Privacy Policy

1. Scope

This Privacy Policy applies to the Parsely iOS application, this website, and any other service that links to this policy (collectively, the "Services"). By using the Services you agree to this policy. If you do not agree, please do not use the Services.

2. Information we collect

Account and identity

When you sign in with Apple we receive an Apple-issued user identifier, and optionally your name and email address (which you may hide or relay through Apple's private relay). We store the Apple user identifier and, if provided, your display name and email in our database. We do not store raw Apple ID tokens after session creation.

Health and nutrition goals

During onboarding we ask for information such as your biological sex, date of birth, height, weight, activity level, dietary preferences, and target weight. We use these inputs to calculate your estimated total daily energy expenditure (TDEE) and suggest calorie and macro goals. We store the calculated goals (calorie target, protein, carbs, fat, and TDEE estimate) in your account. The raw onboarding inputs are not persisted to our servers after the calculation is complete. You can update your goals at any time in Settings.

Nutrition logs

Every time you log food — by typing, scanning a barcode, photographing a meal, scanning a restaurant menu or delivery receipt, or asking our in-app AI coach — we store:

• The original text you entered or sent ("raw input");
• How you logged it (typing, photo, or scan);
• A meal tag (breakfast, lunch, dinner, snack) if you assign one;
• Structured nutrition data: food name, quantity, unit, calories, protein, carbohydrates, fat, and micronutrients (fiber, sugar, sodium, etc.) as returned by our AI pipeline; and
• The URL of the web source used to look up nutrition data, if applicable.

Raw food text is sensitive and we treat it as such. It is never sent to our analytics provider (PostHog) and is only shared with AI subprocessors for the purpose of parsing your entry — see Section 3 below.

Weight logs

If you use the optional weight tracking feature, we store your recorded body weight (in pounds), the date and time, and any optional note you attach.

Saved meals

If you save a meal template, we store the meal name, original input text, and the structured food items and nutrition values within it.

AI dietician chat (Sprig)

If you use Sprig, our in-app AI nutrition coach, we store your conversation threads — the messages you send and Sprig's replies — so you can return to them later. To answer in context, Sprig uses your profile, goals, and the food you've logged that day (see Section 3 for how messages are processed by our AI provider). If you attach a photo in chat, it is processed to generate suggestions but is not retained after the response is produced. You can delete a conversation at any time in the app.

Community feedback

If you post to the in-app community feedback board, we store the title and body of your post and your upvotes. Feedback posts are visible to other signed-in users, and selected posts may be displayed publicly on our website roadmap. We do not display your name or identity alongside public roadmap posts. Posts containing profanity are rejected and not stored. Please do not include sensitive personal information in feedback posts.

To keep the board safe, we also store moderation signals: if you report a post we record that report (which automatically hides the post from the board pending review), and if you block another user we store that block so their posts no longer appear for you. You can review and undo your blocks under More → Blocked users in the app.

Subscription and billing

If you subscribe via Stripe, we store your Stripe customer ID, subscription ID, subscription status (trialing, active, past_due, canceled), and renewal/trial dates. We also maintain an audit log of subscription status changes. We do not store payment card details — those are handled exclusively by Stripe's PCI-DSS-compliant infrastructure and never touch our servers.

If you subscribe via Apple in-app purchase, Apple handles the transaction and provides us only a receipt token for verification. No payment data is stored on our servers.

Usage and analytics data

In the iOS app we collect app events — such as screen views, button taps, and error events — using PostHog. These events include your account identifier (a UUID) and device metadata (operating system, app version). We have implemented technical safeguards that prevent food names, raw input text, and nutrition data from ever being included in analytics events. Session recording and screen capture are disabled.

Web analytics

On this website we use Vercel Analytics and Vercel Speed Insights, which collect anonymized page view data, referrer information, and Core Web Vitals performance metrics. These tools do not use cookies or fingerprinting to identify individuals across sessions.

Support communications

If you contact us by email, we retain the content of your messages to respond to your inquiry and for internal records.

