Cookies

Essential cookies for authentication. Optional analytics to improve the app. Privacy

Privacy Policy

Last updated May 27, 2026

This Privacy Policy for Selen Coaching LLC, a company affiliated with Alkalytic Ltd ("Company," "we," "us," or "our"), describes how and why we access, collect, store, use, and/or share ("process") your personal information when you use the Alkaterranean web application, native iOS application, APIs, and related services (the "Services").

Alkaterranean is a wellness coaching product, not a medical device. We do not diagnose, treat, cure, or prevent any disease.

1. What Information Do We Collect?

Information You Provide

  • Account information: email address, display name, and password (hashed; we never store plaintext passwords).
  • Profile & wellness preferences: primary health goal, dietary restrictions, food allergies, cuisine preferences, cooking skill level, and how often you eat out.
  • Body metrics (optional): current weight and height. You may skip these during onboarding and can remove them at any time in Settings.
  • Food diary entries: meal type (breakfast, lunch, dinner, snack), text descriptions of what you ate, and the date and time you logged each entry.
  • Meal photos and captures: images you choose to upload for meal logging or photo nutrition analysis, plus related capture metadata such as the linked diary entry and analysis status.
  • AI coaching conversations: messages you send to the AI coach and the responses you receive.
  • Voice notes and transcripts: audio, transcripts, or imported text that you choose to submit for meal capture or coaching context.
  • Wellness check-ins: optional daily symptom tags you report (e.g., energetic, bloated, poor sleep). Used to help the AI coach identify patterns between your meals and how you feel.
  • Weight history (optional): weight entries you log over time, used to track trends and provide coaching context.
  • Apple Health and wearable context (optional): only the categories you explicitly authorize, such as weight, activity, workout, sleep, or similar wellness samples. You can decline or disconnect these permissions.
  • Goals: daily meal targets, weekly streak goals, and daily water intake goals.
  • Billing and entitlement identifiers: subscription status, plan, app-store transaction identifiers, and provider customer IDs needed to manage access.

Information Collected Automatically

  • Usage data: pages visited, features used, and session duration (collected via analytics tools when configured).
  • Device & browser data: browser type, operating system, app version, and screen resolution.
  • Error data: crash reports and performance metrics sent to our error monitoring service (Sentry) to maintain service reliability.

Information We Do Not Collect

  • We do not collect GPS location data.
  • We do not access your contacts.
  • We do not access your camera, photo library, microphone, or Apple Health data unless you choose to grant permission or submit content.
  • We do not use Apple Health, wearable, meal, symptom, or body-metric data for advertising, unrelated targeting, or sale.
  • We do not store payment card numbers (see Section 5).

2. How Do We Use Your Information?

  • Provide the Services: deliver AI coaching, food diary tracking, progress dashboards, streak calculations, and weekly summaries.
  • Personalize your experience: tailor AI coaching responses to your dietary preferences, allergies, goals, and logged meals.
  • AI memory:the AI coach extracts observations from your conversations (e.g., "prefers Greek salads," "has a nut allergy") to improve future coaching responses. These observations are stored in your account and are never shared with other users.
  • Photo, voice, and import analysis: analyze user-submitted photos, transcripts, and imported text to support diary logging, nutrition estimates, and coaching context.
  • Apple Health and wearable context: incorporate optional user-authorized health samples into reviews and coaching when you connect those sources.
  • Safety monitoring: detect eating disorder patterns, self-harm language, or medical emergency disclosures in coaching conversations so we can surface crisis resources.
  • Service improvement: analyze aggregated, de-identified usage patterns to improve features and fix bugs.
  • Coaching emails: send personalized daily coaching emails (referencing your recent meals and wellness data) and weekly progress summaries. These are part of the coaching service and can be toggled off individually in Settings.
  • Service emails: send transactional emails (account verification, password resets, billing notifications, trial reminders). These cannot be disabled as they are essential to your account.

