HealthLens
Sign in
← Back

Privacy Policy

Last updated: April 14, 2026

HealthLens AI (“we”, “our”, “the app”) is a personal wellness assistant that helps you review whether a product may suit your dietary preferences, sensitivities, and health-related goals. This app provides informational guidance only and is not a medical device, diagnostic tool, or substitute for professional medical advice. We take your privacy seriously, especially because the data you share may be sensitive.

1. What we collect

When you use HealthLens AI, we collect and store:

  • Account info: your email address and an encrypted password hash (we never see your plain password).
  • Health profile: the conditions, allergies, intolerances, medications, and free-text notes you choose to add.
  • Scan history: photos you take inside the app, products you scan, ingredient lists, verdicts, and scan timestamps.
  • Saved products: items you explicitly favorite.

We do not collect: your contacts, your location, your browsing history, or any data from other apps on your device.

2. Where your data lives

Your account and scan data are stored on Supabase (Postgres database hosted in the United States). Photos you take are sent to Anthropic for AI analysis — Anthropic processes the image in memory to extract ingredients and does not retain it for model training. Our web app is hosted on Vercel.

3. How we use your data

  • To identify products you scan and rate them against your health profile.
  • To show you your scan history and saved products.
  • To personalize recommendations based on your conditions.

We do not sell your data. We do not show you ads. We do not share your health information with advertisers, insurers, employers, or data brokers.

4. Third-party services

We share data with the following third parties, each for a specific purpose:

  • Anthropic (Claude API): receives product photos, ingredient lists, and your health profile categories (allergies, dietary preferences) to generate personalized product analysis. Your name, email, and account ID are never sent to Anthropic. Covered by Anthropic’s Privacy Policy and Usage Policy.
  • Supabase (database hosting): stores your account, profile, scan history, and consent records. Hosted in the United States. Covered by Supabase’s Privacy Policy.
  • Stripe (payment processing): processes subscription payments. Receives your email and payment method. We do not store credit card numbers. Covered by Stripe’s Privacy Policy.
  • Vercel (web hosting): hosts our web application and processes HTTP requests. May collect IP addresses and request metadata in server logs.
  • Open Food Facts / Open Beauty Facts: public product databases we query for barcode lookups. No personal information is sent.

We do not share your health data with advertisers, analytics services, social media platforms, insurers, employers, or data brokers.

5. Health data consent

When you create an account, we ask for your explicit consent to collect and process health-related data (allergies, dietary restrictions, health conditions). This consent is required because health data receives special legal protection under applicable laws including the Washington My Health My Data Act, GDPR (for EU users), and CCPA/CPRA (for California residents).

You can withdraw your health data consent at any time by deleting your account, which removes all health-related data from our systems. To withdraw consent, use the “Delete account” button on the Account page or email us.

6. Your rights

  • Access: you can view all your profile and scan data inside the app at any time.
  • Delete: use the “Delete account” button on the Account page for instant self-service deletion. Alternatively, email privacy@healthlens.io. We’ll complete deletion within 30 days.
  • Export: you can request a copy of your data in JSON format by emailing us.
  • Correction: you can update your health profile and preferences at any time within the app.
  • Withdraw consent: you can revoke health data processing consent by deleting your account.
  • Opt out of sale: we do not sell your data. There is nothing to opt out of.

7. Children

HealthLens AI requires users to be at least 13 years old to create an account. We do not knowingly collect personal information from anyone under 13.

Family profiles: When adding a family member under 13, we collect only a generic label (e.g., “Family Member”) and allergy categories — no real names, birthdates, or free-text notes are stored for minors. This is in compliance with the Children’s Online Privacy Protection Act (COPPA).

If you believe a child under 13 has created an account or that we have collected their personal information, please contact us immediately and we will delete it.

8. Automated decision-making

HealthLens uses artificial intelligence (Anthropic Claude) to analyze product ingredients and generate personalized wellness guidance. These AI-generated results are informational only and do not constitute medical advice, diagnosis, or treatment recommendations. You should always read product labels yourself and consult a healthcare professional for medical decisions.

9. Data retention

We retain your data for as long as your account is active. When you delete your account, all associated data (profile, scan history, family profiles, shopping lists, consent records) is permanently deleted from our database within 30 days. Anthropic does not retain product images or analysis data after processing.

10. Data breach notification

In the event of a data breach affecting your personal information, we will notify affected users within 60 days of discovery, as required by the FTC Health Breach Notification Rule. If 500 or more users are affected, we will also notify the FTC. For EU users, notification will occur within 72 hours as required by GDPR.

11. Security

All communication with our servers uses HTTPS with TLS encryption. Passwords are hashed using bcrypt. Database access is restricted per-user via row-level security. API keys are stored in encrypted environment variables. However, no system is perfectly secure — if you have a severe allergy, we strongly encourage you to also read product labels yourself.

12. Changes to this policy

We may update this policy. If changes are material (especially regarding health data handling), we will re-request your consent before continuing to process your data. The “Last updated” date above reflects the latest version.

13. Contact

Questions about this privacy policy or your data? