Back

Privacy Policy

Effective Date: February 28, 2026 · Last Updated: February 28, 2026

1. Introduction

Welcome to BeyondlyAI ("we," "our," or "us"). BeyondlyAI is an AI-powered ingredient intelligence and wellness platform that helps users scan food products, analyze ingredients, track calories, plan meals, and follow workout plans.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service"). Please read this policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name
  • Authentication credentials (passwords are securely hashed and managed by our authentication provider; we never store plaintext passwords)
  • Third-party authentication tokens if you sign in via Google or Apple (we receive your name and email from these providers)

2.2 Health and Fitness Data

To provide personalized nutrition and fitness features, we collect health-related information you voluntarily provide during onboarding and app usage:

  • Fitness goal (e.g., lose weight, gain muscle, maintain, eat healthy)
  • Current weight, target weight, and starting weight
  • Height, age, and gender
  • Activity level
  • Daily calorie and macronutrient targets (protein, carbohydrates, fat)
  • Calorie entries (food consumed and calories burned, meal types, logged times)
  • Workout logs (exercises performed, duration, calories burned)
  • AI-generated workout plans
  • Dietary preferences: diet type, food allergies, dietary restrictions, cuisine preferences, cooking skill level, household size, weekly budget, and maximum preparation time

2.3 Product and Scan Data

When you use our scanning and analysis features, we collect:

  • Product barcodes scanned via your device camera
  • Product names, brands, ingredient lists, and nutritional information (sourced from public databases)
  • AI-generated ingredient analysis results, health scores, and alternative product suggestions
  • Food label photos submitted for analysis (processed transiently; only a cryptographic hash is stored for duplicate detection — the original image is not permanently stored on our servers)
  • Product search queries

2.4 Meal Plan Data

  • AI-generated personalized meal plans

2.5 Subscription and Payment Data

  • Subscription tier and trial status
  • Payment processing identifiers (Stripe customer ID for web payments; Apple In-App Purchase transaction data via RevenueCat for iOS)
  • We do not store your credit card numbers, bank account details, or full payment credentials. All payment processing is handled by our third-party payment providers (Stripe and Apple/RevenueCat).

2.6 Technical and Device Data

  • Push notification tokens and subscription endpoints
  • Notification delivery logs and preferences
  • Feature usage counts (e.g., number of scans, meal plans generated)
  • Device type, operating system, and browser user agent
  • Anonymous page view and performance data (via Vercel Analytics)
  • Error and crash reports, including device information, stack traces, and breadcrumbs (via Sentry, when integrated)

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Analyze food product ingredients, generate personalized meal plans, track calories, and create workout plans
  • Personalize your experience: Tailor AI-generated insights, recommendations, and analysis based on your dietary preferences, fitness goals, and usage history
  • Generate AI-powered analysis: Send product ingredient data and label images to our AI providers for educational nutritional analysis
  • Process payments: Manage subscriptions, free trials, and usage limits
  • Send notifications: Deliver daily nutrition insights, meal reminders, and workout schedules (with your consent)
  • Improve the Service: Analyze usage patterns, diagnose technical issues, and optimize performance
  • Detect duplicate content: Use image hashing to prevent redundant AI processing of previously scanned labels
  • Ensure security: Protect against unauthorized access, fraud, and abuse through Row Level Security policies and authentication

4. AI-Powered Features

BeyondlyAI uses artificial intelligence to power several core features. It is important that you understand how your data interacts with these AI systems:

4.1 Ingredient Analysis

When you scan a product barcode or submit a food label photo, the product's ingredient list (and nutritional information, if available) is sent to Anthropic's Claude AI for analysis. The AI evaluates ingredients for potential concerns, identifies allergens, and may suggest healthier alternatives. Your personal identity is not sent to the AI — only the product data.

4.2 Label Photo Analysis

When you photograph a food label, the image is sent to Anthropic's Claude AI for text extraction and ingredient analysis. The image is processed in real-time and is not permanently stored on our servers. Only a cryptographic hash (SHA-256) of the image is stored to detect duplicate uploads and prevent unnecessary re-processing.

4.3 Meal Plans, Insights, and Workout Plans

To generate personalized meal plans, daily nutrition insights, and workout plans, we send your dietary preferences, fitness goals, calorie/macro targets, recent food logs, workout history, and anonymized fitness profile data (such as age, gender, height, weight, and activity level) to Anthropic's Claude AI. Your name, email address, and account identifiers are never included in AI requests. This data is used solely to generate your personalized recommendations and is not used by Anthropic to train their models.

4.4 AI Disclaimer

AI-generated analysis and recommendations are provided for educational and informational purposes only. They may contain inaccuracies. AI results should not be considered medical, nutritional, or dietary advice. Always consult qualified healthcare professionals before making significant dietary or fitness changes.

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We share data only with the following service providers, solely to operate and improve the Service:

Service ProviderData SharedPurpose
SupabaseAll user data (account, health, scans, etc.)Database hosting, authentication, and Row Level Security
Anthropic (Claude AI)Product ingredients, label images, dietary/fitness contextAI-powered ingredient analysis, meal planning, insights, and workout generation
Open Food FactsBarcodes and product search queriesProduct information lookup (public, open-source database)
StripeEmail, subscription eventsWeb payment processing
RevenueCat / AppleUser ID, purchase transaction dataiOS In-App Purchase management
Google OAuthEmail, name (received from Google)Authentication (Sign in with Google)
Apple OAuthEmail, name (received from Apple)Authentication (Sign in with Apple)
VercelAnonymous page views, web vitalsHosting, deployment, and privacy-friendly analytics
SentryDevice info, error stack traces, breadcrumbsError tracking and crash reporting

We may also disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of BeyondlyAI, our users, or the public.