3. AI Processing & Data Minimization

Our AI coaching feature sends the minimum context necessary to generate a relevant response:

  • Your current message and relevant recent conversation history.
  • Your dietary preferences, restrictions, and allergies (for safety and personalization).
  • Today's logged meals with AI analysis, and user-submitted meal photos when photo analysis is requested.
  • Voice transcripts, imported text, or optional Apple Health/wearable summaries when they are relevant to the request.
  • Top-ranked observations from your AI memory (up to 10).

AI processing is handled by third-party inference providers and routing infrastructure (currently Anthropic, OpenAI, and Vercel AI Gateway). We configure these providers under data-processing terms intended to prevent your submitted content from being used to train provider models.

When you use an AI feature — chatting with your coach, photo or label analysis, or voice and transcript capture — you authorize us to transmit the relevant content and context described above to these third-party AI providers, including Anthropic and OpenAI, so they can generate the response you requested. You can avoid this processing by not using those features.

Photo nutrition, transcript, and coaching outputs are estimates. You should review and correct diary entries before relying on them.

Every AI response includes a disclaimer that it is AI-generated wellness coaching, not medical advice.

4. Who Do We Share Your Information With?

We do not sell your personal information. We share data only with the following service providers, under contractual data protection obligations:

ProviderPurposeData Accessed
SupabaseDatabase & authenticationAll account and diary data
Anthropic / OpenAI / Vercel AI GatewayAI coaching, photo analysis, and AI routingRelevant conversation, diary, photo, transcript, and context data (see Section 3)
StripeWeb payment processingBilling data (see Section 5)
Apple / AdaptyiOS in-app purchases, subscription status, and entitlement syncApp-store transaction IDs, provider profile IDs, subscription status
SentryError monitoringError traces, anonymized user IDs
PostHogProduct analyticsFeature usage events (when configured)
ResendEmail deliveryEmail address, display name (for coaching and service emails)

Each of these providers is contractually required to protect your information, to use it only to provide services to us (or as required by law), and to provide the same or an equivalent level of data protection as described in this Privacy Policy. We do not authorize them to sell your personal information or use it for cross-app advertising.

We may also disclose your information if required by law, court order, or to protect the safety of our users.

5. Payment Data

Web payments are handled by Stripe. iOS in-app purchases and subscription entitlement sync are handled by Apple and Adapty. We do not store credit card numbers, bank account details, or other payment instrument data on our servers. We retain only the provider identifiers needed to manage your subscription status, such as a Stripe customer ID, Apple transaction identifiers, or an Adapty profile ID. You can review Stripe's privacy policy at stripe.com/privacy. Apple in-app purchase data is also governed by Apple's privacy policy and App Store terms.

6. Data Security

We implement multiple layers of security to protect your data, following industry best practices including the OWASP Top 10 security framework:

Encryption & Access Control

  • All data in transit is encrypted using HTTPS with TLS 1.2+ and HTTP Strict Transport Security (HSTS).
  • All data at rest is encrypted by our database provider (Supabase/AWS, AES-256).
  • Row-level security (RLS) is enforced on every database table — your queries can only return your own data. This is enforced at the database level, not just the application level.
  • Passwords are hashed using bcrypt; we never store or see your plaintext password.

Application Security

  • Content Security Policy (CSP) headers restrict which scripts, styles, and connections the app can make, protecting against cross-site scripting (XSS) attacks.
  • All user inputs are validated and sanitized before processing. Email content is HTML-escaped to prevent injection attacks.
  • Rate limiting is applied to AI coaching interactions, meal scoring, and data export endpoints to prevent abuse.
  • Webhook signatures are cryptographically verified for all payment processing callbacks.
  • Cron job authentication uses timing-safe comparison to prevent timing attacks.

AI-Specific Protections

  • User messages are sanitized before being sent to AI models to prevent prompt injection attacks.
  • AI responses are validated and filtered through a content safety pipeline before being shown to you.
  • AI inference providers and routing infrastructure are configured under data-processing terms intended to prevent submitted content from being used to train provider models.
  • Every AI-generated response is clearly labeled as AI-generated and includes a wellness coaching disclaimer.

