← Sarika

Privacy Policy

Last updated: [DATE] · Effective: [DATE]

Sarika is built around a simple idea: your food, weight, and health information belongs to you. This policy explains what we collect, why, and how to get rid of it.

1. Who We Are

Sarika is operated by AIM Wellness LLC, based in Palm Harbor, Florida. Reach us at privacy@getsarika.com.

2. What We Collect

[PLACEHOLDER — Be explicit:]

  • Account info: email address, name (if you share it), authentication tokens from Apple or Google.
  • Profile info you choose to share: height, weight, date of birth, sex (or "prefer not to say"), activity level, dietary pattern, cuisine preference, allergies, intolerances, self-reported health conditions, goals.
  • Food logs: descriptions you type or speak, photos you upload, structured nutrition breakdowns Sarika generates.
  • Water and weight logs (only if you choose to log them).
  • App settings and preferences.
  • Usage data: which screens you visit, which features you use, approximate session durations — collected via PostHog. We do NOT record what you ate, your weight, or your health conditions in analytics.
  • Crash and error data: via Sentry. We strip personally identifiable fields from error reports.
  • Device info: iOS version, device model, app version (for support).

3. How Your Food Data Is Processed by AI

When you log a meal, Sarika sends your description and/or photo to third-party AI services to identify foods and estimate portions. Specifically:

  • Google (Gemini API): processes food photos for identification.
  • OpenAI (GPT-4o-mini API): parses text and voice descriptions into structured nutrition components.
  • USDA FoodData Central: provides the underlying nutrition numbers. This is a US government database; requests are anonymous.

We do not share your name, email, weight, or health conditions with these AI services. Only the specific food description or photo you're logging is sent. Both Google and OpenAI have committed contractually not to use API data to train their models.

4. Why We Collect It

[PLACEHOLDER — Lawful basis:]

  • To provide the service (contract fulfillment).
  • To improve the app (legitimate interest, aggregated and de-identified analytics only).
  • To process payments (handled exclusively by Apple; we don't see your card).
  • To prevent fraud and abuse.
  • To comply with legal obligations.

5. Who We Share It With

We do not sell your data. Ever. We share only what's necessary with:

  • Supabase — our database and authentication infrastructure.
  • Google Gemini / OpenAI — food identification and parsing (see Section 3).
  • USDA FoodData Central — nutrition lookups (anonymous).
  • Apple — subscription payments and authentication.
  • Google OAuth — authentication (only if you sign in with Google).
  • Sentry — error monitoring (PII scrubbed).
  • PostHog — product analytics (content scrubbed).
  • Canny — feedback board (only data you post there).
  • Legal authorities — if required by valid legal process.

6. How Long We Keep It

[PLACEHOLDER — Retention:]

  • Account data and logs: as long as your account is active.
  • After you delete your account: data removed within 30 days from primary systems, 90 days from backups.
  • Anonymous, aggregated analytics: retained indefinitely.
  • Legal/tax records: retained as required by law.

7. Your Rights

Depending on where you live, you have the right to:

  • Access the data we have about you.
  • Correct inaccurate data.
  • Delete your account and data (in-app Settings → Delete Account, or email us).
  • Export your data in a portable format.
  • Object to processing (though this may limit the service).
  • Lodge a complaint with your data protection authority.

To exercise any of these rights: privacy@getsarika.com.

8. Security

[PLACEHOLDER — TLS in transit, encryption at rest via Supabase, Row Level Security enforced on every table, no employee routine access to user data, incident response plan, etc.]

9. International Transfers

Sarika is operated from the United States. Data may be stored and processed in the US and other countries where our service providers operate. We rely on Standard Contractual Clauses for EU data transfers.

10. Children

Sarika is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has used Sarika, contact us and we will delete the data.

11. California Residents (CCPA/CPRA)

[PLACEHOLDER — CA-specific rights: right to know, right to delete, right to opt out of sale/sharing (we don't sell), right to non-discrimination. "Do Not Sell or Share" link required if any sharing.]

12. EU/EEA/UK Residents (GDPR)

[PLACEHOLDER — Controller identity, lawful bases, specific GDPR rights, DPA contact.]

13. Changes to This Policy

If we make material changes, we'll notify you in-app and by email at least 30 days before they take effect.

14. Contact

privacy@getsarika.com
AIM Wellness LLC, Palm Harbor, Florida, USA

Developer note: Placeholder sections need real content from Termly/iubenda or an attorney before launch. The AI processing disclosure (Section 3) is the one that most templates miss — make sure whatever final document you use includes it. See docs/LEGAL-REALITY-CHECK.md.