Overview
Your privacy matters. Petal collects the minimum information needed to run the app, surface insights about your fiber and gut health, and keep your account secure. We never sell personal data, and we keep sensitive journal entries on-device by default.
Information We Collect
- Account details: when you use Sign in with Apple, we receive a privacy-preserving identifier plus the name and email you choose to share. This information is stored in Supabase and used to keep your account secure.
- On-device journal: meals, moods, symptoms, and notes stay on your device. Entries are not persisted in Supabase and are only transmitted when you trigger optional analysis or backups.
- Product analytics: event data (for example, which screens are viewed) to monitor quality. Analytics does not include journal text, meals, or calorie information and is not used for advertising profiles.
- Support messages: information you send to us when contacting support.
How We Use Information
- Operate, maintain, and improve Petal features and reliability.
- Provide insights like BloomScore, weekly recap, and optional AI-powered summaries. When AI is requested, we send only the anonymized snippet needed to produce that response.
- Detect, prevent, and address security or technical issues.
- Respond to support requests.
Service Providers
We rely on a small set of processors to operate Petal:
- Supabase (database and auth) stores account identifiers, encrypted email addresses, and basic profile preferences. Supabase does not store meal, mood, or symptom entries. See Supabase Privacy and Security.
- Mixpanel (product analytics) processes de-identified event data to help us understand feature adoption and stability. Journal content is not sent to Mixpanel. See Mixpanel Privacy.
- OpenAI API (analysis). When you request optional AI-generated summaries or pattern checks, Petal sends a temporary, anonymized slice of the relevant entry to OpenAI. We strip account identifiers before sending, and OpenAI does not receive your email or profile information.
These processors may process data in the United States or other regions. We maintain contractual and technical safeguards to protect your information and require processors to act only on our instructions.
Your Controls
- Export: request an export of your data via Support.
- Delete: delete your account from the app (Profile → Delete Account) or contact Support. Deletion removes your content from Supabase; corresponding Mixpanel analytics events are removed or anonymized where feasible.
- Preferences: you may request to limit analytics for your account—contact Support.
Security
We use industry‑standard safeguards including TLS in transit and managed database security controls. No method is 100% secure, but we work continuously to protect your information.
Retention
We keep data only as long as needed for the purposes above and to comply with legal obligations. When you delete your account, we begin removal of associated personal data from active systems and backups within a reasonable period.
Children
Petal is not intended for children under 13. If you believe a child has provided data, please contact us.
Changes
We may update this Privacy Policy. Material changes will be communicated in‑app or by email where appropriate.