Photo & Data Handling Policy
Effective Date: March 1, 2026 · Last Updated: March 22, 2026
Your photos are your private data. Period.
We built FlexScan with a privacy-first architecture. This policy explains exactly what happens to every photo and piece of data you share with us — no hidden practices, no fine-print surprises.
1. Overview
This Photo & Data Handling Policy supplements our Privacy Policy and provides specific, detailed information about how FlexScan collects, processes, stores, and deletes your photographs and associated data.
Given that FlexScan processes highly sensitive visual data — including body photographs and food photographs — we believe you deserve complete transparency about our data handling practices. This document is designed to answer every question you may have about what happens to your photos from the moment you upload them to the moment they are deleted.
2. How Body Photos Are Processed
When you upload a body photo for analysis, the following steps occur:
Upload & Encryption
Your photo is uploaded from your device over a TLS 1.3 encrypted connection. The photo is encrypted in transit and never transmitted in plaintext.
Temporary Secure Storage
The encrypted photo is temporarily stored in our secure infrastructure (Supabase Storage with AES-256 encryption at rest) while it is queued for AI analysis.
AI Analysis
The photo is securely transmitted to our AI processing partner (OpenAI) via their API over an encrypted connection. The AI analyzes the image and returns body composition estimates, fitness observations, and recommendations. OpenAI processes the image under their zero-data-retention API policy — your photo is not stored by OpenAI and is not used to train their models.
Results Delivery
The AI-generated analysis results are returned to our servers and securely delivered to your device. The analysis results (text data) are stored in your account for future reference.
Photo Disposition
If you have not opted into progress tracking, the photo is permanently deleted from our servers immediately after analysis is complete. If you have opted into progress tracking, the photo remains encrypted in your personal storage until you choose to delete it.
Food Photo Processing
Food photos follow a similar process but are always temporary. After the AI identifies the food and estimates calories/macros, the food photo is immediately and permanently deleted from our servers. Food photos are never retained, regardless of your progress tracking settings.
3. Encryption Standards
We employ multiple layers of encryption to protect your photos and data:
Encryption in Transit
All data transmitted between your device, our servers, and third-party services is protected by TLS 1.3 (Transport Layer Security). This is the same encryption standard used by banks and financial institutions. We enforce HTTPS-only connections and use HTTP Strict Transport Security (HSTS) headers.
Encryption at Rest
All photos and sensitive data stored on our servers are encrypted using AES-256 (Advanced Encryption Standard with 256-bit keys), a military-grade encryption algorithm. Encryption keys are managed securely and rotated periodically.
Database Encryption
Our database (hosted on Supabase) encrypts all data at rest. Row-level security (RLS) policies ensure that users can only access their own data. Database connections are encrypted and authenticated.
4. AI Processing Details
We believe in full transparency about how AI processes your data:
- AI Provider:We currently use OpenAI’s GPT-4 Vision API for image analysis. If we change AI providers, we will update this policy and notify users
- Data Retention by AI Provider:We use OpenAI’s zero-data-retention (ZDR) API tier. This means OpenAI does not store your images, does not use them for model training, and deletes them from their systems immediately after processing
- What the AI Receives: The AI receives only the photo image data and a structured prompt describing the type of analysis requested. It does not receive your name, email, account information, or other personally identifiable information
- What the AI Returns: The AI returns text-based analysis results (body composition estimates, food identification, calorie estimates, exercise recommendations). No image data is returned by the AI
- No Model Training:Your photos are never used to train, fine-tune, or improve any AI models — neither ours nor our AI provider’s
5. Storage & Retention
| Data Type | Storage Location | Retention | Encryption |
|---|---|---|---|
| Body photos (no progress tracking) | Supabase Storage | Deleted after analysis | AES-256 + TLS 1.3 |
| Body photos (progress tracking on) | Supabase Storage | Until user deletes | AES-256 + TLS 1.3 |
| Food photos | Supabase Storage | Deleted after analysis | AES-256 + TLS 1.3 |
| AI analysis results | Supabase Database | Until account deletion | AES-256 |
| Photos at AI provider | OpenAI (in memory) | Zero retention (ZDR) | TLS 1.3 |
6. Your Controls
You have full control over your photo data at all times:
Delete Individual Photos
Delete any specific photo from your progress tracking history at any time through your account settings. Deletion is permanent and irreversible.
Delete All Photos
Permanently delete all stored photos at once through your account settings or by contacting support@flexscan.app. This action is processed within 24 hours and is irreversible.
Disable Progress Tracking
Turn off progress tracking at any time. When disabled, all future body photos will be automatically deleted after AI analysis. Existing stored photos remain until you manually delete them.