6. Data Storage and Security

We take the security of your data seriously and employ the following measures:

  • Encryption in transit: All data is transmitted over HTTPS/TLS encryption
  • Encryption at rest: Data stored in our database is encrypted at rest by our infrastructure provider (Supabase/AWS)
  • Row Level Security (RLS): Database-level policies ensure users can only access their own data
  • Authentication: Secure session management via Supabase Auth with support for email/password, Google OAuth, and Apple OAuth
  • Password security: Passwords are hashed using industry-standard algorithms; we never store or have access to plaintext passwords
  • API security: Server-side API routes validate authentication and authorization before processing requests

While we implement commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

7. Data Retention

We retain your data as follows:

  • Account data: Retained for as long as your account is active
  • Health and fitness data: Retained for as long as your account is active; deleted upon account deletion
  • Scan and analysis data: Retained for as long as your account is active to provide scan history and avoid redundant AI processing
  • Label photo images: Processed in real-time and not permanently stored; only cryptographic hashes are retained
  • Cached product data: Public product information from Open Food Facts is cached for up to 30 days to improve performance
  • Payment data: Subscription records are retained as required for financial and legal compliance; full payment details are stored by Stripe/Apple, not by us
  • Usage and analytics data: Retained for the duration of your account to enforce usage limits and improve the Service

When you delete your account, all personal data associated with your account is permanently deleted from our database. Certain anonymized or aggregated data that cannot be used to identify you may be retained for analytical purposes.

8. Your Rights and Choices

You have the following rights regarding your data:

  • Access your data: You can view your profile, fitness goals, scan history, calorie logs, and other personal data within the app at any time
  • Update your data: You can modify your profile information, dietary preferences, fitness goals, and other personal data through the Settings page
  • Delete your account: You can request complete deletion of your account and all associated data. Upon deletion, all your personal data, scan history, meal plans, calorie logs, and workout data will be permanently removed from our systems
  • Manage notifications: You can opt in or out of push notifications at any time through the app's notification settings or your device settings
  • Manage subscriptions: You can upgrade, downgrade, or cancel your subscription at any time through the app or through the Apple App Store subscription management
  • Withdraw consent: Where processing is based on your consent, you may withdraw it at any time by contacting us or adjusting your settings. Withdrawal does not affect the lawfulness of processing performed before withdrawal.

To exercise any of these rights, please contact us at hello@beyondlyai.com.

9. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to data portability: Request a machine-readable copy of your data
  • Right to restriction: Request that we limit how we process your data
  • Right to object: Object to our processing of your data in certain circumstances
  • Right to lodge a complaint: File a complaint with your local data protection authority

Legal basis for processing: We process your personal data based on: (a) your consent (e.g., creating an account, enabling notifications); (b) contractual necessity (e.g., providing the Service you requested); and (c) legitimate interests (e.g., improving the Service, ensuring security).

International transfers: Your data may be transferred to and processed in the United States where our infrastructure providers operate. We ensure appropriate safeguards are in place for such transfers.

To exercise your GDPR rights, contact us at hello@beyondlyai.com. We will respond within 30 days.

10. CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to know: You can request that we disclose what personal information we collect, use, and share about you
  • Right to delete: You can request that we delete personal information we have collected from you
  • Right to opt-out of sale: We do not sell your personal information to third parties
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise your CCPA rights, contact us at hello@beyondlyai.com. We will verify your identity before processing your request.

11. Children's Privacy

The Service is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@beyondlyai.com and we will promptly delete such information.

12. Health and Medical Disclaimer

Important Notice

BeyondlyAI is an educational and informational tool. It is not intended to diagnose, treat, cure, or prevent any disease or health condition.

The ingredient analysis, nutrition insights, meal plans, calorie estimates, and workout plans provided by BeyondlyAI are generated using artificial intelligence and public data sources. These outputs may contain inaccuracies and should not be relied upon as medical, nutritional, or dietary advice.

Always consult a qualified healthcare professional, registered dietitian, or certified fitness trainer before making significant changes to your diet, exercise routine, or health regimen. Individual nutritional needs and responses to ingredients vary widely.

13. Camera and Photo Access

BeyondlyAI requests camera and photo library access for the following purposes:

  • Camera access: Used to scan product barcodes (EAN-13, EAN-8, UPC-A, UPC-E, Code 128, Code 39) and photograph food ingredient labels for AI-powered analysis
  • Photo library access: Used to select existing photos of food labels from your device for ingredient analysis

Camera and photo data is processed locally on your device for barcode decoding. Food label images are sent to our AI provider (Anthropic) for text extraction and analysis, then discarded. We do not store the original images on our servers.

You can revoke camera or photo library permissions at any time through your device's operating system settings. The app will continue to function with limited capabilities (manual barcode entry, product search by name).

14. Cookies and Local Storage

BeyondlyAI uses the following client-side storage mechanisms:

  • Authentication cookies: Secure, HTTP-only cookies managed by Supabase for maintaining your authenticated session
  • Local storage: Used to store your theme preference (dark/light mode), recent scan history cache, and daily statistics for faster app loading. This data stays on your device and is not sent to our servers

We use Vercel Analytics, which is a privacy-friendly analytics solution that does not use cookies and does not track individual users across sites. It collects anonymous, aggregated data about page views and web performance.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, where appropriate, providing additional notice through the app (such as a push notification or in-app banner). Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

BeyondlyAI

Email: hello@beyondlyai.com

Website: https://beyondlyai.com

We aim to respond to all privacy-related inquiries within 30 days.

© 2026 BeyondlyAI. All rights reserved.

Back to top ↑