Privacy Policy — Copper Keto Companion
Last updated: June 9, 2026
Effective date: June 9, 2026
Copper Keto Companion ("the App," "we," "us," "our") is an iOS application that provides educational tracking and behavioral coaching for the ketogenic diet through conversational logging, weight trends, and personalized feedback. The App is currently offered only in the United States via the U.S. App Store; see "Availability outside the United States" below. This Privacy Policy explains what data we collect, why we collect it, how we use it, how long we keep it, how we protect it, and your rights regarding your data. It applies to all data we collect from the effective date forward, and is specifically about the iOS App; for our website's privacy practices, see coppersuncompanion.com/privacy.
The App is operated by Copper Sun Content and Creative, LLC("the Company"), a single-member limited liability company based in the United States.
If you have questions about this policy, contact us at support [at] coppersuncreative [dot] com. You can also access this policy at any time from within the App and at coppersuncompanion.com/keto/privacy.
Privacy in 60 seconds
- The App is currently offered only in the United States.
- We collect only what you tell us or what you choose to share from Apple Health.
- We do notsell your data, share it for advertising, or use it for cross-app tracking. We don't set cookies, embed third-party trackers, or use advertising SDKs.
- AI coaching is the core function — your messages and relevant context are sent to a third-party AI provider for processing under a zero-data-retention configuration: the data is not retained, not used to train AI models, and processed on servers located in the United States.
- You can review or delete everything at any time from inside the App.
- Contact: support [at] coppersuncreative [dot] com. The full policy below has the legal detail.
What we collect
We collect data in the categories below, all stored under your individual account.
1. Account information
When you sign in, we collect your email address through our authentication provider (Supabase). We use it to recognize you across sessions, sync your data across devices, and contact you about account or service issues. We do not use your email for marketing.
2. Information you give us about yourself
When you tell the App about yourself — your height, weight, age, daily macro targets, your stated goal, your food preferences, your meals, your weigh-ins, your ketone readings — we store that information so the App's coaching can reference it on later conversations. You decide what to share; nothing is required beyond an email and a sign-in.
Voice input.The App lets you log meals, weights, and observations by voice. Speech recognition runs on your device using Apple's on-device Speech framework — the raw audio of what you say does not leave your device. We receive only the transcribed text, which is then handled the same as anything you type. We do not create or store voiceprints or any other biometric identifier.
You can review what we've stored about you at any time by asking the App, and you can clear specific fields or your full account from within the App's Settings.
3. Data from Apple Health
If you grant permission, the App reads selected metrics from Apple Health (weight, body fat percentage, resting heart rate, sleep, water intake, and any food/nutrition data you've authorized). We store these metrics in our backend database (hosted by Supabase) so the App's coaching can recognize trends across weeks and months — for example, noticing that your weight stalls track with poor sleep, or that your protein intake has trended low. The first time you connect Apple Health, the App backfills a recent window of history per metric (typically 30 to 180 days, depending on the metric); after that, only new readings sync as they arrive.
The App may also write voice-logged weights and nutrition data back to Apple Health so your other health apps stay current. You control these permissions through iOS Settings → Privacy & Security → Health → Copper Keto, and may withdraw any or all permissions at any time.
Apple HealthKit data use.Consistent with Apple's App Store Review Guideline 5.1.3, we do not use Apple Health data for advertising or other use-based data mining purposes other than improving health, medical, and fitness management within the App. We do not share Apple Health data with any third party for advertising or use-based data mining purposes, and we do not sell Apple Health data.
4. Service operation data
We collect minimal technical data to keep the App running:
- Error reports via Sentry (so we can fix crashes and bugs). Reports include diagnostic stack traces and device information, but exclude the content of your conversations.
- Usage telemetryvia Axiom (so we can monitor service health). Telemetry includes turn counts, response times, and structural metadata (e.g., "a chat turn happened"), but excludes the content of your messages, your food data, or your weight history.
We do not attempt to re-identify users from anonymized telemetry, and we do not combine telemetry with marketing data sets.
5. Tracking technologies
The App does notuse cookies, web beacons, pixels, advertising SDKs, fingerprinting, or any similar tracking technologies. We do not use Apple's App Tracking Transparency framework because we have nothing to track. We do not embed third-party widgets or analytics scripts that might set their own identifiers.
6. Payment information
We do notcollect or store payment information. Subscription payments are processed entirely by Apple through the App Store, and subscription state (active, lapsed, refunded, in trial) is tracked by RevenueCat using only an opaque user identifier. We never see your card number, billing address, or any other payment-method detail. To request a refund, manage billing, or cancel, use iOS Settings → [your Apple ID] → Subscriptions, or Apple's Report a Problem page.
