saviMon

About This Policy

This Privacy Policy describes how TachyonHQ, LLC ("we", "us", "our") collects, uses, discloses, and protects your information when you use the saviMon mobile application and related services. By using saviMon, you agree to the collection and use of information in accordance with this policy.

This policy applies to all users of the saviMon mobile application on iOS and Android platforms. For health-specific disclaimers, please also review our in-app Health Disclaimer presented upon first login. For detailed disclosures about how we handle consumer health data as required by the Washington My Health My Data Act and similar state laws, please see our Consumer Health Data Privacy Policy.

Information You Provide

When you create an account and use saviMon, you may provide us with:

• Account Information — Username, email address, password, and PIN for authentication
• Profile Information — Birth year, gender, weight, height, activity level, and dietary goals (used for personalized nutrition targets)
• Medical Conditions — Health conditions you choose to add for nutrient limit warnings (e.g., hypertension, diabetes)
• Prescription Medications — Drugs and supplements you track, including dosing information, for interaction checking
• Meal Data — Photos of meals, nutrition information, and meal logs
• Chat Messages — Conversations with our AI assistant MAX for meal logging and nutrition questions
• Feedback — Bug reports, suggestions, and attached screenshots submitted through the app

Information Collected Automatically

When you use saviMon, we automatically collect:

• Device Information — Device type, operating system, and app version
• Authentication Logs — Login timestamps, authentication method used (password, PIN, biometric), IP address, and user agent for security auditing
• Location Data — With your permission, approximate location (latitude and longitude) is captured at login and registration for security auditing purposes only (e.g., detecting unauthorized access from unusual locations). Location is never displayed in the app or used for any other purpose.
• Usage Data — Feature interactions necessary to provide the service

We do not use cookies, web beacons, advertising trackers, or analytics SDKs (such as Google Analytics or Facebook Pixel) in the mobile application.

Health & Fitness Data

With your explicit permission, saviMon reads the following data from Apple HealthKit (iOS) or Google Health Connect (Android):

• Step count
• Active calories burned
• Total calories burned
• Basal metabolic rate
• Blood glucose readings (from continuous glucose monitors or manual entries in your health platform)

This data is read-only. saviMon does not write to or modify your health records. On iOS, health data is never stored in iCloud. You can disable health data syncing at any time in the app's Settings.

Glucose data is stored on our servers to provide trend analysis, meal-glucose correlation, and food impact rankings. Glucose data is never shared with third parties. saviMon is not a medical device and glucose features are for personal tracking only — not for clinical decision-making.

Purpose of Data Use

We use the information we collect to:

• Provide, maintain, and improve the saviMon application and its features
• Analyze meal photos and provide nutritional estimates
• Generate condition-based nutrient warnings and drug interaction alerts
• Calculate personalized nutrition targets based on your profile
• Display activity summaries alongside your nutrition data
• Respond to your feedback and support requests
• Protect the security and integrity of user accounts
• Comply with legal obligations

We do not use your information for advertising, marketing to third parties, or profiling for commercial purposes.

Services We Use

saviMon uses the following third-party services to provide its features:

• OpenAI — Meal photos (as images) and chat messages (as text) are sent to OpenAI's API for nutritional analysis and AI assistant responses. OpenAI does not use API data to train its models per their API data usage policy.
• Product Databases (OpenFoodFacts) — Scanned UPC barcodes are sent to Open Food Facts to retrieve product information and nutrition facts. If a product is not found, OpenAI may be used to estimate product details.
• Cloudflare — Your IP address and a CAPTCHA verification token are sent to Cloudflare for bot protection on authentication endpoints (login, registration, password reset).

No health or fitness data (steps, calories, health conditions, medications) is shared with any third-party service. Only meal photos and chat text are sent to OpenAI, and only UPC codes are sent to product databases.

How We Protect Your Data

We implement the following security measures:

• Encryption in Transit — All data transmitted between the app and our servers uses HTTPS/TLS encryption
• Password Security — Passwords and PINs are hashed using bcrypt and are never stored in plaintext
• Secure Token Storage — Authentication tokens are stored in platform-native encrypted storage (Keychain on iOS, Keystore on Android)
• Account Lockout — Progressive lockout after failed login attempts to prevent brute-force attacks
• Rate Limiting — API request limits to prevent abuse
• Biometric Authentication — Optional Face ID, Touch ID, or fingerprint authentication with device-bound tokens

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

Data Sharing

saviMon does not sell, rent, or share your personal data, health data, or nutrition records with third parties for advertising or marketing purposes.

We may disclose your information only in the following circumstances:

• To comply with a legal obligation, court order, or governmental request
• To protect and defend the rights or property of TachyonHQ, LLC
• To prevent fraud or protect the safety of users
• With your explicit consent

How Long We Keep Your Data

Your data is retained for as long as your account is active. Specific retention details:

• Account Data — Retained until you delete your account
• Meal Photos — Retained while saved in your meal history; draft (unconfirmed) meal photos are automatically deleted after 2 hours
• Weight Logs — Retained until you delete your account or individual entries
• Glucose Readings — Retained until you delete your account or individual readings. Synced readings include timestamp, value (mg/dL), and data source (HealthKit, Health Connect, or manual)
• Allergen Profile — Retained until you delete your account or individual allergens
• Reminder Schedules — Stored locally on your device; removed when you delete the reminder or uninstall the app
• Chat History — Retained until you delete your account
• Login History — Retained for security auditing until account deletion

Account Deletion

You may delete your account and all associated data at any time:

• In-App: Settings > Delete Account (sends a confirmation email with a 24-hour expiry link)
• By Email: Contact support@tachyonhq.ai

Upon account deletion, all personal data, meal records, health data, uploaded images, chat history, and login history are permanently removed from our servers within 30 days. This action is irreversible.

Access & Portability

You can export a summary of your health data (conditions, medications, supplements, interactions) as a PDF report from within the app via the Health Summary screen.

You may request a copy of all personal data we hold about you by contacting support@tachyonhq.ai.

Your Choices

You have control over your data:

• Health Data: You can enable or disable HealthKit/Health Connect syncing at any time in Settings
• Medical Conditions: You can add or remove conditions at any time
• Medications: You can add, edit, or remove tracked medications at any time
• Allergens: You can add, edit, or remove allergens and change severity levels at any time
• Weight Logs: You can edit or delete individual weight entries at any time
• Glucose Readings: You can delete individual glucose readings at any time
• Reminders: You can create, edit, disable, or delete reminders at any time
• Meal History: You can delete individual meals from your history
• Account: You can delete your entire account and all data at any time

Children's Privacy

saviMon is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are under 18, you must have parental or guardian consent to use our services. If we learn that we have collected information from a child under 13, we will delete that information promptly.

California Residents (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know — What personal information we collect, use, disclose, and sell
• Right to Delete — Request deletion of your personal information
• Right to Correct — Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing — We do not sell or share your personal information for monetary consideration or cross-context behavioral advertising. See our Do Not Sell or Share page for details.
• Right to Limit Use of Sensitive Information — We collect sensitive personal information (health conditions, medications, allergens, glucose data) solely to provide the app's core features, not for advertising or profiling
• Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact support@tachyonhq.ai with subject line "California Privacy Request". We will respond within 45 calendar days.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and notify you within the app. Your continued use of saviMon after changes take effect constitutes acceptance of the revised policy.