This Privacy Policy explains how Flara collects, uses, and protects information when you use the app. Flara handles sensitive health-adjacent data — skin reactions, product use, and lifestyle logs — and we take that responsibility seriously.
| Purpose | Data used |
|---|---|
| Authentication | Email, Apple identifier, or Google identifier |
| Log storage and sync | All logs via Supabase |
| Photo timeline | Skin photos stored in your private Supabase Storage space |
| AI pattern analysis | Anonymized log summaries (see Section 3) |
| In-app purchases | RevenueCat transaction IDs |
| Bug diagnosis | Crash and error logs |
Flara uses Claude (Anthropic PBC, USA) to generate pattern insights. When you use these features, a summarized, anonymized version of your logs is sent to Anthropic via our server. Specifically:
Flara will not send any data to Anthropic until you grant consent in the app. You are asked for consent during onboarding via the “AI Data Sharing” screen, which lists the exact categories of data above, names Anthropic as the recipient, and links to Anthropic's privacy policy. Without consent, Flara remains fully usable for logging — only AI features are disabled.
You can revoke your consent at any time in the app: Settings → AI Data Sharing. When revoked, Flara stops sending any data to Anthropic; AI pattern analysis becomes unavailable, while the rest of the app continues to work normally. You may re-enable consent from the same screen.
| Recipient | Data shared | Retention |
|---|---|---|
| Supabase Inc. (USA) | Email, identifier, logs, photos | Deleted on account deletion |
| RevenueCat Inc. (USA) | App user ID, transaction IDs | 5 years from transaction |
| Anthropic PBC (USA) | Anonymized log summaries (with consent) | Deleted after each request |
| Apple Inc. — WeatherKit | Coarse location to return weather | Per Apple's policy |
| Apple Inc. — Sign in with Apple | Apple identifier | Per Apple's policy |
| Google LLC — Sign in with Google | Google identifier | Per Google's policy |
| Open Beauty Facts | Barcode queries only — no user-identifying data | Not applicable |
| Data | Period |
|---|---|
| Account, logs, and photos | Deleted immediately on account deletion |
| Subscription records | 5 years (anonymized) for legal compliance |
| Error logs | 90 days |
Settings → Data → Export / Delete my data. All logs, photos, AI outputs, and cloud-synced data are permanently removed immediately.
If you cannot access the in-app option, email [email protected] with your registered email. Processed within 3 business days.
iPhone Settings → [Your Name] → Password & Security → Sign in with Apple → Flara → Stop Using Apple ID.
Visit myaccount.google.com/permissions and revoke Flara's access.
No cookies. No IDFA. No advertising SDK. RevenueCat may use an anonymous device identifier for subscription status only.
Not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal information from children.
All third-party processors are based in the United States. Transfers are governed by each provider's data processing agreements.
Material changes announced via in-app notice or email at least 7 days before taking effect.
Email: [email protected]. We respond within 3 business days.