Privacy Policy

Last Updated: May 24, 2026

This policy explains what LivRight collects, why, and what control you have over your data. It's grounded in how the app actually works — not a boilerplate template.

1. Who we are

LivRight is an iOS app for personal metabolic wellness tracking. We are the data controller for the personal data processed through the app.

For questions about this policy or your data, see section 13 — Contact.

2.1. What we collect — from you directly

• Name, email, authentication identifier — sign-in and account identification
• Age, biological sex, height, weight — personalize recommendations and calculate the vitality score
• Dietary goals and restrictions — personalize meal analysis
• Meal photos — identify food and nutritional analysis
• Meal descriptions and notes — manual log entries when you don't use a photo
• Biomarker readings (ALT, AST, HbA1c, glucose, cholesterol, triglycerides, HDL, LDL, thyroid markers, kidney markers, vitamin levels, custom markers) — personal lab-result trending
• Weight entries — weight history
• Fasting state and timing — whether you were fasting when a lab test was taken, to give your biomarker readings context
• Corrections to meal scan results — improve your personal scan quality
• Metabolic profile (activity level and 6 behavioral flags) — personalize AI recommendations based on your eating and activity patterns
• Experiment progress — if you opt into an AI-suggested 7-day dietary experiment, we store your progress and the pattern that triggered it

2.2. What we access from your device

With your explicit permission, only for the features that need them:

• Camera — when you open the scanner to photograph a meal or product
• Apple Health (read) — steps, active calories, exercise time, and body weight. Optional, controllable in iOS Settings → Privacy → Health → LivRight.
• Apple Health (write) — weight entries you log in LivRight can be saved back to Apple Health, optional.
• Notifications — to deliver meal reminders, streak protection alerts, challenge progress updates, achievement unlocks, and post-meal activity nudges you opted into.

We do not access your location, contacts, microphone, calendar, or any other sensors.

2.3. What we collect automatically

• App usage events (which screens you view, which buttons you tap) — via Firebase Analytics, to understand how features are used and fix bugs
• Device type, iOS version, app version — via Firebase Analytics, for debugging and compatibility
• Crash reports and non-fatal errors (no personal content) — for stability

Analytics events never include your meal content, biomarker values, or personal metrics. LivRight's Apple Privacy Manifest formally declares NSPrivacyTracking = false — we do not track you across other apps or websites.

3.1. Where your data lives — cloud

When you are signed in, your data is stored in your private account on Google Firebase (Firestore database, Firebase Storage, Firebase Authentication):

• Profile info
• Meal scan records and photos
• Weight history
• Biomarker readings — only if you enabled cloud sync
• Achievements, corrections, Vitality Score history
• Metabolic profile and calibration answers
• Insight challenges and progress
• Post-meal activity tracking data
• Subscription tier (managed via Apple App Store through StoreKit 2)
• Legal agreement acceptance records (version accepted, timestamp)
• Context snapshots (audit trail of the information used for each AI analysis)

Encryption in transit: TLS/HTTPS for all network traffic.

Encryption at rest: Google encrypts all Firestore and Storage data with AES-256.

Access control: Firestore security rules restrict every document to the user who owns it. No other LivRight user — or unauthenticated visitor — can access your records.

App verification: Firebase App Check helps verify that requests to our backend come from our genuine app, reducing abuse.

Meal photos: EXIF metadata (GPS, camera model, timestamps) is stripped before upload.

3.2. Where your data lives — on this device

Some data stays only on your device:

• Profile cache in the iOS Keychain — encrypted by your device passcode, inaccessible while locked
• Biomarker readings in local-only mode — if you chose "Keep on This Device" in the Biomarker Tracker, readings live in an encrypted file (NSFileProtectionComplete) and are never uploaded to our servers. If you lose or replace your phone, this data is not recoverable.
• App preferences (UserDefaults) — non-sensitive settings like your unit system, onboarding state, legal agreement acceptance records, challenge states, and notification preferences. No personal content.
• Meal image cache — cleared on sign-out.

3.3. Transfers outside your country

Your Firebase data is stored in Google data centres in the regions where Google operates Firebase. Depending on your location, this may involve transferring your data to the United States or other countries. Google provides appropriate safeguards under the applicable data transfer frameworks (Standard Contractual Clauses, adequacy decisions where available).

