This page discloses the third-party data processors ("sub-processors") that TachyonHQ, LLC engages to provide the saviMon application. For each sub-processor, we describe what data is transmitted, how it is processed, and the contractual protections in place.
We select sub-processors that maintain appropriate security measures and contractual commitments regarding data protection. We review sub-processor practices regularly.
| Sub-Processor | Purpose | Data Transmitted | Data Retention by Sub-Processor | DPA / Contractual Protection |
|---|---|---|---|---|
| OpenAI, LLC San Francisco, CA, USA |
AI-powered meal photo analysis, nutrition estimation, AI assistant (MAX) responses, uploaded image content moderation | Meal photos (images), chat message text. No PII, health conditions, medications, allergens, or user identifiers are transmitted. | API inputs/outputs retained for up to 30 days for abuse monitoring, then deleted. Not used for model training per OpenAI's API data usage policy. | OpenAI API Terms of Use + Data Processing Addendum (DPA). OpenAI's enterprise-grade DPA covers: data processing instructions, security measures, sub-processor notifications, breach notification, data deletion, audit rights. Available at openai.com/policies/data-processing-addendum |
| Open Food Facts Paris, France (non-profit) |
Product barcode lookup | UPC barcode numbers only. No personal data. | Open Food Facts is a public database. Barcode queries are not logged to individual users. | Open Database License (ODbL). Public API with no user-level tracking. |
| FDA openFDA U.S. Government |
Drug adverse event report lookup, drug recall data | Generic drug names and ingredient names. No personal data or user identifiers. | Public API. Queries are not linked to individual users. | Public domain data. No DPA required (government public API). |
| Cloudflare, Inc. San Francisco, CA, USA |
Bot protection (Turnstile CAPTCHA) on authentication endpoints | IP address, browser fingerprint, CAPTCHA interaction token | Per Cloudflare's privacy policy. Turnstile data retained briefly for security analysis. | Cloudflare Terms of Service + DPA. Available at cloudflare.com/trust-hub/gdpr |
| Apple Inc. Cupertino, CA, USA |
iOS subscription receipt validation (App Store Server API) | Transaction IDs, product IDs. No health data. | Per Apple's developer agreement. | Apple Developer Program License Agreement. |
| Google LLC Mountain View, CA, USA |
Android subscription receipt validation (Google Play Developer API) | Purchase tokens, subscription IDs. No health data. | Per Google Play Developer Distribution Agreement. | Google Play Developer Distribution Agreement. |
| Sentry (Functional Software, Inc.) San Francisco, CA, USA |
Error tracking and performance monitoring for the backend API | Error stack traces, HTTP request metadata (route, status code, timing), user ID (UUID only). No health data, medications, conditions, allergens, meal data, or glucose readings. A before_send hook scrubs request bodies on health-related routes before transmission. |
Per Sentry's data retention settings (default 90 days). Configurable per project. | Sentry DPA + SOC 2 Type 2 compliance. Available at sentry.io/legal/dpa |
OpenAI is our primary AI sub-processor. Here is exactly what data is transmitted:
| Feature | Data Sent | Data NOT Sent |
|---|---|---|
| Meal Photo Analysis | Meal photo (image bytes), system prompt requesting nutritional analysis | User ID, name, email, conditions, medications, allergens |
| MAX Chat Assistant | User's message text, last 10 messages of conversation history, generic context (daily calorie goal, dietary preferences) | User ID, name, email, specific conditions, medication names, allergen list |
| Nutrition Q&A | Question text only | All personal data |
| Image Content Moderation | Uploaded image bytes | All personal data |
| Label Reading (OCR) | Product label photo (image bytes) | All personal data |
Key safeguard: No personally identifiable information (PII), medical conditions, medication names, allergen profiles, or user account data is ever transmitted to OpenAI. The AI features process food images and nutrition text only.
Under OpenAI's API Terms and Data Processing Addendum:
OpenAI's full data processing addendum is available at: openai.com/policies/data-processing-addendum
saviMon does not use the following categories of sub-processors, which are common sources of health data leakage in other apps:
send_default_pii=False (no emails or IPs captured) and a custom before_send hook that scrubs meal, nutrition, glucose, medication, and allergen data from breadcrumbs before transmission. No Crashlytics or Bugsnag.This architecture eliminates the most common vector for inadvertent health data sharing that has led to FTC enforcement actions against other health apps (GoodRx $7.5M, BetterHelp $7.8M, Premom $100K).
If we add a new sub-processor that processes personal data or consumer health data, we will:
For questions about our data processing practices or sub-processors:
TachyonHQ, LLC
Email: support@tachyonhq.ai