Formulate Privacy Policy

Effective date: 2026-05-11 Last updated: 2026-05-11

This Privacy Policy describes how Formulate ("we," "us," or "the app") collects, uses, stores, and shares information when you use our mobile application. By using Formulate, you agree to the practices described here.

Quick summary (read this first)

We collect what you tell us (profile, goals, supplements you take) and what you scan (label images are read on your device — the photo never leaves your phone).
We store this in Supabase (US database servers) under your authenticated account.
When you talk to the AI Coach, your message is sent to DeepSeek for processing. We don't store that on DeepSeek's side.
We use RevenueCat to manage your subscription if you're a Pro user.
We never sell your data. We never run ads.
You can delete everything at any time from Settings → Account → Delete account.

1. Data we collect

1.1 Account data (required)

Email address (for sign-in via one-time code).
Authentication identifiers (user ID assigned by our auth system).

1.2 Profile and health-context data (you provide)

Stats you optionally enter: height, weight, biological sex, year of birth.
Goals (e.g., strength, endurance, sleep, focus).
Dietary restrictions, allergies.
Training context (frequency, type).
Time zone.

This data is used to personalize ingredient recommendations and the AI Coach's responses. You can leave any field blank.

1.3 Supplement and scan data (you create through usage)

Scans you perform: product name, optionally the OCR-recognized text from the label, parsed ingredients with doses, barcode (if applicable).
Your supplement stack: products you take regularly, doses, timing.
Daily intake log: each time you log taking something.

Note on scan images: Photos of supplement labels are processed entirely on your device using Apple Vision (iOS) or Google ML Kit (Android). The image itself is never uploaded to our servers. Only the text our OCR extracted from the image is sent — and only if you save the scan.

1.4 AI Coach conversations

Messages you send to the AI Coach and the responses generated.
Pinned facts you ask the Coach to remember.

These are stored in our database under your account.

1.5 Subscription data (if you upgrade to Pro)

Subscription status, product purchased, renewal date — managed by RevenueCat (see Section 4).
Apple/Google payment data: we never see your card. Apple or Google handles the actual payment.

1.6 Device and diagnostic data (minimal)

Operating system and app version (sent automatically with crash reports if you opt in).
We do NOT collect: contacts, location, microphone, photos library (camera is used only for scanning, with your explicit permission, and images are not retained), advertising identifier, browsing history.

2. How we use your data

To provide the service: store your stack, calculate daily intake totals, decode scans, run the AI Coach.
To personalize: tailor ingredient recommendations and Coach answers to your stated goals.
To bill (if Pro): process your subscription via Apple/Google + RevenueCat.
To improve the app: analyze aggregated, anonymous patterns (e.g., "what % of users have goals set"). We do not look at your individual data for product analytics.

We do NOT use your data to: - Train AI models on your conversations. - Sell or rent to third parties. - Run advertising. - Build profiles for any party other than you.

3. The AI Coach and DeepSeek

When you send a message to the AI Coach, the following happens:

The message, plus context (your goals, your stack, optionally your pinned memory facts), is sent to a server we operate (Supabase Edge Function).
The server forwards the request to DeepSeek (api.deepseek.com), an AI provider, which generates a response.
The response is sent back to your device and saved to your account.

DeepSeek's data handling: Per DeepSeek's published policy, API requests are not used to train their models and are retained only for limited operational purposes. We do not control DeepSeek's policies — review them at https://platform.deepseek.com/.

If you don't want DeepSeek to process your messages, don't use the AI Coach feature. The rest of the app works without it.

4. Service providers we share data with

Provider	Purpose	What they receive
Supabase (Auth + Database, US)	Account auth, all user data storage	Account email, profile, scans, stack, intake log, Coach conversations, Coach memory
RevenueCat (Subscription mgmt, US)	Manage Pro subscription state	User ID, subscription product, store identifiers — no health data
DeepSeek (AI Coach)	Generate AI Coach responses	The current Coach message + your goals + stack + pinned memory at time of request
Apple App Store / Google Play	Payment processing for Pro	Whatever Apple/Google handle for IAP (we don't see card data)
OpenFoodFacts (food barcode lookup, future)	Resolve barcodes to product info	Barcode number only — no user identifier

We have data processing agreements in place with these providers where required by law (GDPR, etc.).

5. Data retention

Active users: data is retained as long as your account exists.
Account deletion: you can delete your account at any time from Settings → Account → Delete account. All data — profile, scans, intake, Coach conversations, memory, entitlements — is permanently deleted from our database within 30 days. Backups are purged within 90 days.
Inactive accounts: if you don't sign in for 24 months, we may delete your account after notifying you by email.

6. Your rights

You can: - Access: see your data via the in-app settings (most fields are visible) or by emailing the contact below. - Export: request a copy of all your data in JSON format. We respond within 30 days. - Correct: edit your profile fields directly in the app. - Delete: see Section 5. - Withdraw consent: stop using the app. To delete data, see Section 5.

If you're in the EU/EEA/UK, you also have: - The right to lodge a complaint with your local data protection authority. - The right to object to certain processing. - The right to data portability (covered by export above).

If you're in California, you have CCPA rights including: - The right to know what personal information we collect, use, and disclose. - The right to deletion. - The right to opt out of "sale" — note that we do not sell your personal information. - The right to non-discrimination for exercising any CCPA right.

To exercise any of these rights, email the address in Section 9.

7. Children

Formulate is not intended for users under 13 years old (or the equivalent minimum age in your country). We do not knowingly collect data from children under that age. If you believe a child has provided us data, contact us at the address below and we will delete it.

The supplement guidance in Formulate is intended for adults. We do not provide pediatric dosing information.

8. Important limitations (medical disclaimer)

Formulate is not a medical device. The information we provide is educational, based on published research, and does not constitute medical advice. We are not a HIPAA covered entity. The data you store with us is not protected by HIPAA — it's protected by this Privacy Policy and applicable consumer protection law.

If you have a medical condition, are pregnant or nursing, take prescription medications, or have any concern about supplements interacting with your health, consult a healthcare professional. The AI Coach is explicitly instructed to defer medical questions to clinicians.

9. Contact us

For privacy questions, data access requests, or to delete your account:

Email: [email protected]

This address forwards to the founder's personal inbox. Response time is typically 1–2 business days. For privacy or data-deletion requests, mention "PRIVACY" in the subject line so it's not missed.

10. Changes to this policy

If we change this policy materially (e.g., add a new data-sharing partner, change retention periods), we will notify you in the app and by email at least 14 days before the change takes effect. Minor changes (typos, clarifications) take effect immediately and are reflected in the "Last updated" date at the top.