KETONOIR

Account Information. Name, email address, password (encrypted), and date of birth for age verification.

Profile Information. Height, weight, sex, body composition (if you provide it), activity level, dietary preferences, and health goals you voluntarily enter.

Health Screening Responses. Answers you provide during onboarding screening regarding pregnancy, organ disease, eating disorder history, medication use, gallbladder issues, type 1 diabetes, recent cardiac events, SGLT2 inhibitor use, and active cancer treatment. The screening determines whether AI coaching features are enabled or restricted to general tracking mode.

Food and Nutrition Data. Meals logged, macronutrient intake, water consumption, exercise, ketone or glucose readings (if you choose to log them), and any other data you enter into tracking features.

Meal and Body Photos. Photos you choose to capture and upload through the snap-logging feature. These photos are uploaded to KetoNoir’s backend and forwarded to Anthropic’s Claude vision API for nutritional analysis. Photos are not retained beyond what is necessary to complete the analysis and the resulting log entry.

AI Coach Conversations. Questions, messages, and responses exchanged with the KetoNoir AI coaching feature.

Payment Information. Subscription details processed through Apple App Store, Google Play Store, or Stripe. We do NOT store full credit card numbers on our servers.

Communications. Feedback, support requests, and correspondence you send to us.

Device Information. Device type, operating system, app version, language settings, and a randomly generated 16-character device fingerprint that contains no personal information.

Usage Data. Features used, session duration, pages viewed, time stamps, and in-app actions.

Consent and Disclaimer Logs. Records of which disclaimers, terms, and policies you have accepted, including version numbers (e.g., medical_disclaimer v1.0, ai_coach_disclaimer v1.1, health_screening v1.1, terms_of_service v1.3, privacy_policy v1.4), timestamps, app version, and device identifier. When a disclaimer version is materially updated, you will be re-prompted to accept the new version.

Log Data. IP address, access times, and diagnostic data.

Crash Reports. Stack traces and runtime diagnostic data captured when the application encounters an error. Crash reports are processed by Sentry, our crash-reporting provider. Crash reports do not contain biomarker values, food log entries, AI coach conversation content, or other sensitive personal information.

Analytics Data. Aggregated, event-level behavioral data (e.g., feature usage, screen views, conversion events) processed by PostHog, our analytics provider. Analytics data does not contain biomarker values, food log entries, AI coach conversation content, or other sensitive personal information.

If you choose to connect third-party services (such as Apple Health, Google Fit, or social login providers), we may receive information from those services in accordance with the permissions you grant. We do not receive more than what you authorize.

HealthKit and Health Connect data is read on-device only at the time the user views their forecast, coach, or trends. The values are passed inline within a single request to KetoNoir's backend, used to generate the response, and never stored on KetoNoir servers. The OS health store remains the user's sole source of truth. We do not retain, warehouse, or share HealthKit or Health Connect data with any third party.

We use the information we collect to:

• Provide, maintain, and improve the Service and its features.
• Process subscriptions, payments, and renewals.
• Personalize your experience, including macro targets, meal tracking, and AI coaching responses.
• Determine eligibility for AI coaching based on your health screening responses, and route you to general tracking mode if your responses indicate elevated risk for ketogenic dietary intervention.
• Send your AI coach conversations to our AI service provider (Anthropic) to generate responses.
• Communicate with you about updates, features, security alerts, and customer support.
• Send marketing and promotional materials (only with your consent, where required by law).
• Detect, prevent, and investigate fraud, abuse, and security incidents.
• Comply with legal obligations and enforce our Terms of Service.
• Conduct research and analytics to improve the Service (using aggregated, de-identified data where possible).

The KetoNoir AI coach is powered by Anthropic’s Claude API. When you interact with the AI coach:

• Your messages are transmitted to Anthropic’s servers for processing.
• Anthropic processes your messages under its commercial terms and privacy policy.
• We do not send your full name, email, payment information, or precise location to Anthropic.
• Conversation content may include health and dietary information you choose to share with the AI coach, including biomarker values (such as ketones, glucose, weight, and macronutrient intake) used to personalize coaching responses.
• Meal and body photos uploaded through the snap-logging feature are forwarded to Anthropic’s Claude vision API for nutritional analysis. Photos are processed under Anthropic’s commercial terms and privacy policy.

For more information about how Anthropic handles data, please review Anthropic’s Privacy Policy at anthropic.com/legal/privacy.

You should not share highly sensitive information (such as Social Security numbers, financial account details, or specific medical diagnoses) with the AI coach. The coach does not diagnose conditions, prescribe medications, recommend supplement dosing, or adjust insulin doses. Per the AI Coach Disclaimer (v1.1), coach output is not reviewed by a licensed clinician on a per-message basis and you must independently verify any guidance with a qualified healthcare provider.