7. What we do NOT collect
We deliberately design the App to collect as little as possible. We do not collect or process:
- Precise location or GPS coordinates (the App sends only your device's timezone identifier, used to render times correctly)
- Your contacts or address book
- Camera or photo library content
- Microphone audio in transit to our servers (voice input is transcribed on-device, as described above)
- Browsing history outside the App
- Social media accounts or social graph data
- Content you post elsewhere (the App has no community feed, forums, friends, or user-to-user messaging)
- Children's data (see "Children" below)
- Biometric identifiers as defined under CCPA/CPRA, the Illinois Biometric Information Privacy Act (BIPA), or similar laws
- Genetic or DNA data
- Citizenship, immigration, or military status
How we use your data
We use your data only for these purposes:
- To provide the App's core functionality— answering your questions, tracking your goals, surfacing patterns in your data, and adapting coaching to what you've told us.
- To send your conversations to a third-party AI provider to generate responses. Your messages and relevant context are transmitted to the provider's commercial API for processing under a zero-data-retention configuration — the data is not retained, is not used to train AI models, and is processed on servers located in the United States.
- To diagnose and fix problems with the App.
- To respond to you if you contact support.
We do not sell your personal information, share it with advertisers, or use it for cross-app tracking. We also do not share personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
Aggregated and de-identified data
We may create aggregated or de-identified data sets from the data we hold — for example, "average response time for new users in their first week" — and use those to improve the App and our service. De-identified data is treated as such for as long as we hold it; we do not attempt to re-identify users from de-identified data, and we do not allow our service providers to do so on our behalf.
Profiling and automated processing
We build a profile of you within the App — your food preferences, goals, weigh-in history, behavioral patterns the AI has observed over time, and similar information. This profile exists only to personalize the App's coaching to you, and is used in no other way. We do not use profiling for advertising, marketing, demographic analysis, sale, or any commercial purpose outside the App's core function.
The App's coaching responses are generated by AI based on data you've shared. These are educational suggestions to help you follow a ketogenic protocol; they are not medical advice and do not produce legal or similarly significant effects on you within the meaning of GDPR Article 22. You always make the final decisions about your diet and health.
Who can access your data
We share your data only with the following service providers, all under contract to handle your data only as instructed and only to provide their service to us:
| Provider | What they handle | Purpose |
|---|---|---|
| Supabase | Account email, your stored profile, food, weight, goals, and conversations | Database hosting and authentication |
| Vercel | Pass-through traffic between the App and our backend | Application hosting |
| Third-party AI provider | Your messages and relevant context, per-turn | AI response generation |
| Apple | Your subscription transactions and any HealthKit data you share through Apple Health's own controls | Payment processing and Apple Health integration |
| RevenueCat | Subscription state (active / lapsed / refunded), associated to your Supabase user ID | Subscription management |
| Third-party AI embeddings provider | Short text snippets when the App stores a behavioral observation | Semantic memory search |
| Upstash | Per-user request counters keyed by your account identifier, and salted hashes of IP addresses (we do not store raw IPs) | Rate limiting and abuse prevention |
| Sentry | Crash reports, device diagnostics (excludes message content) | Error tracking |
| Axiom | Structural usage telemetry (excludes message content) | Service monitoring |
Subprocessors
Our service providers may engage their own subprocessors consistent with their contracts with us — for example, cloud-infrastructure providers behind Supabase or our AI provider. We require all providers to implement appropriate technical and organizational safeguards for your data, including encryption in transit and access controls.
International data transfers
These providers process data in the United States and other jurisdictions. Where data flows from the European Union, United Kingdom, or Switzerland to the United States, we and our providers rely on the EU-US, UK-US, and Swiss-US Data Privacy Framework certifications and/or Standard Contractual Clauses approved by the European Commission. You may request more information about these safeguards by contacting us at the address above.
How we protect your data
We take reasonable technical and organizational measures designed to protect your data against unauthorized access, accidental loss, alteration, and disclosure:
- Encryption in transit: all communication between the App and our backend, and between our backend and our service providers, is encrypted using TLS.
- Encryption at rest:data stored by our providers (Supabase, Sentry, Axiom, RevenueCat) is encrypted at rest using the providers' standard storage encryption.
- Access controls: production access to the database and admin systems is restricted, with secrets stored in encrypted environment storage. Administrative accounts use multi-factor authentication.
- Principle of least data:we ask for and store only what the App's coaching needs to function. Sentry and Axiom configurations are set to exclude conversation content, food data, and health values.
No system is perfectly secure; we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you and applicable regulators without undue delay, as required by law (including GDPR Article 33/34, the UK GDPR, CCPA, Washington's My Health My Data Act, and other state breach- notification statutes).
How long we keep your data
We retain your data for as long as your account is active. After you delete your account (Settings → Delete Account in the App), we erase your data from our production systems immediately. Backup copies held by our hosting providers for disaster recovery are retained for up to 30 days, after which they are also deleted.
