Privacy Policy

Last updated: May 23, 2026

Tatva is built for people who want to understand their own metabolic health. Your data is yours. This document explains, plainly, what we collect, why, and what we never do.

What we collect

Profile you give us

Meal and reading logs

Health data from Apple Health or Google Health Connect

Only if you grant permission. We read:

We never write data back to Apple Health or Google Health Connect unless you explicitly enable it. We never share this data with anyone.

Why we collect it

That's the entire list. We do not sell your data. We do not use it for advertising. We do not share it with third parties for any purpose beyond providing this service.

Where it lives

Your data is stored in Supabase (Postgres) in the United States. Meal photos are stored in a private storage bucket scoped to your user ID, retrievable only by you. Row-Level Security is enforced at the database level so no other user can access your records.

AI processing

To identify meals from photos, generate verdicts and weekly insights, and power the Ask Tatva chat, we send the relevant data to Google's Gemini API. Specifically: (a) meal photos, (b) a structured summary of your recent logs (conditions, recent readings, recent symptoms), and (c) any text or voice questions you submit in Ask Tatva. Voice questions are transcribed by Gemini and then handled like a typed question — the audio is not retained. Google processes this data under their privacy terms and does not use it to train models when accessed via API. We never send your name, email, or contact details to Gemini.

Your rights

Children

Tatva is not intended for children under 16 (or 13 in jurisdictions where that is the legal minimum). We do not knowingly collect data from anyone under that age.

For users in the European Economic Area, United Kingdom, and Switzerland (GDPR & UK GDPR)

Data controller: Binary Ocean LLC, the entity behind Tatva, operating at hello@mytatva.app.

Lawful basis for processing: we rely on your explicit consent (GDPR Article 9(2)(a)) to process the health-related data you share with us. You give this consent at sign-up and can withdraw it anytime by deleting your account.

International data transfers: our backend (Supabase) is hosted in the United States, and we use Google's Gemini API which also processes data in the United States. Transfers from the EEA / UK / Switzerland are protected by the European Commission's Standard Contractual Clauses (SCCs) signed with our processors. Your data is encrypted in transit and at rest.

Your GDPR rights: in addition to what's above, you have the right to:

Retention: we keep your data for as long as your account is active. After deletion, residual backups are purged within 90 days.

Automated decision-making: Tatva's meal verdicts and weekly insights are generated by AI but are advisory only. They do not produce legal effects and do not constitute automated decision-making under GDPR Article 22.

EU representative: not currently appointed (Tatva is below the threshold requiring one). Contact hello@mytatva.app for any GDPR question.

Contact

Questions, requests, complaints — email hello@mytatva.app. We respond within 48 hours.