Privacy Policy
Last Updated: June 9, 2026
1. Introduction
GlycoLens (“we,” “our,” or “us”) respects your privacy and is dedicated to protecting your personal data. This Privacy Policy details our data practices across our pre-launch landing infrastructure and our mobile application, specifically highlighting how we handle user-submitted nutritional and profile configurations.
2. Data Collection Framework
We segment our data collection across two distinct operational phases:
A. Pre-Launch Phase
We collect only your voluntarily submitted email address, subscription interest signals, signup timestamps, and explicit marketing/update consent records. No persistent tracking cookies or advertising pixels are deployed.
B. Post-Launch Application Phase
To deliver personalized nutritional insights, the application processes:
- Account Data: Name, email address, and authentication tokens.
- Asset & Scan Logs: Captured food labels, product barcode identifiers, and historical logs.
- User-Selected Educational Profile Configurations: Optional, self-selected health contextual markers (such as metabolic interest group or baseline reference values) used exclusively to filter and scale food-composition impact formulas.
3. Sensitive Data Handling & Strict Commercial Restrictions
We treat your self-configured profile attributes and food history logs with the highest standards of confidentiality.
- Encryption: All user-configured markers and meal history data are encrypted in transit via Transport Layer Security (TLS) and encrypted at rest using industry-standard database encryption configurations.
- Commercial Zero-Sharing Guarantee: We do not sell, rent, or lease your profile attributes, food choices, or history logs to insurance providers, third-party advertising networks, data brokers, or health industry aggregators.
4. Third-Party Infrastructure Processors
We partner with core infrastructure providers to deliver our services. These processors are contractually bound to protect your data and are prohibited from using it for independent purposes:
- Clerk: Manages user authentication, token-based security, and active session boundaries.
- Supabase (PostgreSQL): Provides secure, isolated database architecture and encrypted storage for user-generated food logs.
- Google Cloud / Gemini API: Powers the fallback camera-based text and label recognition. Images sent to this processing pipeline are used strictly for immediate structural analysis and are not retained to train public or foundational machine learning models.
5. Children’s Privacy & Household Profiles
The application offers family profile aggregation options. Profiles designated for minors (under 13 in the U.S., or local age of consent under GDPR/POPIA) must be explicitly created, configured, and managed by a verified adult account holder (parent or legal guardian).
COPPA / GDPR / POPIA Compliance Verification:
Explicit parental verification mechanisms and guardian consent walls will be fully audited and deployed prior to opening family profile creation channels in production environments.
6. User Rights & Data Autonomy
You retain absolute control over your information. Depending on your jurisdiction (e.g., GDPR, CCPA, POPIA), you have the right to access, export, correct, or permanently delete your personal information. You can instantly wipe your data or remove yourself from our waitlist systems at any time by executing an automated request within the application interface or contacting us directly.
7. Data Retention Architectural Policy
Waitlist data is retained exclusively until our commercial launch window to facilitate invites, or until you opt out. Post-launch, account configurations and historical logs are stored only for the duration of your active account lifecycle. Deleting your account triggers an automated deletion sequence across our production databases and storage buckets.
8. Contact Information
For privacy questions, data protection inquiries, or to exercise your right to erasure, contact:
privacy@glycolensapp.com