Privacy Policy

Last updated: March 31, 2026

Flarely ("we," "our," or "us") is operated by Low Latency Labs LLC. This Privacy Policy explains how we collect, use, and protect your information when you use the Flarely mobile application.

1. Health Data Stays on Your Device

All health tracking data you enter into Flarely — including bowel movement logs, food entries, stress levels, fasting records, AI analysis results, and personal insights — is stored locally on your device using Apple's SwiftData framework. We do not collect, transmit, or store this data on our servers.

2. Data Sent to AI Services

When you use Flarely's AI-powered features, limited data is sent to our backend servers (hosted on Cloudflare) and processed by OpenAI. AI analysis may involve multiple processing steps (meal identification, food tag classification, and pattern analysis).

Your permission is required: The app asks for your explicit permission before sending any data to AI services. You can manage this permission at any time in the app's settings under Privacy > AI Data Sharing.

Meal Photo Analysis: When you photograph a meal for AI analysis, the image is resized and sent to our servers, which forward it to OpenAI's Vision API for food identification. Images are processed and discarded — they are not stored by us or by OpenAI. Meal photos may incidentally capture personal information (such as kitchen backgrounds or hands); this incidental data is processed transiently and not retained. Under OpenAI's current API data usage policy, API inputs and outputs are not used for model training. Please refer to OpenAI's API Data Usage Policy for the latest information.

Pattern Insights: When you request AI-generated insights, we send an anonymized summary of your recent tracking data (up to 90 days) including timestamps, pain levels, stress levels, and food tag frequencies. No names, email addresses, or personally identifying information is included in this data.

Device Identifier: A randomly generated identifier (UUID) — not linked to your Apple ID, name, or any personal information — is sent with AI requests solely for rate limiting purposes.

IP Addresses: Your IP address is used ephemerally at the proxy level for rate limiting. It is never forwarded to OpenAI and is not stored persistently.

3. AI Processing Transparency

This section describes exactly how your data flows through our systems when you use AI-powered features.

Meal Photo Analysis

1. Your device: The image is resized locally and sent to Flarely's servers (hosted on Cloudflare) over an encrypted connection (HTTPS/TLS).
2. Flarely servers (Cloudflare): The image is forwarded to OpenAI's Vision API for food identification. No copy of the image or any health data is stored, cached, or logged on our servers.
3. OpenAI: Processes the image and returns food identification results. The image is not used for model training. OpenAI retains API data per their retention policy (currently up to 30 days for abuse monitoring), then deletes it.
4. Back to your device: Results are stored locally on your device using SwiftData. Nothing persists on our servers.

Pattern Insights

1. Your device: An anonymized summary is generated containing timestamps, pain levels, stress levels, and food tag frequencies. No names, email addresses, or personally identifying information is included.
2. Flarely servers (Cloudflare): The summary is forwarded to OpenAI. No copy of your health data is stored, cached, or logged on our servers.
3. OpenAI: Processes the summary and returns pattern insights. Same retention policy as above.
4. Back to your device: Insights are stored locally on your device. Nothing persists on our servers.

Key guarantees:

• No health data is stored on Flarely's servers at any point in the process
• Flarely does not use your health data to train AI models
• All data is transmitted via encrypted connections (HTTPS/TLS 1.3)
• OpenAI does not use API data for model training (per their current API Data Usage Policy)
• No data is cached or queued between requests on our servers

4. Email Communications

We may send you the following emails:

• Welcome email — sent after account creation via our email delivery provider, Resend
• Verification email — sent by Firebase to verify your email address
• Password reset email — sent by Firebase when you request a password reset

You can unsubscribe from non-essential emails (such as the welcome email) at any time using the unsubscribe link included in the email or by contacting us at hello@lowlatencylabs.app. Transactional emails required for account security (verification and password reset) cannot be unsubscribed from.

5. Diagnostic Logging

We may collect limited diagnostic logs — such as error messages, HTTP response codes, and timestamps — to identify and troubleshoot service issues. These logs do not contain health data, meal photos, or personally identifying information. Diagnostic logs are retained for a limited period and automatically deleted.

6. Account Information

When you sign in with Apple, we receive your name and email address (if you choose to share them). The following information is stored in Google Firebase for account management purposes only:

• Display name
• Email address
• Apple user ID (a privacy-preserving, per-app identifier issued by Apple — it cannot be used to track you across other apps)
• Account creation date
• Last-updated date

This information is never shared with third parties for marketing or advertising.

7. Subscription Management

We use RevenueCat to manage subscriptions. Your Firebase user ID is shared with RevenueCat to validate your subscription status. No health data is shared with RevenueCat.

8. What We Don't Do

• We do not use analytics or tracking SDKs
• We do not display advertisements
• We do not sell or share your data with third parties for marketing
• We do not use cookies or persistent tracking on our website
• We do not collect location data

9. Third-Party Services

Flarely integrates with the following services:

Cloudflare may collect standard HTTP metadata (such as IP addresses and timestamps) as part of its platform infrastructure. For details, see Cloudflare's Privacy Policy. See also: OpenAI API Data Usage Policy, RevenueCat Privacy Policy, Firebase Privacy & Security, Resend Privacy Policy.