7. Data Retention & Deletion

We retain your personal information for as long as your account is active. When you delete your account:

  • All profile data, food diary entries, uploaded meal photos, voice captures, AI conversations, observations, goals, optional health-source data, and weight history are permanently deleted.
  • Stripe, Apple, and Adapty billing records are retained by those providers according to their data retention policies and legal obligations.
  • Anonymized, aggregated analytics data may be retained for service improvement.

You can delete your account at any time from Settings in the web or iOS app. Deletion is permanent and cannot be undone. For Apple Sign-In accounts, we also attempt to revoke the Apple authorization token as part of account deletion when the required Apple credential is available.

8. Cookies & Tracking

We use cookies for:

  • Essential cookies: authentication session management (required for the app to function).
  • Analytics cookies: product usage tracking via PostHog (when configured). You can opt out of analytics cookies.

We do not use advertising cookies, do not sell data to advertising networks, and do not track you across other companies' apps or websites for advertising.

9. Children's Privacy

Alkaterranean is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If we learn that we have collected data from a user under 18, we will promptly delete their account and all associated data.

10. Your Privacy Rights

All Users

  • Access: view all data we hold about you (available in Settings and via data export request).
  • Correction: update your profile, preferences, and diary entries at any time.
  • Deletion: delete your account and all associated data from Settings.
  • Connected-source controls: disconnect optional Apple Health or wearable sources through the app and revoke the underlying permission in your device settings.
  • Email preferences: control which coaching emails you receive. You can independently toggle daily coaching emails and weekly summary emails in Settings. Transactional emails (account verification, billing) cannot be disabled.

California Residents (CCPA/CPRA)

Under CPRA, your dietary preferences, allergies, and body metrics may be classified as sensitive personal information. You have the right to:

  • Know what personal information we collect and how it is used.
  • Request deletion of your personal information.
  • Opt out of the sale or sharing of your personal information (we do not sell your data).
  • Limit the use of your sensitive personal information to what is necessary for the Services.
  • Non-discrimination for exercising your privacy rights.

Washington Residents

Under the Washington My Health My Data Act, your dietary and wellness data is classified as consumer health data. We collect this data only with your consent (provided during onboarding), use it solely to deliver the Services, and do not sell it. You may withdraw consent and delete your data at any time.

To exercise any of these rights, contact us at privacy@selencoaching.com.

11. Do Not Track

Some browsers transmit a Do Not Track (DNT) signal. There is no uniform standard for responding to DNT signals. We do not currently respond to DNT signals, but we minimize tracking by default and do not use advertising trackers.

12. FTC Health Breach Notification

As a non-HIPAA consumer wellness app, if we experience a data breach involving your health-related information, we will notify you and the Federal Trade Commission within 60 days, as required by the FTC Health Breach Notification Rule.

13. International Users & Data Transfers

Alkaterranean is operated from the United States and the United Kingdom. Our hosting and database infrastructure (including Vercel and Supabase) processes and stores your data primarily in the United States. Our AI inference and routing providers may also process your submitted content in the United States or other countries where they operate.

If you access the Services from the European Union, the United Kingdom, Turkey, or another region with data-protection laws, your personal information will be transferred to, processed in, and stored in the United States and other countries whose data-protection rules may differ from those in your own country. By using the Services, you consent to this transfer.

Where required, we rely on appropriate safeguards for international transfers (such as Standard Contractual Clauses) and handle your data in line with GDPR and UK GDPR principles. To ask about international transfers or exercise your rights, contact us at privacy@selencoaching.com.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by a prominent notice in the app before the changes take effect. The "Last updated" date at the top reflects the most recent revision.

15. Contact Us

If you have questions about this Privacy Policy or your data, contact us:

  • Email: privacy@selencoaching.com
  • Selen Coaching LLC / Alkalytic Ltd