Privacy Policy

Last updated: February 8, 2026

JCW Digital ("we", "us", or "our") operates CarbSight, a mobile application that uses AI to estimate carbohydrate content from food photos. This Privacy Policy explains how we collect, use, and protect your information.

1. Information We Collect

Account Information: When you create an account, we collect your email address and authentication provider (Apple ID or email). If you sign in with Apple, we receive only the information you choose to share.

Food Photos: When you use the scan feature, your food photos are sent to our backend server for AI analysis. Photos are transmitted securely via HTTPS and are processed by OpenAI's Vision API. Photos sent to OpenAI are automatically deleted within one hour. Photos are also stored in our database to enable meal history and sync features.

Meal Estimates: We store the AI-generated carbohydrate estimates, food item names, portion sizes, and confidence scores associated with your scans. This data is linked to your user account.

Subscription Data: If you subscribe, we store your Apple transaction identifiers and entitlement status to manage your subscription. We do not have access to your payment method or billing details — those are handled entirely by Apple.

Usage Data: We track daily scan counts per user to enforce subscription limits.

Local Data: The app stores meal history, preferences (appearance, disclaimers acknowledged), and cached data locally on your device using CoreData and UserDefaults.

2. How We Use Your Information

• To provide AI-powered carbohydrate estimation from food photos
• To maintain your meal history and enable syncing across sessions
• To manage your account and subscription status
• To enforce usage limits based on your subscription plan
• To improve the accuracy and quality of our service

3. Third-Party Services

We use the following third-party services:

• Supabase: For user authentication, database storage, and file storage. Data is hosted in secure cloud infrastructure. Supabase Privacy Policy
• OpenAI: For AI-powered food recognition and carbohydrate estimation. Food photos are sent to OpenAI's API and are subject to OpenAI's data usage policies. Files are set to auto-expire within one hour. OpenAI Privacy Policy
• Apple (StoreKit): For in-app purchase and subscription processing. Apple Privacy Policy
• Vercel: For hosting our backend API. Vercel Privacy Policy

4. Data Retention

Your account data and meal history are retained for as long as your account is active. Food photos sent to OpenAI are automatically deleted within one hour of processing. When you delete your account, all associated data is permanently removed from our servers, including meal estimates, transaction records, entitlements, and usage data.

5. Data Security

All data transmission between the app and our servers uses HTTPS encryption. User authentication is managed through Supabase with industry-standard JWT tokens. We use row-level security policies to ensure users can only access their own data.

6. Your Rights

You have the right to:

• Access your data: View your meal history and account information within the app
• Delete your data: Delete your entire account and all associated data through Settings > Account > Delete Account
• Export your data: Export your meal history as CSV from within the app

7. Children's Use and Parental Responsibility

CarbSight is designed to support individuals managing carbohydrate intake, including parents and caregivers assisting minors with dietary needs such as diabetes management.

Accounts within CarbSight are intended to be created and managed by individuals aged 13 or older. Parents or legal guardians may use the app on behalf of minors under their supervision.

We do not knowingly permit children under the age of 13 to create independent accounts or to provide personal information without verified parental involvement. Any carbohydrate estimates, meal history, or related data associated with minors are expected to be entered and managed by a parent or guardian.

Parents or guardians who believe their child has provided personal information without their consent may contact us to request review or deletion of the data.

8. Tracking & Analytics

CarbSight does not use any third-party analytics or advertising SDKs. We do not track you across other apps or websites. We do not share your data with advertisers.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or by updating the "Last updated" date above.

10. Contact Us

If you have questions about this Privacy Policy or your data, please contact us at:

Email: support@carbsight.app