Third-party data protection: All third-party service providers that receive your data maintain data protection standards equivalent to or exceeding those described in this Privacy Policy. OpenAI processes data under their API Data Usage Policy, which provides that API inputs and outputs are not used for model training, are retained only for a limited period for abuse and misuse monitoring, and are not shared with other third parties. Cloudflare and Google Firebase maintain industry-standard security certifications and comply with applicable data protection regulations. RevenueCat processes only subscription identifiers and does not receive any health data. Resend processes only email addresses and display names for transactional email delivery and does not receive any health data.

10. International Users & Data Transfers

Flarely is available worldwide. Your data is processed in the United States. If you are located outside the United States — including in the European Economic Area (EEA), United Kingdom, or elsewhere — your information may be transferred to and processed in the US.

Our third-party service providers (including Cloudflare, OpenAI, and Google Firebase) maintain Standard Contractual Clauses and/or other approved data transfer mechanisms to facilitate lawful international data transfers. By using Flarely, you consent to the transfer and processing of your data in the United States.

11. Your Rights Under GDPR (EU/EEA/UK Users)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data
• Restriction: Request that we limit how we process your data
• Portability: Request your data in a portable format
• Objection: Object to our processing of your data

Legal basis for processing:

• Contract performance (Article 6(1)(b)): AI data analysis is necessary to perform the service you subscribed to. Account management and subscription fulfillment also rely on this basis.
• Legitimate interest (Article 6(1)(f)): Service security, rate limiting, and fraud prevention.

Health data (special category): Anonymized health data summaries sent for AI analysis qualify as "data concerning health" under GDPR Article 9. This data is processed under your explicit consent (Article 9(2)(a)), which you provide through the in-app consent prompt before first use of AI features. You may withdraw consent at any time by not using AI features. Withdrawal does not affect the lawfulness of processing performed before withdrawal.

Since your health data is stored locally on your device, most data subject rights are satisfied through your own device controls — you can view, modify, or delete your health entries at any time. For account data stored in Firebase, you can delete your account via Profile > Delete Account in the app.

To exercise any of these rights, contact us at hello@lowlatencylabs.app. You also have the right to lodge a complaint with your local data protection supervisory authority.

Data breach notification: In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required under GDPR Article 33. If the breach is likely to result in a high risk to you, we will also notify you without undue delay, as required under GDPR Article 34. For users outside the EU/EEA/UK, we will comply with applicable breach notification laws in your jurisdiction.

EU Representative: Flarely's processing of personal data is limited to account management and occasional, user-initiated AI analysis of anonymized summaries. Given the nature and scale of this processing, we have not appointed an EU representative under Article 27. If this changes, we will update this policy. You may contact us directly at hello@lowlatencylabs.app.

12. Your Rights Under CCPA/CPRA (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights:

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You can request that we delete your personal information.
• Right to Opt-Out of Sale or Sharing: We do NOT sell or share (as defined under CPRA) your personal information. We do NOT share personal information for cross-context behavioral advertising.

Categories of personal information we collect:

• Identifiers (name, email address via Apple Sign-In, Apple user ID)
• Account information (Firebase user ID)
• Device identifiers (randomly generated UUID for rate limiting)
• Internet or electronic network activity information (IP addresses may be collected by Cloudflare as a service provider)

To exercise your rights, email hello@lowlatencylabs.app or use the in-app account deletion feature (Profile > Delete Account). We will not discriminate against you for exercising your privacy rights.

13. Data Retention

• Health data: Stored locally on your device until you delete it or delete your account.
• Account data: Retained while your account exists. Deleted immediately upon account deletion.
• AI-processed data (Flarely servers): Not retained. Data passes through our servers transiently during processing and is not stored, cached, or logged.
• AI-processed data (third parties): Third-party providers retain data according to their own retention policies, which are outside our direct control. OpenAI currently retains API inputs and outputs for up to 30 days for abuse and misuse monitoring, after which data is automatically deleted. Cloudflare may retain standard HTTP metadata per their privacy policy. See: OpenAI API Data Usage Policy, Cloudflare Privacy Policy.
• Diagnostic logs: If collected, retained for a limited troubleshooting period and automatically deleted.

14. Data Storage & Backups

Health data is stored locally on your device using Apple's SwiftData framework. Your device's iCloud backup settings may include app data — if you use iCloud backup, your health data may be stored in your iCloud account, subject to Apple's Privacy Policy. You can manage iCloud backup settings in your device's Settings app.

15. Data Deletion

You can delete your account at any time from the Profile screen in the app (Profile > Delete Account). This permanently removes:

• All local health data from your device
• Your user record from Firebase
• Your Firebase authentication account

Account deletion requires a two-step confirmation to prevent accidental data loss.

16. Children's Privacy

Flarely is not intended for use by children under the age of 13 (or under 16 in the EU/EEA). We do not knowingly collect personal information from children under these ages. If we learn that we have collected data from a child under the applicable minimum age, we will delete it promptly. Parents or guardians may contact us at hello@lowlatencylabs.app to request deletion.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. For material changes — such as new data collection practices or changes to how AI data is processed — we will also provide notice through the app where possible.

18. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: hello@lowlatencylabs.app

Low Latency Labs LLC
2501 Chatham Rd Suite N
Springfield, IL 62704
USA