Service operation data (Sentry errors, Axiom telemetry) is retained for up to 90 days for diagnostic purposes, then automatically purged. Aggregated or de-identified data may be retained in de-identified form for service-improvement purposes.
Your rights and choices
- Access: Ask the App to tell you what it knows about you, or contact support.
- Correction:Update any information through normal conversation with the App ("actually my height is 5'11").
- Deletion: From within the App, go to Settings → Delete Account. This removes your data from our servers across all the tables we maintain, and signs you out. The deletion is permanent and immediate (subject to the backup window described above).
- Portability: Contact us and we will provide a copy of your account data in a structured, machine-readable format.
- Subscription management: Manage your subscription through iOS Settings → [your Apple ID] → Subscriptions. We have no separate cancellation flow; Apple handles all subscription lifecycle.
- Withdraw HealthKit permissions:iOS Settings → Privacy & Security → Health → Copper Keto.
- Contact us: support [at] coppersuncreative [dot] com
Availability outside the United States
The App is currently offered only in the United States via the U.S. App Store and is not made available for download in the European Union, United Kingdom, Switzerland, Canada, Brazil, or other non-U.S. App Store storefronts. We do not market the App to residents of those regions, and we do not process the personal data of non-U.S. residents in the ordinary course of operating the App.
Before we expand availability to any non-U.S. region, we will make the registrations and designations required by that region's privacy law — including, where applicable, an EU Article 27 representative, a UK GDPR representative, a Swiss FADP representative, a South Korean PIPA domestic representative, or a Brazilian LGPD operator — and we will update this Privacy Policy to describe the statutory rights available to residents of that region (under the GDPR, UK GDPR, Swiss FADP, PIPEDA, LGPD, PIPA, or other applicable law) before processing their data.
If you believe you are a resident of a non-U.S. region and have accessed the App, please contact us using the address above. The rights described in this policy — access, correction, deletion, portability — are available to you as a matter of our policy regardless of where the App is currently offered.
California (CCPA / CPRA)
For California residents, the rights above implement your statutory rights of access, deletion, correction, and portability under the CCPA/CPRA. The App processes Sensitive Personal Information (health and fitness data, account credentials) solely to provide the service you requested; we do not use Sensitive Personal Information for any purpose beyond providing that service. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.
Right to appeal.If we deny a privacy request you have submitted, you may appeal our decision by emailing the contact address above with the subject line "CCPA APPEAL" and a brief description of the request. We will respond to your appeal within sixty (60) days.
Consumer Health Data (Washington MHMDA and similar laws)
For users in Washington state, Nevada, Connecticut, and other jurisdictions with consumer-health-data laws, the metrics described above (weight, body fat percentage, resting heart rate, sleep, water intake, food and macro logs, ketone readings, exercise) constitute consumer health data. We collect and process this data solely to provide the App's core functionality and personalized coaching. We do not share consumer health data with any third party for purposes beyond the service providers listed above, and we do not use it for targeted advertising or sale. To request access, correction, deletion, or withdrawal of consent regarding your consumer health data, use the methods described above; we may verify your identity before fulfilling such requests.
Other U.S. states
Residents of Colorado, Connecticut, Virginia, Utah, Texas, and other U.S. states with comprehensive consumer privacy laws have the rights of access, correction, deletion, and opt-out of targeted advertising and sales, where applicable. We do not engage in targeted advertising or sale of personal information.
Children
We do not knowingly collect data from children under 13, the threshold under the U.S. Children's Online Privacy Protection Act (COPPA). The App is rated 4+ on the App Store because it contains no objectionable content, but it is designed for adults managing their own ketogenic diet. If you believe a child has provided us with personal information, please contact us and we will delete it.
Medical disclaimer
The App is for educational and behavioral coaching purposes only. It does not provide medical advice, diagnosis, or treatment, and is not a substitute for professional medical care. The Company is not a HIPAA-covered entity or healthcare provider, and the App is not a medical device. Always consult a qualified healthcare provider before starting or modifying a ketogenic diet, especially if you have diabetes, kidney disease, are pregnant or breastfeeding, are taking prescription medications (including insulin, sulfonylureas, or blood-pressure medications), or have other medical conditions. If you experience symptoms that concern you, contact a healthcare professional or emergency services. Do not rely on the App for medical decisions.
Changes to this policy
We will update this Privacy Policy when our data practices change. The "Last updated" date at the top reflects the most recent change. For material changes, we will notify you through the App or by email before they take effect. You can always access the current version of this policy from within the App or at coppersuncompanion.com/keto/privacy.
Contact
Copper Sun Content and Creative, LLC
Email: support [at] coppersuncreative [dot] com