Version: v1.0
Effective Date: April 9, 2026
Required for App Function
These data flows are necessary to provide the Services:
What We Share
Email, authentication credentials
- Category of Provider
- Authentication services
- Why
- Account login and security
What We Share
Health tracking data
- Category of Provider
- Cloud infrastructure, sync services
- Why
- Data storage and multi-device sync
What We Share
Device push tokens, notification content
- Category of Provider
- Push notification services
- Why
- Deliver reminders
What We Share
Purchase receipts, subscription status
- Category of Provider
- Subscription services, app stores
- Why
- Verify purchases and entitlements
What We Share
Error logs, crash data
- Category of Provider
- Error monitoring services
- Why
- Fix bugs and maintain stability
What We Share
Supplement lookup requests, barcode/product identifiers, selected nutrition/product matches
- Category of Provider
- Nutrition data providers
- Why
- Return supplement and nutrition lookup results
Optional (Your Choice)
These data flows only occur if you opt in:
What We Share
Usage events, feature interactions
- Category of Provider
- Analytics services
- Why
- Improve product
- Your Control
- Settings > Privacy
What We Share
Session recordings (masked)
- Category of Provider
- User experience services
- Why
- Debug issues
- Your Control
- Settings > Privacy
User-Initiated (When You Use Features)
What We Share
Health data subset for reports
- Category of Provider
- AI/machine learning services
- Why
- Generate AI reports
- Your Control
- Only when you request reports
What We Share
Exported data
- Category of Provider
- Your chosen destination
- Why
- Export/share features
- Your Control
- You initiate export
Supplement and nutrition lookup requests are initiated by your use of those features. When you use supplement lookup, Doserly may query third-party nutrition data providers, including FatSecret and Open Food Facts, with the lookup input needed to return matches.
On-Device Only (Not Shared)
Data
Images for text recognition (OCR)
- Processing
- On-device ML
- Sent to External Servers?
- No
Data
Biometric authentication data
- Processing
- Device secure enclave
- Sent to External Servers?
- No
Data
Local encryption keys
- Processing
- Device keychain
- Sent to External Servers?
- No
Aggregate Analysis (Internal)
We perform de-identified, aggregate statistical analysis on health data internally to identify trends, improve the Services, and generate population-level insights. This analysis:
- Is conducted on our own infrastructure — aggregate health data is not shared with third parties
- Contains no personal identifiers (no names, emails, user IDs, or other information that could identify you)
- Uses only statistical summaries (counts, averages, distributions), never individual records
See our Privacy Policy and Consumer Health Data Notice for details on our de-identification practices.
We Never Sell Your Data
We do not sell your personal information or health data to:
- Data brokers
- Advertisers
- Marketing companies
- Any third party for their own commercial purposes
Provider Information
Examples of provider categories that may receive data when you use optional or feature-driven workflows include:
- AI providers for AI-generated reports
- nutrition data providers for supplement lookup
- analytics providers if you opt in to analytics
- communications providers for notifications and transactional messaging
For a current list of specific service providers, contact privacy@doserly.com. We will respond within 30 days.