Privacy Policy
Effective Date: July 7, 2026 · Last Updated: July 7, 2026
Titra collects the following categories of data to provide and improve the App's features. This Privacy Policy explains what we collect, how we use it, and your rights. By using the App, you consent to the practices described herein.
1. What Data We Collect
Titra collects the following categories of data:
Account Information:
• Email address (for authentication)
• Username (no real name required)
• Apple or Google sign-in tokens (if you use social login)
Health & Wellness Data (self-reported):
• Medication details: brand, dose, frequency, injection dates and sites
• Body metrics: height, weight, body composition
• Food logs: meal descriptions, photos, nutritional data
• Activity logs: exercise type, duration, steps
• Side effects: type, severity, frequency
• Mood logs: mood ratings, tags, and related notes
• Wellness surveys: appetite, energy, mood, sleep quality, GI symptoms, food noise, mental wellness
• Weekly check-in scores across 7 wellness domains
• Progress photos: body photos you optionally capture to track visual changes
• Voice recordings: audio clips you record when using voice features (sent for transcription as described in the AI Disclosure)
Biometric Data (optional, with permission):
• Apple HealthKit (iOS): heart rate, HRV, sleep duration, steps, SpO2, blood glucose, resting heart rate, respiratory rate, VO2 max, body fat, lean mass, waist circumference, blood pressure
• Health Connect (Android): heart rate, HRV, sleep, steps, blood glucose, resting heart rate, active calories
Demographic Data:
• Date of birth, sex, activity level
Purchase & Subscription Data:
• Subscription status, plan, and store transaction identifiers
• We never receive or store your full payment card details (payments are processed by Apple, Google, or Stripe)
Usage Data:
• App interaction data, feature usage patterns
• Crash and error reports
• Push notification token (if you enable notifications)
2. How Data Is Stored
Your data is stored using industry-standard security practices:
Server-Side Storage:
• Supabase (PostgreSQL database) with Row-Level Security (RLS) — each user can only access their own data
• Photos (progress and food photos) and report PDFs are stored in private storage buckets tied to your account
• Report share links you create use unguessable tokens that expire automatically and can be revoked by you at any time
• All data is encrypted in transit using TLS/SSL
• Authentication managed by Supabase Auth with secure JWT tokens
Device-Local Storage:
• AsyncStorage for offline access to profile data, preferences, and cached content
• Local data stays on your device and is not shared with third parties
We do not sell your data to any third party.
3. Third-Party Data Sharing
We share limited data with the following service providers solely to deliver App functionality:
OpenAI (GPT-4o, GPT-4o-mini, Whisper & text-to-speech):
• What is shared: wellness context (medication type, scores, nutrition/activity summaries, side effects), food photos for analysis, voice recordings for transcription, and coach reply text for voice playback
• What is NOT shared: your email, username, or any directly identifying information
• Purpose: AI-powered coaching, food recognition, personalized insights, voice-to-text transcription, and spoken coach replies
• OpenAI's data retention: subject to OpenAI's API data usage policy (API inputs are not used for model training)
FatSecret:
• What is shared: food search queries, barcode lookups, recipe search queries
• Purpose: nutritional database lookups, food identification, recipe nutrition data
PostHog (Analytics & Session Replay):
• What is shared: anonymized usage events (e.g., which features you use, screen views, button taps), crash and error reports, and a small sample of session recordings in which all text inputs and images are masked on your device before anything is sent
• What is NOT shared: your email, username, or readable health data — masking hides typed values (weights, doses, notes) and all photos in recordings
• Purpose: understanding how the App is used and diagnosing problems so we can improve the experience
Sentry (Crash Reporting):
• What is shared: crash and error reports containing technical stack traces, device and OS information, and an opaque user ID
• What is NOT shared: your email, username, IP address, or request contents — these are stripped before reports are sent
• Purpose: detecting, diagnosing, and fixing crashes and bugs
Apple App Store, Google Play & Stripe (Payments):
• What is shared: the purchase and subscription events needed to activate and maintain your plan
• What is NOT shared: we never receive or store your full payment card details; payments are processed entirely by Apple, Google, or Stripe
• Purpose: subscription billing and access to paid features
Expo Push Notification Service:
• What is shared: a device push token and the content of notifications you have enabled (e.g., reminders)
• Purpose: delivering push notifications to your device
We do not share your data with advertisers, data brokers, or any entity not listed above.
4. How We Use Your Data
We use your data exclusively to provide and improve the App's features:
• Personalized nutrition and activity targets based on your profile
• Medication tracking and adherence scoring
• AI-powered wellness coaching and insights
• Side effect monitoring and trend analysis
• Weekly health summaries and progress tracking
• Exportable wellness reports for your personal use
• Managing your subscription and access to paid features
We do not use your data for advertising or marketing purposes. We do not build advertising profiles. We do not sell your data.
5. Your Rights
You have the following rights regarding your data:
All Users:
• Access: View all your data within the App at any time
• Export: Download your health data as a PDF report
• Deletion: Delete your account and all associated data
• Correction: Update your profile and health data at any time
California Residents (CCPA):
• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information (note: we do not sell your data)
• Right to non-discrimination for exercising your rights
EU/EEA Residents (GDPR):
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
To exercise any of these rights, contact us at the email address provided in Section 8.
6. Data Retention
We retain your data for as long as your account is active.
Upon account deletion:
• Profile data, health logs, and chat history are permanently deleted within 30 days
• Anonymized, aggregated analytics data may be retained (this data cannot identify you)
• Data required by law may be retained for the legally required period
Local data stored on your device (AsyncStorage) is cleared when you sign out or delete the App.
7. Children's Privacy
The App is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children under 18.
If we become aware that we have collected data from a child under 18, we will promptly delete that information. If you believe a child under 18 has provided us with personal information, please contact us immediately.
8. Contact Information
For questions about this Privacy Policy, to exercise your data rights, or to report a concern:
Titra Health LLC
Email: support@titrahealth.io
We will respond to all data rights requests within 30 days.
© 2026 Titra Health LLC. All rights reserved.