3. AI and machine learning processing

Parsing food descriptions into structured nutrition data is the core function of Parsely. When you log a meal, your food description is processed through an AI pipeline:

• Text parsing. Your food description text is sent to Google Gemini (a large language model operated by Google LLC) to extract food items, quantities, and estimated nutrition values. The text is sent without your name or email attached — only the food description itself.
• Photo, menu, and receipt parsing. If you log food by photographing a meal, scanning a restaurant menu, or scanning a delivery receipt, the image is compressed and sent to Google Gemini's vision API to identify items and estimate nutrition (for receipts and orders, we anchor the total to the figure shown). Images are not stored on our servers after parsing completes.
• AI nutrition coach (Sprig).When you chat with Sprig, your messages — together with relevant context such as your calorie and macro goals and the totals you've logged that day — are sent to Google Gemini to generate coaching replies and meal suggestions. Your name and email are not included. Sprig provides general nutrition guidance, not medical advice.
• Nutrition search. Food description text is also sent to Exa, a web search service, to retrieve publicly available nutrition data from restaurant menus, packaging databases, and nutrition reference sites. The search query contains only the food name — no personal identifiers.
• Vector embeddings and caching. To speed up future requests and reduce costs, we convert normalized food descriptions into numerical embeddings (using Google's text-embedding model) and store them in a vector cache in our database. These vectors allow us to serve cached results for similar queries without re-running the full AI pipeline.
• Internal model evaluation logs. We log anonymized parse results (food description, model output, latency, confidence score) in an internal table for the purpose of evaluating and improving our AI pipeline. These logs are stored with no user identifier. A subset of these logs is shared in anonymized form with Braintrust, our AI evaluation platform, for quality tracking. Raw food text is not included in what is sent to Braintrust. These internal logs are excluded from any user-facing data export and are cascade-deleted when your account is deleted.

AI-generated nutrition values are estimates and may not be accurate. You are responsible for confirming values before relying on them for health or medical purposes. Parsely is not a medical device.

4. Apple HealthKit

If you grant permission, Parsely writes your logged calorie and macro data to the Apple Health app on your device (dietary energy, protein, carbohydrates, and fat). This integration is write-only: we write data to HealthKit and do not read any other health data from it. HealthKit data remains on your device under Apple's control and is never uploaded to our servers. You can revoke HealthKit access at any time in iOS Settings → Health → Parsely.

5. How we use information

We use personal information to:

• Create and manage your account;
• Parse your food descriptions into structured nutrition data and log them to your account;
• Calculate and display your daily calorie and macro totals;
• Provide AI nutrition coaching through Sprig, using your goals and logged data to generate replies and meal suggestions;
• Operate the community feedback board and our public roadmap;
• Process and manage your subscription, including trial management and billing notifications;
• Send transactional emails (subscription confirmation, trial expiration notices) via Resend;
• Evaluate and improve the accuracy of our AI food-parsing pipeline using anonymized internal logs;
• Detect, prevent, and investigate security incidents, abuse, or fraud;
• Analyze aggregate, de-identified usage patterns to improve the Services; and
• Comply with legal obligations and enforce our agreements.

We do not use your food logs, weight data, or health goals for advertising, profiling for third-party marketing, or any purpose unrelated to operating the Parsely service.

6. Third-party services and subprocessors

We use the following third-party services to operate Parsely. Each service acts as a subprocessor under applicable data protection law. We have entered into, or rely on, their published data processing terms.

Links to third-party sites are governed by those sites' policies. We do not control and are not responsible for third-party data practices beyond what is described here.

7. Cookies and similar technologies

The Parsely iOS app does not use browser cookies. On this website, Vercel Analytics uses lightweight, cookie-free page-view tracking. If you are authenticated, Supabase sets a session cookie to maintain your login state. We do not use advertising cookies, tracking pixels from ad networks, or any technology designed to build a cross-site behavioral profile. Where consent is required by applicable law before setting non-essential cookies, we will request it.

8. Legal bases (where applicable)

If data protection laws such as the EU/UK GDPR apply, we rely on the following legal bases for processing:

• Performance of a contract — providing account management, food logging, nutrition parsing, and subscription management.
• Legitimate interests — securing the Services, preventing abuse, maintaining internal AI evaluation logs (with anonymization safeguards), and understanding aggregate usage.
• Consent — optional features such as HealthKit integration, and any marketing communications where required.
• Legal obligation — compliance with tax, financial reporting, and law enforcement requirements.

9. Sharing of information

We may share personal information:

• With the subprocessors listed in Section 6 under confidentiality obligations and only to the extent necessary to provide the Services;
• With professional advisers (lawyers, accountants, auditors) where necessary and under confidentiality;
• To comply with applicable law, enforceable legal process, or to protect rights, safety, and security; and
• In connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards and notice to you as required by law.

