Privacy Policy
Last updated: May 23, 2026
Tatva is built for people who want to understand their own metabolic health. Your data is yours. This document explains, plainly, what we collect, why, and what we never do.
What we collect
Profile you give us
- Name, age, gender, height, weight
- Health conditions you choose to share (e.g. diabetes, PCOS, fatty liver)
- Symptoms, diet preference, country
- Email or phone number you sign in with
Meal and reading logs
- Photos of your meals — stored privately, visible only to you
- Items identified in those meals, portion sizes, cooking method
- Blood sugar readings you choose to log
- Mood tags you tap after a meal
Health data from Apple Health or Google Health Connect
Only if you grant permission. We read:
- Step count, active energy
- Sleep duration and stages
- Heart rate and heart rate variability
- Weight, glucose readings (where available)
We never write data back to Apple Health or Google Health Connect unless you explicitly enable it. We never share this data with anyone.
Why we collect it
- To produce your meal verdicts and weekly patterns
- To personalize tips based on your conditions, diet, and country
- To predict how a meal may affect your blood sugar
- To send you the notifications you've chosen to receive
That's the entire list. We do not sell your data. We do not use it for advertising. We do not share it with third parties for any purpose beyond providing this service.
Where it lives
Your data is stored in Supabase (Postgres) in the United States. Meal photos are stored in a private storage bucket scoped to your user ID, retrievable only by you. Row-Level Security is enforced at the database level so no other user can access your records.
AI processing
To identify meals from photos, generate verdicts and weekly insights, and power the Ask Tatva chat, we send the relevant data to Google's Gemini API. Specifically: (a) meal photos, (b) a structured summary of your recent logs (conditions, recent readings, recent symptoms), and (c) any text or voice questions you submit in Ask Tatva. Voice questions are transcribed by Gemini and then handled like a typed question — the audio is not retained. Google processes this data under their privacy terms and does not use it to train models when accessed via API. We never send your name, email, or contact details to Gemini.
Your rights
- Export — request a full copy of your data anytime by emailing hello@mytatva.app.
- Delete — request deletion of your account and all associated data. We honour this within 30 days.
- Revoke — turn off Apple Health / Google Health Connect access anytime from your phone's settings; Tatva immediately stops syncing.
Children
Tatva is not intended for children under 16 (or 13 in jurisdictions where that is the legal minimum). We do not knowingly collect data from anyone under that age.
For users in the European Economic Area, United Kingdom, and Switzerland (GDPR & UK GDPR)
Data controller: Binary Ocean LLC, the entity behind Tatva, operating at hello@mytatva.app.
Lawful basis for processing: we rely on your explicit consent (GDPR Article 9(2)(a)) to process the health-related data you share with us. You give this consent at sign-up and can withdraw it anytime by deleting your account.
International data transfers: our backend (Supabase) is hosted in the United States, and we use Google's Gemini API which also processes data in the United States. Transfers from the EEA / UK / Switzerland are protected by the European Commission's Standard Contractual Clauses (SCCs) signed with our processors. Your data is encrypted in transit and at rest.
Your GDPR rights: in addition to what's above, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct anything inaccurate (edit your profile in-app, or email us)
- Erasure ("right to be forgotten") — request full deletion, honoured within 30 days
- Restriction — ask us to pause processing while a complaint is resolved
- Portability — request your data in a machine-readable JSON file (or use the "Download my data" button in the app)
- Object — object to processing for any purpose other than what's stated here
- Lodge a complaint with your local Data Protection Authority (e.g. CNIL in France, ICO in the UK, BfDI in Germany)
Retention: we keep your data for as long as your account is active. After deletion, residual backups are purged within 90 days.
Automated decision-making: Tatva's meal verdicts and weekly insights are generated by AI but are advisory only. They do not produce legal effects and do not constitute automated decision-making under GDPR Article 22.
EU representative: not currently appointed (Tatva is below the threshold requiring one). Contact hello@mytatva.app for any GDPR question.
Contact
Questions, requests, complaints — email hello@mytatva.app. We respond within 48 hours.