analytics (a Google service). This data is used to understand how the app is used and to improve the Service. We also collect crash and error reports through Firebase Crashlytics to help us identify and fix technical issues. We do not collect precise location data.

2. How We Use Your Information

We use the information we collect to:

We never sell or license data that identifies you personally — your name, email, account identity, precise location, or images that contain a recognizable face or personal document. We do not use your data for advertising profiling or share it with advertising networks. The commercial dataset described above is built only from de-identified, redacted data, and only for users who have affirmatively opted in. See "Sale and Licensing of De-Identified Data" and "Your California Privacy Rights" below for how to opt out at any time.

3. Sale and Licensing of De-Identified Data

If you opt in to commercial data use, we may create aggregated, de-identified datasets from your scan activity — product and category data, nutrition data, AI-generated scores and trends, and privacy-redacted images with faces and personal information removed — and we may license, sell, or otherwise transfer those datasets to third parties (for example, food and nutrition companies, researchers, or data partners). Under laws such as the California Consumer Privacy Act (CCPA/CPRA), this activity may be considered a "sale" or "sharing" of information even though the data has been de-identified.

This applies only to users who have affirmatively opted in, and only to de-identified, redacted data. We do not sell or license data tied to your identity. You may withdraw from commercial data use at any time under Settings → Data & Privacy or by emailing privacy@dailydelta.app; withdrawal stops future use but does not unwind datasets already licensed or transferred before withdrawal. See "Your Rights and Choices" for your right to opt out of sale/sharing.

4. Business Transfers

If Daily Delta is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of its assets, your information — including account data and any de-identified datasets — may be transferred to the successor or acquiring entity as part of that transaction. We will require the recipient to honor the commitments in this Privacy Policy with respect to your information, or we will provide notice and an opportunity to exercise your rights before your information becomes subject to a materially different privacy policy.

5. Third-Party Services

Daily Delta uses the following third-party services to operate. Each service operates under its own privacy policy; we encourage you to review them.

We are not responsible for the privacy practices of third-party services.

6. Data Retention

We retain your account data, scan history, scores, and submitted images for as long as your account is active. If your account is inactive for 24 consecutive months, we may delete or de-identify your submitted images and scan content. If you delete your account, we will delete your personal information and associated data — including your scan history, submitted images, and subscription records — within 30 days of your request, except where we are required to retain certain records to comply with legal obligations. Google Play retains its own billing and transaction records independently of Daily Delta. De-identified, aggregated data that no longer identifies you — including datasets already created or transferred under an opt-in — may be retained indefinitely.

Consent audit records (user_consents) that document your data-use preference choices are retained for compliance purposes even after account deletion, but contain only your user ID (not your email) and the choice you made.

If you wish to request earlier removal of your data, contact us at privacy@dailydelta.app.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information, including:

To exercise any of these rights, contact us at privacy@dailydelta.app. We will respond within 30 days. You may use an authorized agent to submit a request on your behalf.

8. Data Security

We implement industry-standard security measures to protect your information, including encrypted data transmission (TLS), hashed password storage, access-controlled cloud infrastructure, and our automated image redaction pipeline which removes EXIF metadata and obscures any persons visible in submitted images. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. Users between 13 and 18 may use the Service only with the permission of a parent or legal guardian, as described in our Terms of Service. We do not knowingly include data from users we know to be under 18 in any commercial dataset, and we do not sell or share the personal information of users under 16 without affirmative opt-in consent. If you believe we have inadvertently collected information from a child under 13, or included a minor's data in a commercial dataset, please contact us immediately at privacy@dailydelta.app and we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@dailydelta.app.

Daily Delta
Chula Vista, CA, United States
dailydelta.app