MinervaOS — Privacy Policy

Last updated: July 6, 2026

This Privacy Policy explains how Brizo Finance LLC, the operator of MinervaOS ("MinervaOS," "we," "us," or "our") collects, uses, shares, and protects information when you use the MinervaOS iPhone application and related services (the "Service"). By using the Service, you agree to this Privacy Policy. Capitalized terms not defined here have the meaning given in our Terms of Service.

Our commitments, in plain terms: We do not sell your personal information. We do not use it for third-party or cross-app advertising. We do not track you across other companies' apps or websites. We use no analytics, advertising, or tracking SDKs. Data we read from Apple Health and your wearables is used on your device to compute your estimates and is not sent to our servers.

If you are a California resident, please also see Section 13 (Your California Privacy Rights), which includes the disclosures required by the CCPA/CPRA and CalOPPA.


1. Who We Are

MinervaOS is a nutrition, fitness, and wellness tracking app for iPhone. The business responsible for your information (the "data controller") is Brizo Finance LLC, contactable at support@minervaos.app.

2. Information We Collect

a. Information you provide

b. Health and wearable data (mostly on-device)

c. Information collected automatically

d. Purchase information

If you buy a subscription, the purchase is processed by Apple. We receive your subscription/entitlement status from Apple; we do not receive your full payment-card details.

e. Information from third parties

If you sign in with Apple (or another provider we may offer), that provider gives us a token confirming your identity and, if you allow it, your name and email.

3. How We Use Information

We use information to: provide, operate, and secure the Service and your account; generate your estimates, targets, and AI outputs (calorie/macro/micronutrient estimates, calorie-burn and metabolism calculations, food recognition, and suggestions); sync and back up the data you log; operate Group features you choose to use; deliver notifications and reminders you enable; look up products you scan by barcode; provide support; prevent fraud and abuse and enforce our Terms; comply with legal obligations; and maintain and improve the Service. We do not use your health data, food photos, or personal content to serve advertisements, and we do not sell this information.

4. AI Processing and Third-Party AI Provider

To provide AI features, content you submit is transmitted through our backend to a third-party AI provider (Anthropic) via its API and processed to return a result to you. This includes: food/label photos and any description or correction you add; body-composition report images you upload (DEXA/InBody/smart-scale); and text you send to the AI assistant (and recent conversation turns). We instruct our AI provider to process this content only to return results to you and not to use it to train its models, consistent with its API terms. We do not retain your food-scan or report photos on our servers; a copy of a food-scan photo is kept on your device so you can review or edit the entry. If you prefer not to use AI photo analysis, you can enter foods manually instead.

5. Barcode Lookup

When you scan a product barcode, the barcode number is sent to Open Food Facts (a third-party open food database) to look up product and nutrition information. Only the barcode is sent for this lookup; no account information is included.

6. Group and Social Features

Groups are optional. If you use them, the content you share to a group — posts, messages, photos you attach, comments, and reactions — is stored on our backend and is visible to the other members of that group. Group chat photo attachments are stored in a private storage area accessible to that group's members; your profile avatar is stored in a publicly accessible storage area so co-members (and anyone with the link) can display it, so avoid using a photo you wish to keep private. You can block users and report content; blocks and reports are stored to operate those features and for safety.

7. How We Share Information

We share information only as described here, and we do not sell it or share it for cross-context behavioral advertising:

8. Legal Bases (EEA/UK Users)

If you are in the EEA or UK, we process your personal data on these bases: performance of a contract (to provide the Service you request); consent (for health data, Apple Health/wearable access, AI photo processing, and notifications — withdrawable anytime); legitimate interests (to secure, maintain, and improve the Service, balanced against your rights); and legal obligation. Health data is "special category" data, processed based on your explicit consent.

9. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service, and thereafter as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. When you delete your account (Section 12), we delete your account and associated personal data from our active systems; residual copies may persist for a limited period in backups and server logs before being overwritten. Content you shared into a Group may remain visible to that group in de-identified form after your account is deleted.

10. Security

We use reasonable technical and organizational measures designed to protect your information, including encryption in transit, row-level access controls that scope your data to your account, secure Keychain storage for tokens on your device, and reputable infrastructure providers. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. Protect your credentials and notify us of any suspected unauthorized access.