Export Your Data
Request a complete export of all your data (photos, analysis results, account information) in a machine-readable format (JSON/ZIP) by contacting support@flexscan.app. We will fulfill export requests within 30 days.
Delete Your Account
Request complete account deletion, which removes all associated data including photos, analysis results, and personal information. Processed within 30 days, except where data must be retained by law (e.g., payment records for tax purposes).
7. Absolute No-Sharing Guarantee
We will NEVER sell, share, license, rent, or distribute your photos.
This is an absolute commitment. Specifically, we guarantee that your photos will never be:
- Sold to any third party for any purpose
- Shared with advertisers, marketers, or data brokers
- Used in any public-facing material, marketing, or promotional content
- Used to train AI or machine learning models (ours or any third party’s)
- Shared with other users of the Service
- Shared with employers, insurance companies, or government agencies (unless compelled by valid legal process, in which case we will notify you unless legally prohibited from doing so)
- Made accessible to FlexScan employees or contractors (photos are processed by automated systems only; human review occurs only if you explicitly share a photo with our support team)
The only third party that processes your photos is our AI provider (currently OpenAI), and only through their zero-data-retention API for the sole purpose of generating your analysis. This is the minimum data sharing necessary to provide the Service.
8. AI Processing Transparency
We are committed to being fully transparent about how AI is used in FlexScan:
- What AI Does: AI is used to analyze body photos (estimating body composition), analyze food photos (estimating calories and macros), generate personalized workout plans, and generate nutrition recommendations
- What AI Does NOT Do: AI does not make medical diagnoses, does not access your personal information beyond what is necessary for analysis, does not store your data, and does not make decisions about your account or subscription
- Human Oversight: While the AI operates autonomously for analysis, our team regularly reviews the quality and safety of AI outputs (using synthetic/test data, not user data) to ensure the system provides responsible guidance
- Provider Changes: If we change our AI processing provider, we will update this policy, notify users via email, and ensure the new provider meets equivalent or higher privacy and security standards
- Opt-Out: While AI processing is core to the Service, you can choose not to upload photos and instead use FlexScan for manually generated workout and nutrition plans without AI body analysis
9. Progress Tracking Feature
FlexScan offers an optional progress tracking feature that stores your body photos over time so you can visually track your fitness journey.
Opt-In Only
Progress tracking is disabled by default. You must explicitly enable it in your account settings. We will clearly explain what opting in means before you enable it.
What Is Stored
When enabled, body photos are stored encrypted in your personal storage area alongside the corresponding AI analysis results and timestamp. Photos are organized chronologically for progress comparison.
Accessible Only to You
Stored progress photos are accessible only through your authenticated account. They are protected by row-level security policies and encryption. No other user, employee, or system can access your progress photos.
Easy Deletion
You can delete individual progress photos, all progress photos, or disable progress tracking entirely at any time. Disabling progress tracking does not delete existing photos — you must explicitly delete them.
10. Data Breach Notification Policy
In the unlikely event of a data breach that affects your personal information or photos, we commit to the following:
Notification Timeline
We will notify affected users and relevant supervisory authorities within 72 hours of becoming aware of a qualifying breach, as required by GDPR Article 33. For California residents, we will also comply with the California data breach notification requirements.
What We Will Communicate
- The nature and scope of the breach
- The types of data affected
- Steps we have taken and are taking to address the breach
- Steps you can take to protect yourself
- Contact information for further questions
Our Response Plan
We maintain a documented incident response plan that includes: immediate containment and investigation, assessment of scope and impact, notification of affected parties, remediation and prevention of recurrence, and post-incident review.
11. Sub-Processors
The following sub-processors may process your photo data or personal information:
| Provider | Purpose | Data Access | Location |
|---|---|---|---|
| OpenAI | AI image analysis | Photos (zero retention) | United States |
| Supabase | Database & file storage | All user data (encrypted) | United States |
| Stripe | Payment processing | Payment & billing info | United States |
| Vercel | Application hosting | Access logs, IP addresses | United States |
We maintain Data Processing Agreements (DPAs) with all sub-processors and regularly review their security practices and compliance certifications.
12. Changes to This Policy
We may update this Photo & Data Handling Policy from time to time. When we make material changes — particularly changes that affect how we handle photos or introduce new sub-processors — we will:
- Notify you via email at least thirty (30) days before the changes take effect
- Display a prominent notice within the app
- Update the “Last Updated” date at the top of this policy
- Where required by law, obtain your renewed consent before processing your photos under new terms
13. Contact Information
If you have any questions about how we handle your photos and data, please reach out:
Data & Privacy Requests
For photo deletion requests, data export requests, or privacy-related inquiries:
Email: privacy@flexscan.app
This policy should be read in conjunction with our Terms of Service, Privacy Policy, and Medical & Fitness Disclaimer.