MinervaOS — Privacy Policy
Last updated: July 6, 2026
This Privacy Policy explains how Brizo Finance LLC, the operator of MinervaOS ("MinervaOS," "we," "us," or "our") collects, uses, shares, and protects information when you use the MinervaOS iPhone application and related services (the "Service"). By using the Service, you agree to this Privacy Policy. Capitalized terms not defined here have the meaning given in our Terms of Service.
Our commitments, in plain terms: We do not sell your personal information. We do not use it for third-party or cross-app advertising. We do not track you across other companies' apps or websites. We use no analytics, advertising, or tracking SDKs. Data we read from Apple Health and your wearables is used on your device to compute your estimates and is not sent to our servers.
If you are a California resident, please also see Section 13 (Your California Privacy Rights), which includes the disclosures required by the CCPA/CPRA and CalOPPA.
1. Who We Are
MinervaOS is a nutrition, fitness, and wellness tracking app for iPhone. The business responsible for your information (the "data controller") is Brizo Finance LLC, contactable at support@minervaos.app.
2. Information We Collect
a. Information you provide
- Account information: your email address and password (passwords are handled by our authentication provider and are not stored by us in readable form). If you use Sign in with Apple, we receive the identifier Apple provides and, if you choose to share it, your name and a relay email.
- Profile and health inputs you enter: display name; username; profile photo; and health/body information you choose to enter, which may include height, weight, age, date of birth, sex, activity level, goal and target rate, body-fat percentage and lean mass (and the measurement method, e.g. DEXA or a smart scale), resting heart rate, VO₂max, measured resting metabolic rate, thyroid (TSH) value, free-text lab notes, and custom calorie/macro/micronutrient targets.
- Logged content: foods and meals you log (name, calories, macros, micronutrients, portion notes), workouts (type, duration, intensity, exercises, sets/reps/weights, average heart rate), body-weight entries, saved meals and recipes, and custom foods you create.
- Food and report photos: photos of meals or nutrition labels you scan, and images of body-composition reports (e.g. DEXA/InBody/smart-scale reports) you choose to upload. See Section 4 (AI Processing).
- Group / social content: if you use Groups, the group content you create — posts ("shares") of workouts, meals, or daily summaries; chat messages and any photos you attach; comments; emoji reactions; and moderation actions you take (users you block, content you report).
b. Health and wearable data (mostly on-device)
- With your permission, the Service reads data from Apple Health, which may include steps, walking/running distance, flights climbed, heart rate and resting heart rate, heart-rate variability, VO₂max, sleep, workouts, body mass, body-fat percentage, and lean body mass. It can also write the body weight you log back to Apple Health (so apps like WHOOP stay in sync).
- With your permission, the Service can connect to third-party wearable platforms (currently WHOOP, with others planned) and retrieve activity, recovery, strain, sleep, workout, and body-measurement data.
- How this data is handled: data read from Apple Health and from connected wearables is processed on your device to compute your estimates (such as your calorie burn) and is not transmitted to our servers or to any third party, and is never used for advertising or sold. (Health/body values that you enter into your profile are stored as part of your profile — see Section 2a — but the raw Apple Health and wearable data streams stay on your device.) WHOOP OAuth tokens are stored securely in your device Keychain.
c. Information collected automatically
- Device push token: to deliver group push notifications, we register an Apple Push Notification service (APNs) device token and the notification environment.
- Log and technical data: when your app communicates with our backend, our infrastructure provider automatically logs standard request metadata — including IP address, timestamps, request/endpoint details, and error/diagnostic information — for security, abuse prevention, and reliability. This is standard server logging; we do not use it to build advertising profiles.
- We do not collect precise geolocation, your contacts, microphone audio, advertising identifiers (IDFA), or any cross-app tracking identifiers.
d. Purchase information
If you buy a subscription, the purchase is processed by Apple. We receive your subscription/entitlement status from Apple; we do not receive your full payment-card details.
e. Information from third parties
If you sign in with Apple (or another provider we may offer), that provider gives us a token confirming your identity and, if you allow it, your name and email.
3. How We Use Information
We use information to: provide, operate, and secure the Service and your account; generate your estimates, targets, and AI outputs (calorie/macro/micronutrient estimates, calorie-burn and metabolism calculations, food recognition, and suggestions); sync and back up the data you log; operate Group features you choose to use; deliver notifications and reminders you enable; look up products you scan by barcode; provide support; prevent fraud and abuse and enforce our Terms; comply with legal obligations; and maintain and improve the Service. We do not use your health data, food photos, or personal content to serve advertisements, and we do not sell this information.
