Posturato

Posturato · Legal

Privacy Policy

Effective May 16, 2026

This policy explains what data Posturato ("we," "us") collects when you use the Posturato iPhone app and this website, why we collect it, and the choices you have. We wrote it in plain English on purpose.

1. The short version

  • Your scan photos never leave your iPhone.Pose detection runs on-device using Apple's Vision framework. We never see them, never upload them, never back them up.
  • The AI explanation runs on-device too.The short paragraph that explains your score is generated by Apple Intelligence (iOS 26's on-device language model). Your posture metrics and onboarding answers stay on your iPhone for that generation. We do not use OpenAI, Anthropic, Google, or any other third-party AI service.
  • We store the minimum we need to log you in (your Apple ID email or relay) and to deliver the product (your onboarding answers, posture scores, and routine completions).
  • We do not sell or share your personal information with advertisers, data brokers, or any other third party for marketing.
  • You can delete everything at any time from inside the app. We honor it within 30 days.

2. What data we collect

2.1 Account data

When you sign in with Sign in with Apple, we receive either your real Apple ID email address or a private relay email Apple generates for you, plus a stable user identifier from Apple. We store this information in our authentication backend (Supabase) so we can recognize you on your next visit and on future devices.

2.2 Onboarding answers

During onboarding we ask up to ten questions about your goal, daily sitting hours, current pain area and frequency, age band, height range, prior diagnoses (none / scoliosis / kyphosis / other), preferred reminder time, fitness level, and time available to commit. These answers are used to tailor your daily routine. We store them tied to your account and you can change or delete them at any time.

2.3 Posture scans

  • Photos:stored only on your iPhone in the app's private container. They are never uploaded.
  • Score and metrics:the numerical posture score (0–100), category-level findings (e.g. "forward head: mild"), and timestamp are stored in our backend tied to your account so we can show you your trend over time and personalize your routine.

2.4 On-device AI explanation

After a scan, the app uses Apple Intelligence (the on-device Foundation Model that ships with iOS 26) to generate a short explanation of what your measurements mean. Your posture metrics and a relevant onboarding answer (your stated goal) are passed to the model on your iPhone. The model itself runs locally — Apple does not transmit prompts or responses to its servers for this feature, and we do not use any third-party AI provider (OpenAI, Anthropic, Google, or others). On older devices that don't support Apple Intelligence, the app falls back to a fixed template — also fully on-device.

2.5 Routine completions

Each time you finish a daily routine we record the date, the routine identifier, and how long it took. This is used only to show your streak and progress.

2.6 Subscription status

If you subscribe, we receive (via RevenueCat acting as our subscription management provider) the subscription status — active, trialing, cancelled, expired — for your account. We never see your card details; Apple handles all billing.

2.7 Usage analytics and crash reports

We log non-identifying product events (for example: "completed scan," "tapped paywall," "completed routine") and crash reports so we can improve the product. These events are tied to a per-installation identifier, not to your name or email.

2.8 Permissions we ask for

  • Camera — to capture your posture scan. Used only during the scan flow.
  • Notifications — to send your daily reminder at the time you chose during onboarding. You can disable this at any time in iOS Settings.

3. Who we share data with

We use a small number of subprocessors to run the service. We never share data with anyone for advertising or for the sale of personal information.

  • Supabase — authentication, database, and file storage. Hosts account data, onboarding answers, posture scores, and routine completions.
  • RevenueCat — subscription state. Receives your anonymized App Store transaction identifier and the Posturato user identifier.
  • Apple— authentication, in-app purchases, push notifications. Apple's privacy practices apply to that interaction.
  • DigitalOcean — hosts this website (App Platform). Standard server access logs are retained briefly.

We will update this list if it changes. We do not use third-party advertising SDKs, attribution networks, or social media tracking pixels in the app.

4. How long we keep data

  • Account data: as long as your account is active, plus up to 30 days after deletion to complete the deletion across our subprocessors.
  • Scan metadata, onboarding answers, completions: for the life of the account. Deleted within 30 days when you ask us to.
  • Crash and analytics events: 90 days, after which they are aggregated and the per-installation identifier is dropped.

5. Your rights and choices

Wherever you live, you can:

  • Access or correct your data — open the app and re-enter your onboarding answers, or email us.
  • Export your data — email [email protected]and we'll send a JSON copy within 30 days.
  • Delete your account — Settings → Delete account in the app, or email us. We delete account, onboarding answers, scans, and completions within 30 days.
  • Opt out of analytics — Settings → Privacy → Disable product analytics in the app.

Residents of California, Colorado, Connecticut, Virginia, Utah, and the EU/UK have additional rights under their local laws. We honor those rights worldwide as a matter of policy. You can exercise them by emailing [email protected].

6. Children

Posturato is rated 12+ and is not directed to children under 13. If we learn we have collected information from a child under 13 without parental consent, we will delete it.

7. Changes to this policy

If we make a material change, we will update the effective date above and, where required, notify you in the app or by email before the change takes effect.

8. Contact

Posturato is operated by the developer of Posturato. For privacy inquiries or data deletion requests, please contact us at [email protected]. We respond to legitimate requests within 30 days.