We do not sell your personal information, rent it to advertisers, or use it to build advertising profiles for third parties. Where "sale" or "sharing" is defined broadly by applicable law (e.g., CCPA), we provide opt-out choices as required.

10. Retention and deletion

We retain personal information for as long as your account is active or as needed to provide the Services and comply with legal obligations. When you delete your account, we initiate a cascade deletion that removes your profile, nutrition logs, weight logs, saved meals, Sprig chat conversations, community feedback posts, upvotes, reports, and blocks, subscription records, user-specific AI cache entries, and internal parse logs from our active database. Your Stripe subscription is also cancelled.

The following retention exceptions apply after account deletion:

• Database backups. Supabase maintains point-in-time recovery backups. Your data may remain in backup snapshots for approximately 7–30 days before those snapshots age out.
• Stripe records. Stripe retains customer and transaction records for up to 7 years as required by PCI-DSS and tax compliance regulations. We cannot delete these records from Stripe's system.
• Anonymized AI evaluation data. Braintrust may retain anonymized parse metrics (with no user identifier or raw food text) for the purpose of longitudinal model evaluation. This data cannot be linked back to you.
• Trial-abuse prevention records. To enforce our one-free-trial limit and prevent fraud, we retain a one-way hashed identifier derived from your Apple account and/or email after deletion. This record contains no readable personal information and cannot be used to identify you or recover your data — it only lets us detect whether a previously trialed identity signs up again.

You can delete your account at any time from the More tab in the iOS app. To request account deletion by email, contact jalen@useparsely.com.

11. Security

We implement administrative, technical, and organizational measures to protect your information, including:

• Row-Level Security (RLS) on all database tables, ensuring your data is only accessible to you and authorized backend services;
• JWT-based authentication for all API requests, with tokens stored in the iOS Keychain (device secure storage);
• TLS encryption for all data in transit between the app, our backend, and subprocessors;
• Payment card data handled exclusively by Stripe's PCI-DSS-certified infrastructure — card numbers never pass through our systems;
• Webhook signature verification (HMAC-SHA256 for Stripe) to authenticate inbound events; and
• Restricted server-side environment variables (service role keys and API secrets) with no client-side exposure.

No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we will notify you of any breach affecting your data as required by applicable law.

12. International transfers

Parsely is based in the United States. Your information may be processed by our subprocessors in the United States or other countries. Where required by law (e.g., GDPR), we rely on appropriate transfer mechanisms — such as standard contractual clauses or the EU-U.S. Data Privacy Framework where applicable — to lawfully transfer personal data.

13. Your privacy rights

Depending on your location, you may have rights to:

• Access — request a copy of the personal information we hold about you;
• Correction — request correction of inaccurate information (most data can be corrected directly in-app);
• Deletion — request deletion of your account and associated data (available directly in-app or by contacting us);
• Restriction or objection — object to or restrict certain processing where permitted by law;
• Portability — receive a copy of your data in a structured, machine-readable format. Note: a self-service data export tool is on our roadmap and not yet available. In the interim, contact us and we will fulfill export requests manually within 30 days; and
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

California residents have additional rights under the CCPA/CPRA, including rights to know, delete, and correct personal information, and to opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not sell or share personal information for advertising. We do not discriminate against users for exercising privacy rights.

To submit a privacy request, contact us at jalen@useparsely.com. We may need to verify your identity before responding. We will respond within the timeframe required by applicable law (typically 30 days).

EU/UK residents may lodge a complaint with their local supervisory authority if they believe we have not addressed their concern adequately.

14. Children

The Services are directed to adults and are not intended for anyone under 18 years of age. We ask your age during onboarding and block registration by anyone who indicates they are under 18. We do not knowingly collect personal information from individuals under 18. If you believe we have inadvertently collected such information, please contact us immediately at jalen@useparsely.com and we will take prompt steps to delete it.

15. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will post the updated version on this page and update the "Last updated" date. Where changes are material, we will provide additional notice (such as an in-app notification or email) as required by applicable law.

16. Contact

Questions, requests, or concerns about this Privacy Policy or our privacy practices may be directed to:

Platon Applications LLC

Email: jalen@useparsely.com