We do NOT sell your personal information. We share information only as follows:

Service Providers. Trusted third-party service providers who help us operate the Service. These providers are contractually required to protect your information and process it only on our instructions:

• Cloud hosting: Vercel (application backend) and Netlify (marketing pages).
• Database and rate limiting: Upstash.
• Payment processing: Apple App Store, Google Play Store, and Stripe.
• Analytics: PostHog (event-level data only; no biomarker values, food log entries, or AI coach conversation content are transmitted).
• Crash reporting and diagnostics: Sentry (stack traces only; no biomarker values, food log entries, or AI coach conversation content are transmitted).
• AI processing: Anthropic Claude API for text-based AI coaching and vision-based meal photo analysis.
• Food and nutrition data: USDA FoodData Central, Open Food Facts, FatSecret, and Spoonacular (when connected).

Legal Requirements. When required by law, court order, subpoena, or to protect our legal rights, property, or safety, or that of our users or the public.

Business Transfers. If Ketonoir LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred. You will be notified of any change in ownership or use of your information.

With Your Consent. For any other purpose disclosed to you at the time we collect the information.

Aggregated Data. We may share aggregated or de-identified information that cannot reasonably be used to identify you.

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account Data. Retained while your account is active and for up to 90 days after account deletion to handle refunds, disputes, or legal obligations.
• Consent Logs. Retained for seven (7) years after account closure to demonstrate compliance with legal and regulatory requirements. Includes all consent versions you accepted.
• AI Coach Conversations. Retained for up to 24 months or until you delete them from your account.
• Meal and Body Photos. Retained only as long as necessary to complete nutritional analysis and produce the resulting log entry, then deleted.
• Payment Records. Retained for seven (7) years as required by tax and accounting regulations.
• Backup Data. May persist in encrypted backups for up to 30 days after primary deletion.

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit (TLS 1.2 or higher) and at rest where supported by our service providers.
• Secure password hashing (bcrypt or equivalent).
• Access controls limiting employee access to personal data.
• API key isolation: third-party API keys (Anthropic, FatSecret, USDA) are held server-side and never shipped to client devices.
• Regular security audits and vulnerability assessments.
• Incident response procedures for suspected breaches.

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Depending on your location, you may have the following rights:

• Access. Request a copy of the personal information we hold about you.
• Correction. Request that we correct inaccurate or incomplete information.
• Deletion. Request that we delete your personal information, subject to certain exceptions (e.g., consent logs retained for legal compliance).
• Portability. Request a copy of your data in a structured, commonly used format.
• Objection / Restriction. Object to or request that we limit certain types of processing.
• Withdrawal of Consent. Withdraw consent where processing is based on consent.
• Non-Discrimination. We will not discriminate against you for exercising any of these rights.

California residents have specific rights under the California Consumer Privacy Act, including the right to know what personal information is collected, sold, or disclosed; the right to delete; the right to correct; the right to opt out of the sale or sharing of personal information; and the right to limit the use of sensitive personal information. We do not sell personal information as defined under the CCPA.

If you are located in the EEA, UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and equivalent laws. Our lawful bases for processing include: your consent; performance of a contract (to provide the Service); compliance with legal obligations; and our legitimate interests in operating and improving the Service.

To exercise any of these rights, contact us at legal@ketonoir.ai. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

The Service is intended for users 18 years of age or older. We do not knowingly collect personal information from individuals under 18. The Service includes an age gate requiring confirmation of age 18 or older before use. If we learn that we have collected personal information from a person under 18, we will delete that information promptly. If you believe a minor has provided us with personal information, please contact us at legal@ketonoir.ai.

Ketonoir LLC is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the Service, you consent to such transfers. Where required by law, we implement appropriate safeguards (such as Standard Contractual Clauses) for international data transfers.

Our web application may use cookies and similar technologies to authenticate users, remember preferences, analyze usage, and improve the Service. You can control cookies through your browser settings. The mobile application uses device identifiers and SDKs for similar purposes. You can manage tracking preferences through your device settings.

The Service may contain links to third-party websites, affiliate partners, or services that are not operated by us. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party service you visit.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service, by email, or by other reasonable means. Your continued use of the Service after the effective date of the updated policy constitutes acceptance of the changes. We will log your re-acceptance where required, and disclaimer version bumps will trigger a re-consent prompt for the affected disclaimer.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact:

KetoNoir LLC
1145 Santa Fe Drive 1297
Weatherford, TX 76087-3846
United States
Email: legal@ketonoir.ai