Flarely
Privacy Policy
Last updated: March 14, 2026
Flarely ("we," "our," or "us") is operated by Low Latency Labs LLC. This Privacy Policy explains how we collect, use, and protect your information when you use the Flarely mobile application.
1. Health Data Stays on Your Device
All health tracking data you enter into Flarely — including bowel movement logs, food entries, stress levels, fasting records, AI analysis results, and personal insights — is stored locally on your device using Apple's SwiftData framework. We do not collect, transmit, or store this data on our servers.
2. Data Sent to AI Services
When you use Flarely's AI-powered features, limited data is sent to our backend servers (hosted on Cloudflare) and processed by OpenAI. AI analysis may involve multiple processing steps (meal identification, food tag classification, and pattern analysis).
Meal Photo Analysis: When you photograph a meal for AI analysis, the image is resized and sent to our servers, which forward it to OpenAI's Vision API for food identification. Images are processed and discarded — they are not stored by us or by OpenAI. Meal photos may incidentally capture personal information (such as kitchen backgrounds or hands); this incidental data is processed transiently and not retained. Under OpenAI's current API data usage policy, API inputs and outputs are not used for model training. Please refer to OpenAI's API Data Usage Policy for the latest information.
Pattern Insights: When you request AI-generated insights, we send an anonymized summary of your recent tracking data (up to 90 days) including timestamps, pain levels, stress levels, and food tag frequencies. No names, email addresses, or personally identifying information is included in this data.
Device Identifier: A randomly generated identifier (UUID) — not linked to your Apple ID, name, or any personal information — is sent with AI requests solely for rate limiting purposes.
IP Addresses: Your IP address is used ephemerally at the proxy level for rate limiting. It is never forwarded to OpenAI and is not stored persistently.
3. Diagnostic Logging
We may collect limited diagnostic logs — such as error messages, HTTP response codes, and timestamps — to identify and troubleshoot service issues. These logs do not contain health data, meal photos, or personally identifying information. Diagnostic logs are retained for a limited period and automatically deleted.
4. Account Information
When you sign in with Apple, we receive your name and email address (if you choose to share them). The following information is stored in Google Firebase for account management purposes only:
- Display name
- Email address
- Apple user ID (a privacy-preserving, per-app identifier issued by Apple — it cannot be used to track you across other apps)
- Account creation date
- Last-updated date
This information is never shared with third parties for marketing or advertising.
5. Subscription Management
We use RevenueCat to manage subscriptions. Your Firebase user ID is shared with RevenueCat to validate your subscription status. No health data is shared with RevenueCat.
6. What We Don't Do
- We do not use analytics or tracking SDKs
- We do not display advertisements
- We do not sell or share your data with third parties for marketing
- We do not use cookies or persistent tracking on our website
- We do not collect location data
7. Third-Party Services
Flarely integrates with the following services:
| Service | Purpose | Data Shared |
|---|---|---|
| Apple | Sign In with Apple | Name, email (user-controlled) |
| Google Firebase | Authentication & account storage | Name, email, Apple user ID, timestamps |
| RevenueCat | Subscription management | User ID, purchase records |
| Cloudflare | Backend hosting & AI proxy | Anonymized AI requests, IP address (ephemeral) |
| OpenAI | Meal analysis, tag classification & pattern insights | Anonymized data, meal photos |
Cloudflare may collect standard HTTP metadata (such as IP addresses and timestamps) as part of its platform infrastructure. For details, see Cloudflare's Privacy Policy. See also: OpenAI API Data Usage Policy, RevenueCat Privacy Policy, Firebase Privacy & Security.
8. International Users & Data Transfers
Flarely is available worldwide. Your data is processed in the United States. If you are located outside the United States — including in the European Economic Area (EEA), United Kingdom, or elsewhere — your information may be transferred to and processed in the US.
Our third-party service providers (including Cloudflare, OpenAI, and Google Firebase) maintain Standard Contractual Clauses and/or other approved data transfer mechanisms to facilitate lawful international data transfers. By using Flarely, you consent to the transfer and processing of your data in the United States.
9. Your Rights Under GDPR (EU/EEA/UK Users)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data
- Restriction: Request that we limit how we process your data
- Portability: Request your data in a portable format
- Objection: Object to our processing of your data
Legal basis for processing:
- Contract performance (Article 6(1)(b)): AI data analysis is necessary to perform the service you subscribed to. Account management and subscription fulfillment also rely on this basis.
- Legitimate interest (Article 6(1)(f)): Service security, rate limiting, and fraud prevention.
Health data (special category): Anonymized health data summaries sent for AI analysis qualify as "data concerning health" under GDPR Article 9. This data is processed under your explicit consent (Article 9(2)(a)), which you provide by choosing to use AI analysis features. You may withdraw consent at any time by not using AI features. Withdrawal does not affect the lawfulness of processing performed before withdrawal.
Since your health data is stored locally on your device, most data subject rights are satisfied through your own device controls — you can view, modify, or delete your health entries at any time. For account data stored in Firebase, you can delete your account via Profile > Delete Account in the app.
To exercise any of these rights, contact us at [email protected]. You also have the right to lodge a complaint with your local data protection supervisory authority.
EU Representative: Flarely's processing of personal data is limited to account management and occasional, user-initiated AI analysis of anonymized summaries. Given the nature and scale of this processing, we have not appointed an EU representative under Article 27. If this changes, we will update this policy. You may contact us directly at [email protected].
10. Your Rights Under CCPA/CPRA (California Users)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights:
- Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.
- Right to Delete: You can request that we delete your personal information.
- Right to Opt-Out of Sale or Sharing: We do NOT sell or share (as defined under CPRA) your personal information. We do NOT share personal information for cross-context behavioral advertising.
Categories of personal information we collect:
- Identifiers (name, email address via Apple Sign-In, Apple user ID)
- Account information (Firebase user ID)
- Device identifiers (randomly generated UUID for rate limiting)
- Internet or electronic network activity information (IP addresses may be collected by Cloudflare as a service provider)
To exercise your rights, email [email protected] or use the in-app account deletion feature (Profile > Delete Account). We will not discriminate against you for exercising your privacy rights.
11. Data Retention
- Health data: Stored locally on your device until you delete it or delete your account.
- Account data: Retained while your account exists. Deleted immediately upon account deletion.
- AI-processed data: Not retained by us. OpenAI's data retention is governed by their API data usage policy.
- Diagnostic logs: If collected, retained for a limited troubleshooting period and automatically deleted.
12. Data Storage & Backups
Health data is stored locally on your device using Apple's SwiftData framework. Your device's iCloud backup settings may include app data — if you use iCloud backup, your health data may be stored in your iCloud account, subject to Apple's Privacy Policy. You can manage iCloud backup settings in your device's Settings app.
13. Data Deletion
You can delete your account at any time from the Profile screen in the app (Profile > Delete Account). This permanently removes:
- All local health data from your device
- Your user record from Firebase
- Your Firebase authentication account
Account deletion requires a two-step confirmation to prevent accidental data loss.
14. Children's Privacy
Flarely is not intended for use by children under the age of 13 (or under 16 in the EU/EEA). We do not knowingly collect personal information from children under these ages. If we learn that we have collected data from a child under the applicable minimum age, we will delete it promptly. Parents or guardians may contact us at [email protected] to request deletion.
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. For material changes — such as new data collection practices or changes to how AI data is processed — we will also provide notice through the app where possible.
16. Contact Us
If you have any questions about this Privacy Policy, please contact us at:
Email: [email protected]
Low Latency Labs LLC
2501 Chatham Rd Suite N
Springfield, IL 62704
USA