Preserve — Privacy Policy

Effective Date: 2026-05-08 Last Updated: 2026-05-10

1. Introduction

The Preserve mobile application (the “App”) is operated by Fulltech Consulting Inc. (“Preserve,” “we,” “us,” or “our”). The App is a wellness companion that helps people on GLP-1 medications and other weight-management journeys track protein intake, strength training, medication, and weight progress. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. If you see “Fulltech Consulting Inc.” on an Apple or Google receipt for a Preserve subscription, that is the legal entity that operates the App.

This Policy applies to your use of the App and any related services (together, the “Services”). It does not apply to third-party services you connect to or visit through the App, which have their own privacy policies.

By using the Services, you agree to this Policy. If you do not agree, please do not use the Services.

We have written this Policy in plain language wherever possible. Where defined terms are necessary for legal precision, they are capitalized.

2. Information We Collect

We collect only the information needed to provide the Services. We do not sell your information, and we do not run advertising.

2.1 Account Information

When you create an account, we collect:

Email address — used to sign you in, send transactional messages (e.g., password reset, account deletion confirmation), and contact you about your account.
Password — stored only as a one-way hash by our authentication provider (Supabase). We never see or store your password in plain text.
First name — collected during onboarding so the App can address you by name. Optional; you can leave this blank or use any name.

If you sign in using a third-party identity provider (e.g., Sign in with Apple), we receive only the minimum identifiers from that provider needed to maintain your account (e.g., a stable user identifier and, where you choose to share it, your email).

2.2 Health and Wellness Data

The App is built around tracking your health and fitness, so most of the data you enter is health-related. We collect what you choose to enter or what is derived from what you enter:

Profile and demographics

Sex (used for nutrition and strength recommendations).
Birthday (used to derive age for nutrition and strength recommendations).
Height.
Display unit preferences (lb/kg, ft-in/cm).

Body metrics

Current weight (entered at onboarding and updated whenever you log a weight).
Goal weight.
Weight history (each weight entry, with date and an optional note).
Derived progress milestones (computed from your weight history).

Nutrition

Meal logs, including foods you searched for, foods you scanned by barcode, foods identified by photo analysis, and meals you entered manually or templated as “saved meals.”
Macronutrients (protein, calories, carbohydrates, fat) and, where the source provides them, micronutrients (fiber, sugar, vitamins, minerals).
Your daily protein target and target history (we store changes over time so historical days remain accurate).

Strength training

Strength session logs, including session type (e.g., full body, upper body), date, duration, perceived effort, the list of exercises you performed, and any optional note. We do not currently track sets, reps, or per-exercise weights.
Your weekly strength target (e.g., three sessions per week).

Medication

The medication you are tracking (selected from a curated list — for example, semaglutide brand names), route of administration, dose, schedule, and start date.
Each dose you log, including the time you took it, the injection site (when applicable), and any optional note.
Symptom tags and severity if you choose to log them with a dose.
A history of dose changes (kept as an audit trail so historical days remain accurate).
Your reminder preferences for the medication (configured locally; see “Notifications,” below).

Acknowledgments

The date and version of the medical disclaimer you acknowledged on first use.

2.3 Device and Technical Data

To make the App work and to monitor errors, we and our service providers process:

Session tokens — a short-lived access token and a longer-lived refresh token issued by our authentication provider. These are stored on your device so you do not have to sign in repeatedly.
Device identifiers for push notifications — when you enable medication, protein, strength, or weight reminders, your device generates a push notification token (handled by Apple Push Notification service or Firebase Cloud Messaging). Today, all reminders are scheduled locally on your device; the token is not sent to our servers. If we add server-side scheduling in the future, we will update this Policy.
Crash and error reports — when the App encounters an error, our error-monitoring provider (Sentry) collects technical information about the error (stack trace, device model, operating system version, App version) and a sample of the actions that preceded it. We have configured Sentry to not collect your IP address, not collect text you typed into input fields, and not include your meal, medication, symptom, or other personal data in error reports. For diagnostic purposes only, an error report may include your account identifier (a random UUID), the table affected, the type of operation, and the error code returned by our database.
Session replay (errors only, sampled) — Sentry captures a small sample (up to 10%) of sessions that result in an error. All text and images are masked before the replay leaves your device. We do not enable session replay for normal (non-error) sessions.
Camera and photo library access — when you take or pick a meal photo to be analyzed, the App reads that photo from your device. The photo is sent to our food-analysis service for nutritional analysis and is not stored on our servers. We do not access your camera or photo library at any other time.
Microphone access — we do not record audio. Microphone permission is explicitly disabled in the App’s configuration.

2.4 Information We Do Not Collect

We want to be explicit about what we do not collect:

We do not use third-party analytics (Google Analytics, Mixpanel, Amplitude, Segment, or similar).
We do not use device fingerprinting libraries or advertising identifiers.
We do not track you across other apps or websites.
We do not share your information for cross-context behavioral advertising.