4. How we use your data

• Provide the service — analyse meals, display nutrition, calculate your vitality score, store lab readings, show trends
• Personalize your experience — remember your dietary preferences and unit settings
• Improve the app — aggregated, non-identifying analytics
• Design experiments — detect patterns in your scan history and offer AI-designed 7-day experiments to test dietary changes
• Track post-meal activity — monitor steps taken after meals (if HealthKit is enabled) to encourage metabolically beneficial movement
• Communicate with you — the notifications you opted into

We do not:

• Sell your personal data
• Share your data with advertisers
• Use your meal photos to train AI models
• Profile you for behavioural advertising
• Track you across other apps or websites

5. Who we share data with

LivRight shares data only with the following sub-processors, bound by their own privacy commitments:

• Google Firebase (Auth, Firestore, Storage, Analytics, Remote Config, Functions, App Check) — backend storage, authentication, analytics, and request verification
• Google Gemini (via Firebase Cloud Functions) — meal photos and descriptions when you scan. Your name, age, and health conditions are never sent — only dietary preferences and behavioral flags needed for personalization. Per Google's Gemini API terms, content submitted via the API is not used to train Google's models.
• Apple — Sign in with Apple, App Store (subscriptions and payments), APNS for push delivery, HealthKit (if you enable integration)
• Google Sign-In — email, name, and profile photo if you choose Google as your sign-in method

We do not share your health data, lab readings, or meal content with any third party outside the list above.

6. How long we keep your data

• Active account — we keep your data as long as your account is open
• After account deletion — data is removed immediately from Firestore, Storage, and Authentication (section 8)
• Firebase Analytics — retains event data for up to 14 months by default, then aggregates it
• If you sign out without deleting — we keep your cloud data so you can sign back in. Local caches are cleared from this device.

7. Subscriptions

LivRight uses Apple's StoreKit 2 framework for subscription management. All payment processing is handled by Apple — we never see or store your credit card number, billing address, or other payment details.

What we store: your subscription tier (free or premium) and remaining scan count for the current billing period. These are synced to Firestore so they persist across devices.

Pricing: $5.99/month or $49.99/year. Free tier: 3 scans per day during your first 7 days. Premium tier: 500 scans per month.

We do not use any third-party subscription SDK. No subscription data is shared with any analytics vendor.

8. Your rights and controls

Access: you can see all the data LivRight holds on you directly in the app — Profile screen, History tab, Resources → Weight Tracking, Resources → Biomarker Tracker, Insights tab. If you need a machine-readable export, contact us while your account is still active. Once deleted, your data cannot be recovered or exported.

Delete your account: Profile → Account → Delete Account. This deletes all your Firestore data, Firebase Storage meal images, your Firebase Authentication record, and clears local caches on this device. It is immediate and permanent. There is no undo.

Individual controls:

• Biomarker cloud sync — toggle in Biomarker Settings
• Apple Health — iOS Settings → Privacy → Health → LivRight
• Notifications — iOS Settings → Notifications → LivRight
• Camera — iOS Settings → Privacy → Camera → LivRight

8.4. GDPR rights (EU / UK / EEA)

If you are in the European Union, United Kingdom, or European Economic Area, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate data
• Erase your data (right to be forgotten)
• Restrict processing
• Object to processing
• Data portability
• Lodge a complaint with your national data protection authority

The legal basis for most of our processing is contract performance — you asked us to provide the service. Analytics is based on legitimate interests, balanced by our policy of never using third-party trackers.

8.5. California rights (CCPA / CPRA)

California residents have the right to know what personal information we collect, request deletion, and opt out of the sale or sharing of personal information.

LivRight does not sell or share personal information as those terms are defined by the CCPA or CPRA.

9. Children

LivRight is intended for users 18 years of age or older. We do not knowingly collect personal data from children under 18.

If you believe someone under 18 has created an account, contact us and we will delete the account and all associated data.

10. Security

We use standard industry practices:

• TLS/HTTPS for every network request
• Firestore security rules restricting every document to the user who owns it
• iOS Keychain for local personal profile storage (encrypted by device passcode)
• NSFileProtectionComplete for local biomarker files (encrypted at rest, inaccessible while device is locked)
• EXIF metadata stripped from meal photos before upload
• Firebase App Check for request verification
• Principle of least privilege — collect only what each feature needs

No system is perfectly secure. If you believe your account has been compromised, contact us immediately.

11. Not a medical device

LivRight is not a medical device. It does not diagnose, treat, cure, or prevent any disease, and nothing in the app is medical advice.

The Biomarker Tracker is a personal log — it stores the numbers you enter and shows you how they change over time. It does not interpret them, flag values as normal or abnormal, or tell you what to do about them.

The Vitality Score is an approximate wellness indicator based on your meal patterns. It is not a medical measurement.

Always discuss your lab results and health decisions with a qualified healthcare professional.

12. Changes to this policy

We may update this policy as LivRight evolves. When we make material changes we will notify you inside the app, update the "Last Updated" date at the top, and require you to re-accept the updated terms before continuing to use the app.

13. Contact

For questions about this policy, data requests, or to report a security issue:

• In-app: Profile → Help & Support
• Email: contact@livright.app
• Feedback form: https://forms.gle/CFnjWi7UA1MZ1BJH8