4. AI Processing and Third-Party AI Provider
To provide AI features, content you submit is transmitted through our backend to a third-party AI provider (Anthropic) via its API and processed to return a result to you. This includes: food/label photos and any description or correction you add; body-composition report images you upload (DEXA/InBody/smart-scale); and text you send to the AI assistant (and recent conversation turns). We instruct our AI provider to process this content only to return results to you and not to use it to train its models, consistent with its API terms. We do not retain your food-scan or report photos on our servers; a copy of a food-scan photo is kept on your device so you can review or edit the entry. If you prefer not to use AI photo analysis, you can enter foods manually instead.
5. Barcode Lookup
When you scan a product barcode, the barcode number is sent to Open Food Facts (a third-party open food database) to look up product and nutrition information. Only the barcode is sent for this lookup; no account information is included.
6. Group and Social Features
Groups are optional. If you use them, the content you share to a group — posts, messages, photos you attach, comments, and reactions — is stored on our backend and is visible to the other members of that group. Group chat photo attachments are stored in a private storage area accessible to that group's members; your profile avatar is stored in a publicly accessible storage area so co-members (and anyone with the link) can display it, so avoid using a photo you wish to keep private. You can block users and report content; blocks and reports are stored to operate those features and for safety.
7. How We Share Information
We share information only as described here, and we do not sell it or share it for cross-context behavioral advertising:
- Service providers (processors) who operate the Service on our behalf under contracts limiting their use of the data, including: our backend, database, authentication, and file-storage provider (Supabase); our AI provider (Anthropic — Section 4); and Apple (Sign in with Apple, App Store subscriptions, and Apple Push Notification service — for group push we send Apple your device token and the notification text, which may include a group name, a sender's name, and a short message preview).
- Barcode database (Open Food Facts) — Section 5.
- Wearable platforms you connect (e.g. WHOOP), to authenticate and retrieve data you authorize.
- Other users — content you choose to share in a Group is visible to that group's members.
- Legal and safety — when required by law or legal process, or to protect the rights, safety, and security of users, the public, or us.
- Business transfers — in a merger, acquisition, financing, or sale of assets, subject to this Policy.
8. Legal Bases (EEA/UK Users)
If you are in the EEA or UK, we process your personal data on these bases: performance of a contract (to provide the Service you request); consent (for health data, Apple Health/wearable access, AI photo processing, and notifications — withdrawable anytime); legitimate interests (to secure, maintain, and improve the Service, balanced against your rights); and legal obligation. Health data is "special category" data, processed based on your explicit consent.
9. Data Retention
We retain your information for as long as your account is active or as needed to provide the Service, and thereafter as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. When you delete your account (Section 12), we delete your account and associated personal data from our active systems; residual copies may persist for a limited period in backups and server logs before being overwritten. Content you shared into a Group may remain visible to that group in de-identified form after your account is deleted.
10. Security
We use reasonable technical and organizational measures designed to protect your information, including encryption in transit, row-level access controls that scope your data to your account, secure Keychain storage for tokens on your device, and reputable infrastructure providers. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. Protect your credentials and notify us of any suspected unauthorized access.
11. Data Sent Off Your Device vs. Kept On It
For transparency: kept on your device (not on our servers) — Apple Health and wearable data streams, your local weight log, saved-meal/recipe templates, app preferences, and a local copy of your food-scan photos. Sent to and stored on our servers — your account, profile (including health/body values you enter), food/workout logs, group content, avatars, and push tokens. Sent for processing but not stored by us — food/report photos and AI-assistant text (to our AI provider) and barcodes (to Open Food Facts).
12. Your Choices and Rights
- Account deletion. Delete your account and associated data anytime in the app: Settings → Account → Delete Account. This removes your profile, logs, weight history, saved items, AI estimates, device tokens, and your group content from our active systems.
- Access & correction. You can view and edit your profile, logs, and content directly in the app. For other requests, contact support@minervaos.app.
- Permissions. Control camera, photo, Apple Health, notification, and wearable permissions in iOS Settings and within the app. Revoking a permission may limit related features.
- Marketing. We don't run third-party ads or sell your data; messages are limited to operating the Service and the notifications you enable.
13. Your California Privacy Rights
This section provides the disclosures required by the California Consumer Privacy Act, as amended by the CPRA ("CCPA"), and the California Online Privacy Protection Act ("CalOPPA"), and applies to California residents.
13.1 Categories of personal information we collect
In the past 12 months we have collected the following CCPA categories (with examples). We collect these from you, your device, and services you connect (Apple Health/wearables, Sign in with Apple):
- Identifiers — name, username, email address, account/user ID, IP address, device push token. (Collected: Yes.)
