Back to Home

Privacy Policy

Last updated: March 2026

1. Interpretation and Definitions

In this Privacy Policy:

  • "Personal Data" means any information that relates to an identified or identifiable individual, including but not limited to name, email address, and health-related data.
  • "Health Data" means information related to your physical health, including profile details (height, weight, age, sex) and scan analysis results (Gut Score, Bristol type).
  • "Usage Data" means data collected automatically, such as app usage patterns, feature interactions, and crash reports.
  • "User Content" means any images, text, or other materials you voluntarily submit through the App.
  • "Company" (referred to as "we", "us", or "our") means Armillary Sphere LLC, doing business as Poop AI, registered in the State of Texas.
  • "You" means the individual using the App.

2. Introduction

Poop AI respects your privacy and is committed to protecting your Personal Data. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your information. By using the App, you agree to the collection and use of information in accordance with this policy.

3. Data We Collect

We collect the following categories of data:

  • Account Information: Email address and authentication credentials (passwords are hashed and never stored in plain text).
  • Profile / Health Information: Age, sex, height, and weight — provided during onboarding to personalize your gut health analysis.
  • Scan Data: Photos you submit for analysis are sent to OpenAI, a third-party AI service, for classification via secure, temporary links that expire within 5 minutes. OpenAI does not retain your images for training. The AI-generated results (Gut Score, Bristol type, recommendations) and associated timestamps are stored in your account.
  • Usage Data: We collect anonymous crash reports and app performance data via Firebase Crashlytics (a Google service) to improve app stability. We also collect subscription and purchase event data via RevenueCat to manage your subscription.
  • Referral Data: Referral codes used during signup and referral counts for the rewards program.
  • Tracking Technologies: We do not use advertising trackers or cookies. The only third-party SDKs that collect data are Firebase Crashlytics (crash reports) and RevenueCat (subscription management).

4. How We Use Your Data

Your data is used to:

  • Provide the core scanning and analysis service (scan photos are processed by OpenAI's API for stool classification)
  • Generate personalized gut health insights and track trends over time
  • Process payments through the App Store (if and when paid features become available)
  • Send scan reminders and notifications (with your permission)
  • Improve app performance and fix bugs
  • Improve our AI model accuracy using anonymized, de-identified scan data
  • Communicate with you regarding account updates, support, or optional marketing (with your consent)
  • Comply with legal obligations

We do NOT sell, rent, or trade your Personal Data to any third party.

5. Legal Bases for Processing (GDPR)

If you are located in the EU/EEA, we process your Personal Data under the following legal bases:

  • Consent: You provide explicit consent when you create an account, submit scan images, and enable notifications.
  • Contract Fulfillment: Processing is necessary to provide you the Service you signed up for (scanning, analysis, tracking).
  • Legitimate Interests: We have a legitimate interest in improving our AI models, fixing bugs, and understanding usage patterns, provided these interests do not override your rights.
  • Legal Obligation: We may process data to comply with applicable laws, regulations, or legal proceedings.

6. User Content & License

By submitting User Content (scan images and related data), you grant the Company a worldwide, irrevocable, royalty-free, transferable, sublicensable license to use, reproduce, analyze, process, modify, and create derivative works from your submissions for the purposes of:

  • Operating and providing the Service
  • Improving, training, and developing our AI models and algorithms
  • Analyzing trends and generating aggregated insights

Data used for AI model training is anonymized and de-identified. This license survives Account deletion — anonymized and de-identified data that has already been incorporated into our models or datasets may be retained indefinitely. You represent and warrant that you own or have the necessary rights to all content you submit.

7. How We Share Personal Data

We may share your data in the following limited circumstances:

  • Service Providers: With third-party vendors who process data on our behalf (see section 8 below), under strict data protection agreements.
  • Legal Requirements: If required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.
  • Aggregated Data: We may share anonymous, aggregated statistics that cannot identify any individual.

We do not sell your Personal Data. We do not share your scan images with any third party in identifiable form.

8. Third-Party Services

We use the following third-party services to operate the App:

  • Supabase: Database and authentication (hosted on AWS, US region). All data is encrypted at rest and in transit.
  • OpenAI: AI image analysis. Scan images are sent to OpenAI's API for processing via secure, short-lived tokens. Images are not retained by OpenAI for training purposes per our data processing agreement.
  • Apple App Store: App distribution and, when paid features become available, billing and payment processing. We do not directly collect or store your payment information.
  • Expo / React Native: App framework and push notification delivery.
  • Vercel: Serverless hosting for our API endpoints. Scan data is processed through Vercel serverless functions in transit but is not persisted on Vercel's infrastructure.
  • Google Forms: Used to collect payout request information for the referral rewards program. Information submitted through Google Forms is subject to Google's Privacy Policy.
  • RevenueCat: Subscription and in-app purchase management. RevenueCat receives your anonymous app user ID and purchase/subscription events to manage entitlements. RevenueCat does not receive your email, name, or health data. Subject to RevenueCat's Privacy Policy.
  • Firebase Crashlytics (Google): Crash reporting and app stability monitoring. Collects anonymous crash logs, device model, OS version, and stack traces. Does not collect health data, scan images, or personally identifiable information. Subject to Google's Privacy Policy.

9. Data Storage & Security

All data is stored on Supabase (hosted on AWS) with AES-256 encryption at rest and TLS encryption in transit. Scan images are stored in private, encrypted storage buckets accessible only through authenticated, time-limited signed URLs that expire within minutes. Row-Level Security (RLS) ensures each user can only access their own data. No one — including our team — can browse your photos. While we take commercially reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure.

10. Data Transfers

Your data may be processed in countries other than your country of residence, including the United States. If you are located outside the United States, your data will be transferred to and processed in the US where our servers and third-party providers operate. We ensure appropriate safeguards are in place, including standard contractual clauses where required by GDPR, to protect your data during international transfers.

11. Data Retention

We retain your Personal Data for as long as your Account is active or as necessary for the purposes described in this Privacy Policy.

  • Health Data (scan images and analysis results) is kept until you delete it or delete your Account.
  • Usage Data is retained for shorter timeframes unless needed for security or legal purposes.
  • Backups are maintained for limited periods as part of standard retention practices.

We will delete or anonymize your data when it is no longer needed, unless we are legally required to retain it. If you delete your Account, all associated personal data is permanently removed from our active systems. Anonymized and de-identified data that has already been incorporated into AI training datasets may be retained in accordance with Section 6.

12. Your Privacy Rights

Depending on your jurisdiction, you have the right to:

  • Access: View all your Personal Data within the App.
  • Correction: Request correction of inaccurate Personal Data.
  • Deletion: Remove individual scans or your entire Account and all associated personal data from Settings. Note: anonymized and de-identified data that has been incorporated into AI training datasets may be retained per Section 6.
  • Opt Out: Disable push notifications at any time from Settings.
  • Portability: Request a copy of your data in a structured, machine-readable format by contacting us.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
  • Lodge a Complaint: If you are in the EU/EEA, you have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at hello@getpoopai.com.

13. Children's Privacy

Poop AI is not intended for children under 13. We do not knowingly collect Personal Data from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us.

14. Third-Party Links

The App may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the privacy policy of every site you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy within the App with a revised "Last updated" date. Your continued use of the App after such changes constitutes acceptance of the updated policy. We encourage you to periodically review this page.

16. Contact Us

For privacy-related questions, data requests, or to exercise your rights, contact us at hello@getpoopai.com.