2.5 Cookies and the website

The Preserve mobile App does not use cookies — mobile apps do not have a browser cookie store the way websites do. Our marketing and legal website at https://www.getpreserve.app is served through Cloudflare and may set strictly-necessary cookies (for example, Cloudflare’s __cf_bm bot-management cookie) to keep the site secure and serve pages reliably. We do not use cookies for analytics, advertising, fingerprinting, or cross-site tracking. If we add anything beyond strictly-necessary cookies in the future, we will update this Policy and ask for consent where required.

3. How We Use Information

We use the information described above only for the purposes stated when we collected it, and for the legitimate business reasons below:

Purpose	Examples
Operate the Services	Authenticate your account; show your dashboard; sync your data across devices; schedule local reminders.
Personalize the experience	Compute your protein target; surface “next best action”; identify weight progress milestones.
Look up nutrition data	Send your search term or scanned barcode to FatSecret to retrieve nutrition information.
Identify food in meal photos	Send a meal photo (and any description you add) to Google Gemini to estimate the foods present and their macronutrients.
Send transactional messages	Email your account-deletion confirmation; password-reset emails; email change verification.
Diagnose and fix errors	Receive crash and error reports (scrubbed of personal data) from Sentry to find and fix bugs.
Comply with legal obligations and protect our rights and others’	Respond to lawful requests, prevent fraud, enforce our Terms of Service.

We do not sell your information, and we do not use it to train artificial intelligence models on your behalf.

Where required by law (for example, the GDPR), our legal bases for processing are:

Contract — we process the information needed to provide the Services you have asked for.
Consent — we ask for permission before accessing your camera, photo library, or sending push notifications, and we ask for explicit acknowledgment of the medical disclaimer.
Legitimate interests — we collect minimal scrubbed error data so we can fix bugs and keep the App stable; we balance these interests against your rights and process only what is necessary.
Legal obligation — we may process data when required by applicable law.

4. Service Providers

We use a small number of third-party service providers who process information on our behalf, under contracts that limit how they may use that information. We have minimized the number of providers and what each one receives.

4.1 Supabase (database, authentication, storage, edge functions)

Supabase hosts our database and handles authentication. Substantially all of the personal data described in Section 2 is stored in Supabase: your account, profile, weight history, nutrition entries, strength sessions, medication plan and dose history, symptom logs, and preferences.

Region: United States. Operated by Supabase, Inc.
Privacy policy: https://supabase.com/privacy

4.2 Google Gemini (meal photo and description analysis)

When you analyze a meal by photo or by typing a description, we send the photo or description to the Google Gemini API for nutritional analysis. The photo is processed to identify foods and estimate macronutrients; we do not store the photo on our servers. Google’s handling of submitted content is governed by its API policies.

What we send: the meal photo (as an image) and any text description you provide. We do not send your account identifier, name, email, or other profile data.
Privacy policy: https://policies.google.com/privacy
Gemini API additional terms: https://ai.google.dev/gemini-api/terms

4.3 FatSecret (food search and barcode lookup)

When you search for a food by name or scan a barcode, we send the search term or barcode to FatSecret’s nutrition database to retrieve matching foods.

What we send: the search term or barcode. We do not send your account identifier, name, email, or other profile data.
Privacy policy: https://platform.fatsecret.com/privacy-policy

4.4 Sentry (error and performance monitoring)

Sentry receives crash reports, error events, and performance traces from the App. We have configured Sentry to scrub personal data: your IP address is not sent, text you typed into input fields is not captured, and the contents of your meal, medication, symptom, or other personal data are not included in error reports. For diagnostic purposes, an error report may include your account identifier (a random UUID), the affected database table, the operation type, and the error code returned.

What we send: technical error data (stack traces, device model, OS version, App version), an account identifier, and (for a small sample of sessions that error) a masked replay where text and images are obscured before transmission.
Privacy policy: https://sentry.io/privacy/

4.5 Resend (transactional email delivery)

We use Resend to deliver account-related emails — currently, the confirmation email when you delete your account.

What we send: your email address and the email content.
Privacy policy: https://resend.com/legal/privacy-policy

4.6 Apple Push Notification service and Firebase Cloud Messaging (push notifications)

When you enable reminders, your device registers with Apple Push Notification service (iOS) or Firebase Cloud Messaging (Android) to receive push notifications. Today, all reminders are scheduled locally on your device, so we do not send your token to our servers and we do not push notifications from our servers. The notification payload (e.g., “Time to log dose”) is generated on your device.

Apple privacy policy: https://www.apple.com/legal/privacy/
Google (Firebase) privacy policy: https://firebase.google.com/support/privacy

4.7 Apple App Store and Google Play (subscriptions — coming soon)

Before public launch, we will offer subscriptions through Apple’s App Store and Google Play. When you subscribe, payment information is handled entirely by Apple or Google; we receive only a transaction identifier confirming your active subscription status. We never receive or store your full payment-card number. When subscriptions launch, we will use a subscription-management provider (RevenueCat) to validate purchase receipts; we will update this Policy with details before that feature ships.