- California customer-records information (Civ. Code §1798.80(e)) — name and account contact information. (Yes.)
- Protected classification characteristics — age/date of birth and sex (used to calculate your nutrition and energy targets). (Yes.)
- Commercial information — your subscription/entitlement status (payment is processed by Apple). (Yes, limited.)
- Internet or other electronic network activity — app usage and interaction data, and server log/request metadata. (Yes.)
- Geolocation data — we do not collect precise location; an approximate region may be inferable from your IP address in standard server logs. (No precise location.)
- Sensory information — photos you submit (food/label images, body-composition report images, group photos). (Yes.)
- Inferences — estimates and targets we derive from your data (e.g. estimated calorie burn, personalized targets). (Yes.)
- Sensitive personal information (see 13.2). (Yes.)
- We do not collect: biometric identifiers used to identify you, professional/employment information, education records, or precise geolocation.
13.2 Sensitive personal information (SPI)
We collect the following SPI: account log-in credentials (email with password) and health information (the body metrics, nutrition, and fitness data you provide and log). We use and disclose SPI only for purposes permitted under the CCPA — namely to provide the Service you request and as otherwise allowed without a right to limit (e.g. security, preventing fraud, and ensuring the Service works). We do not use SPI to infer characteristics about you for any purpose other than providing the Service. Because we do not use or disclose SPI beyond these permitted purposes, the CCPA "right to limit" does not change how we handle it.
13.3 Purposes, sources, and disclosures
We collect each category to provide, secure, personalize, and improve the Service, as described in Sections 3–7. Sources are described in 13.1. We disclose personal information for these business purposes to our service providers — our hosting/database/storage provider (Supabase), our AI provider (Anthropic), Apple (sign-in, subscriptions, and push), and Open Food Facts (barcode lookup) — and to other group members for content you choose to share.
13.4 No sale or sharing
We do not sell your personal information and do not share it for cross-context behavioral advertising, as those terms are defined under the CCPA. We have not done so in the preceding 12 months. We do not sell or share the personal information of minors.
13.5 Your California rights
Subject to verification and legal exceptions, you have the right to: know/access the personal information we have collected about you; delete it; correct inaccurate information; opt out of sale/sharing (we do neither); limit the use of sensitive personal information (we already restrict it to permitted purposes); and not be discriminated or retaliated against for exercising your rights.
13.6 How to exercise your rights
You can exercise most rights directly in the app (edit your data, or Settings → Account → Delete Account), or contact us at support@minervaos.app. We will verify your request using information associated with your account. You may use an authorized agent to submit a request on your behalf with proof of authorization. We will respond within the timeframes required by law.
13.7 "Shine the Light"
California Civil Code §1798.83 lets California residents request information about disclosures of personal information to third parties for their direct marketing. We do not share personal information with third parties for their own direct marketing.
13.8 Do Not Track
Some browsers offer a "Do Not Track" (DNT) signal. Because we do not track users across third-party websites or apps and do not permit third parties to do so through the Service, we do not need to respond differently to DNT signals; our practice is not to track you regardless of any DNT setting.
14. Children's Privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, contact support@minervaos.app and we will delete it. Minors in their jurisdiction should use the Service only with the involvement of a parent or guardian.
15. International Data Transfers
We and our service providers may process and store your information in the United States and other countries whose data-protection laws may differ from yours. Where required, we use appropriate safeguards for international transfers. By using the Service, you understand your information may be transferred to and processed in these countries.
16. Apple Health Data — Specific Commitments
Consistent with Apple's requirements: we will not use Apple Health (HealthKit) data for advertising or marketing; we will not sell it or share it with third parties for advertising, marketing, data-mining, or similar purposes; we will not disclose it to third parties without your authorization except as needed to provide a health service you requested; and we use it only to provide health, fitness, and wellness features within the Service. As noted in Section 2b, Apple Health data is processed on your device and is not transmitted to our servers.
17. Third-Party Services
The Service integrates with and links to third-party services (Apple, our infrastructure/AI providers, wearable platforms, and Open Food Facts). Their handling of your information is governed by their own privacy policies, which we encourage you to review. We are not responsible for third parties' practices.
18. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide notice (for example, in-app or by updating the "Last updated" date) and, where required, obtain your consent. Your continued use of the Service after an update takes effect constitutes acceptance of the updated Policy.
19. Contact Us
Questions or requests regarding this Privacy Policy or your data:
support@minervaos.app