Privacy Policy
Last updated: April 12, 2026
IterArc is a personal life management app built by an independent developer in Budapest, Hungary. This policy explains exactly what data the app collects, how it is processed, where it is stored, and your rights regarding that data.
1. Data Controller
IterArc is operated by Barnabás Tóth (sole developer), Budapest, Hungary. For privacy inquiries, contact: privacy@iterarc.com
2. What Data We Collect
Account Information
- Google Sign-In: Email address, display name, and profile picture URL from your Google account. We use Google OAuth 2.0 with scopes:
openid,profile,email. We do not access your Google contacts, calendar, photos, or any other Google data. - Display name: You choose a display name during onboarding. This can differ from your Google name.
Health & Body Data
- Profile information: Weight (kg), height (cm), age, biological sex, activity level — entered voluntarily during onboarding. Used to calculate calorie and protein targets.
- Weight measurements: Logged as habit completions when you weigh yourself. Stored as numeric values with timestamps.
- Step count: Read from Android Health Connect (read-only). We request only the
READ_STEPSpermission. We do not read heart rate, sleep, workouts, or any other health data. Step data is cached locally on your device and synced as habit completion values. - Fasting data: Your eating window configuration (start/end hours) and fasting adherence status, derived from food entry timestamps.
Food & Nutrition Data
- Food photos: When you photograph a meal, the image is uploaded to our server for AI analysis. Photos are permanently deleted from our servers immediately after successful AI parsing. We do not retain food photos. The photo path is set to null in our database after deletion.
- Parsed nutrition data: Calories, macronutrients (protein, carbs, fat, fiber), micronutrients (iron, calcium, omega-3, B12, vitamin D, potassium, magnesium, zinc), and Daily Dozen food category servings. This parsed data is retained.
- Food descriptions: Text descriptions and notes you add to food entries.
- Recipes: Recipe names, ingredients, nutritional values, and preparation notes you create.
Habit Data
- Habits: Names, schedules, behavior loop definitions (cue, craving, response, reward), identity statements, stacking relationships, reminder times.
- Completions: Timestamps, typed values (e.g., weight in kg, step count), skip/miss status.
- Streaks & statistics: Computed from completion history. Current streak, 30-day consistency, longest streak.
Household Data
- Shared within your household: Shopping list items, shared recipes, household settings (timezone, briefing times, quiet hours). All household members can see each other's habits, food entries, and household settings.
- Not shared: Your personal profile (weight, height, age), push notification tokens, and sync queue are visible only to you.
Financial Data (Planned Feature)
- Bank connection: If you connect a bank account (e.g., Revolut) via GoCardless Bank Account Data API, we access transaction history, account balances, and account metadata under PSD2 Open Banking regulations. Access is read-only.
- Consent: Bank access requires explicit PSD2 consent via your bank's authentication flow. Consent is valid for 90 days and must be renewed.
- Transaction data: Merchant names, amounts, currencies, dates, and AI-assigned spending categories.
Device & Technical Data
- Push notification tokens: Firebase Cloud Messaging (FCM) device tokens, stored to deliver habit reminders and daily briefing notifications.
- Offline queue: Pending writes are stored locally on your device in SQLite until synced to the server.
3. How We Process Your Data
AI Processing (Anthropic Claude)
Food photos and optional text notes are sent to Anthropic's Claude AI (model: claude-opus-4-6) via a secure bridge server hosted on Hetzner (Germany). Claude analyzes the image to estimate nutritional content. Anthropic processes this data according to their own privacy policy. We do not send your name, email, or profile information to Anthropic — only the food photo, your notes, and your saved recipe names for matching purposes.
Transaction Categorization
When automatic pattern matching cannot categorize a bank transaction, the merchant name and description may be sent to Claude AI for categorization. No account numbers, balances, or personally identifying financial information is sent.
Daily Briefings
Morning and evening briefing summaries are generated deterministically on the server from your data snapshots (habit completions, food totals, weight trends). No AI/LLM is used for briefing generation in the current version. Briefings are composed from template rules in the app.
4. Where Your Data Is Stored
| Service | Location | Purpose |
|---|---|---|
| Supabase (PostgreSQL) | EU-West-1 (Ireland) | Primary database, auth, file storage |
| Hetzner VPS | Germany | AI bridge server (passes data to Anthropic) |
| Firebase/FCM | Google Cloud (Global) | Push notification delivery |
| Anthropic | United States | AI food photo analysis, transaction categorization |
| GoCardless | United Kingdom | PSD2 bank data access (planned) |
| Your device | Local | Offline cache, Health Connect data, session |
5. Data Sharing
We do not sell, rent, or share your personal data with third parties for marketing purposes. Data is shared only with:
- Anthropic: Food photos and merchant names for AI analysis (processing only, not stored by Anthropic under their API terms).
- Google/Firebase: Push notification tokens for delivery.
- GoCardless: Bank authentication tokens for PSD2 access (planned feature).
- Household members: Shared data as described in Section 2.
6. Data Retention
- Food photos: Deleted immediately after AI parsing. Not retained.
- All other data: Retained until you delete your account.
- Bank consent: PSD2 consent expires after 90 days. Tokens are invalidated.
- AI processing logs: Token counts and latency metrics are logged internally for rate-limit monitoring. No personal content is stored in these logs.
7. Your Rights (GDPR)
Under the EU General Data Protection Regulation, you have the right to:
- Access: Request a copy of all data we hold about you.
- Rectification: Correct inaccurate data via the app's edit functions.
- Erasure: Request deletion of your account and all associated data.
- Data portability: Request your data in a machine-readable format.
- Withdraw consent: Revoke Health Connect permissions, disable push notifications, or disconnect bank accounts at any time via the app's settings.
- Object: Object to processing of your data.
To exercise any of these rights, contact privacy@iterarc.com.
8. Security
- All data in transit is encrypted via TLS/HTTPS.
- Database access is protected by Row-Level Security (RLS) policies — each user can only access their own household's data.
- AI bridge communication is authenticated via HMAC signatures.
- No passwords are stored — authentication is via Google OAuth tokens managed by Supabase Auth.
- Food photos are stored temporarily in a private Supabase Storage bucket with signed URLs (not publicly accessible).
9. Children
IterArc is not intended for use by children under 16. We do not knowingly collect data from children.
10. Analytics & Tracking
IterArc does not use any third-party analytics, crash reporting, or advertising SDKs. The website (iterarc.com) does not use cookies or tracking scripts. We do not run Google Analytics, Firebase Analytics, Sentry, Mixpanel, or any equivalent service.
11. Changes to This Policy
We may update this policy when new features are added. The "last updated" date at the top reflects the most recent revision. Significant changes will be communicated via the app.
12. Contact
For any privacy-related questions or data subject requests:
- Email: privacy@iterarc.com
- Developer: Barnabás Tóth, Budapest, Hungary