5. Data Storage and Security

5.1 Where your data is stored

Your data is stored on servers operated by Supabase, Inc. in the United States. We rely on our service providers’ infrastructure controls for operational security.

5.2 How your data is protected

Encryption in transit. All communication between the App and our service providers uses HTTPS.
Access controls. Each request is scoped to your own data; we use access controls so other users cannot access your information.
Authentication. Passwords are stored using industry-standard one-way hashing by our authentication provider; we never see them.
Session tokens on your device. Your authentication tokens are stored using your device’s secure application storage, which is sandboxed by the operating system to the App and not accessible to other apps. Tokens can be revoked server-side, which we do automatically when you delete your account.
Error reports. We have configured our error-monitoring provider to suppress your IP address, mask text inputs, and exclude the contents of your personal data from error reports.

No system is perfectly secure. While we apply reasonable safeguards, we cannot guarantee absolute security. If we become aware of a security breach affecting your data, we will notify you and any required authorities as the law requires.

5.3 Children’s data

The Services are intended for users 18 years of age or older. We do not knowingly collect information from anyone under 18. If you believe a child has provided us information, please contact us using the information in Section 11 and we will delete it.

6. Your Rights and Choices

6.1 Rights available to all users

You can:

Access and review your data in the App (Settings → Profile, Settings → Notifications, and the Today, Protein, Strength, Medication, and Progress tabs collectively show essentially all data you have provided).
Correct your data by editing it in the App (profile, weight entries, meal entries, strength sessions, medication plan, etc.).
Delete your account and your data at any time from Settings → Account → Delete Account. This action is permanent and will remove your account, your profile, your weight, nutrition, strength, medication, symptom, and preference data from our database. (See Section 7 for retention details.)
Manage notifications from Settings → Notifications, or from your device’s system Settings.
Manage camera and photo library access from your device’s system Settings at any time.

If you are in the European Economic Area, the United Kingdom, or Switzerland, you also have the right to:

Receive a copy of your personal data in a portable format (Article 15 / Article 20).
Object to or restrict processing in certain circumstances (Articles 18 and 21).
Withdraw consent where we relied on consent to process your data; withdrawal does not affect processing already performed.
Lodge a complaint with your local data protection authority. We hope you will contact us first so we can try to resolve your concern.

To exercise rights that are not available directly through the App, contact us using the information in Section 11. We aim to respond within 30 days.

6.3 Additional rights for California residents (CCPA / CPRA)

If you are a California resident, you have the right to:

Know what personal information we have collected about you, the sources, the purposes, and any categories of recipients.
Delete the personal information we hold about you (subject to limited legal exceptions).
Correct inaccurate personal information.
Limit the use of sensitive personal information to that which is necessary to provide the Services.
Not be discriminated against for exercising these rights.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We also do not knowingly sell or share the personal information of consumers under 16. To exercise these rights, contact us using the information in Section 11. We may need to verify your identity before responding.

7. Data Retention and Deletion

We retain your information for as long as your account is active and for a short period afterward to comply with legal obligations and to recover from operational errors.

Data	Retention
Account, profile, and all health and wellness data	While your account is active. Deleted from our primary database immediately when you delete your account.
Database backups	Operational backups are retained for up to 30 days by Supabase before being overwritten. Your data may persist in those backups for that period after deletion.
Error reports (Sentry)	Up to 90 days for events; up to 30 days for masked replays. These reports do not contain your meal, medication, symptom, or other personal data; they may contain your account identifier (a random UUID), which is no longer linked to a person after account deletion.
Email address	Used to send the deletion confirmation email; not retained by us afterward.
Logs of API calls (Supabase, Resend, Sentry)	Retained per the providers’ policies (typically days to weeks) for operational and security purposes.

When you delete your account, the App also clears all of your data from your device.

8. International Data Transfers

If you are accessing the Services from outside the country in which our service providers operate, your information may be transferred to, stored, and processed in another country. Where we transfer personal data out of the European Economic Area, the United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.

9. Changes to This Policy

We may update this Policy from time to time. When we do, we will change the “Last Updated” date at the top. If the changes are material, we will provide additional notice (for example, by an in-App notice or by email). Your continued use of the Services after the updated Policy takes effect means you accept the updated Policy.

10. Notice About Health Data and Medical Decisions

The App is a tracking and information tool. It is not a medical device. Information in the App is for general wellness purposes only and is not medical advice, diagnosis, or treatment. Always consult your prescribing clinician about your medication, dosing, and any health concerns. Do not change, delay, or discontinue medical treatment based on information in the App.

For more information about health and medical disclaimers, see our Terms of Service, which contain the binding terms governing your use of the App.

11. Contact Us

For questions about this Policy or to exercise your rights:

Privacy: privacy@getpreserve.app
General support: support@getpreserve.app

For postal correspondence, please contact us by email first and we will provide a mailing address on request.

We aim to respond to privacy inquiries within 30 days.

This Policy is effective as of the date shown above and supersedes any prior version.