11. Data Sent Off Your Device vs. Kept On It

For transparency: kept on your device (not on our servers) — Apple Health and wearable data streams, your local weight log, saved-meal/recipe templates, app preferences, and a local copy of your food-scan photos. Sent to and stored on our servers — your account, profile (including health/body values you enter), food/workout logs, group content, avatars, and push tokens. Sent for processing but not stored by us — food/report photos and AI-assistant text (to our AI provider) and barcodes (to Open Food Facts).

12. Your Choices and Rights

13. Your California Privacy Rights

This section provides the disclosures required by the California Consumer Privacy Act, as amended by the CPRA ("CCPA"), and the California Online Privacy Protection Act ("CalOPPA"), and applies to California residents.

13.1 Categories of personal information we collect

In the past 12 months we have collected the following CCPA categories (with examples). We collect these from you, your device, and services you connect (Apple Health/wearables, Sign in with Apple):

13.2 Sensitive personal information (SPI)

We collect the following SPI: account log-in credentials (email with password) and health information (the body metrics, nutrition, and fitness data you provide and log). We use and disclose SPI only for purposes permitted under the CCPA — namely to provide the Service you request and as otherwise allowed without a right to limit (e.g. security, preventing fraud, and ensuring the Service works). We do not use SPI to infer characteristics about you for any purpose other than providing the Service. Because we do not use or disclose SPI beyond these permitted purposes, the CCPA "right to limit" does not change how we handle it.

13.3 Purposes, sources, and disclosures

We collect each category to provide, secure, personalize, and improve the Service, as described in Sections 3–7. Sources are described in 13.1. We disclose personal information for these business purposes to our service providers — our hosting/database/storage provider (Supabase), our AI provider (Anthropic), Apple (sign-in, subscriptions, and push), and Open Food Facts (barcode lookup) — and to other group members for content you choose to share.

13.4 No sale or sharing

We do not sell your personal information and do not share it for cross-context behavioral advertising, as those terms are defined under the CCPA. We have not done so in the preceding 12 months. We do not sell or share the personal information of minors.

13.5 Your California rights

Subject to verification and legal exceptions, you have the right to: know/access the personal information we have collected about you; delete it; correct inaccurate information; opt out of sale/sharing (we do neither); limit the use of sensitive personal information (we already restrict it to permitted purposes); and not be discriminated or retaliated against for exercising your rights.

13.6 How to exercise your rights

You can exercise most rights directly in the app (edit your data, or Settings → Account → Delete Account), or contact us at support@minervaos.app. We will verify your request using information associated with your account. You may use an authorized agent to submit a request on your behalf with proof of authorization. We will respond within the timeframes required by law.

13.7 "Shine the Light"

California Civil Code §1798.83 lets California residents request information about disclosures of personal information to third parties for their direct marketing. We do not share personal information with third parties for their own direct marketing.

13.8 Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. Because we do not track users across third-party websites or apps and do not permit third parties to do so through the Service, we do not need to respond differently to DNT signals; our practice is not to track you regardless of any DNT setting.

14. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, contact support@minervaos.app and we will delete it. Minors in their jurisdiction should use the Service only with the involvement of a parent or guardian.

15. International Data Transfers

We and our service providers may process and store your information in the United States and other countries whose data-protection laws may differ from yours. Where required, we use appropriate safeguards for international transfers. By using the Service, you understand your information may be transferred to and processed in these countries.

16. Apple Health Data — Specific Commitments

Consistent with Apple's requirements: we will not use Apple Health (HealthKit) data for advertising or marketing; we will not sell it or share it with third parties for advertising, marketing, data-mining, or similar purposes; we will not disclose it to third parties without your authorization except as needed to provide a health service you requested; and we use it only to provide health, fitness, and wellness features within the Service. As noted in Section 2b, Apple Health data is processed on your device and is not transmitted to our servers.

17. Third-Party Services

The Service integrates with and links to third-party services (Apple, our infrastructure/AI providers, wearable platforms, and Open Food Facts). Their handling of your information is governed by their own privacy policies, which we encourage you to review. We are not responsible for third parties' practices.

18. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice (for example, in-app or by updating the "Last updated" date) and, where required, obtain your consent. Your continued use of the Service after an update takes effect constitutes acceptance of the updated Policy.

19. Contact Us

Questions or requests regarding this Privacy Policy or your data:

support@minervaos.app