Privacy Policy

1. What We Collect

We collect only what's necessary to provide the service:

• Account info: Email address and hashed password
• Body stats: Height, weight, age, and gender — only if you provide them for calibration
• Scan results: Body fat %, muscle mass %, AI commentary, and confidence level

2. Your Photos

This is the part you care about most:

• Photos are processed entirely in memory — they are never saved to disk or any database
• All EXIF metadata (GPS location, camera info, timestamps) is stripped before analysis
• Photos are sent to AI providers (OpenAI or Anthropic) for analysis, then immediately discarded
• We have no ability to retrieve your photos after analysis is complete

3. How We Use Your Data

• To provide body composition analysis
• To track your scan history and remaining scans
• To improve the service (aggregated, anonymized data only)

4. Third-Party Services

We use the following third-party services:

• OpenAI / Anthropic: AI analysis of your photos (subject to their privacy policies)
• Sentry: Error monitoring (no personal data)

5. Data Retention

• Account data is retained while your account is active
• Scan results are retained for your history
• Photos are not retained at all
• You can request deletion of your account and all associated data by contacting us

6. Security

• Passwords are hashed with bcrypt
• All connections are encrypted via HTTPS
• JWT tokens expire after 15 minutes
• Refresh tokens are rotated on each use
• Authentication tokens are stored in httpOnly cookies for enhanced security

7. Contact

Questions about privacy? Email us at privacy@bodyscan.ai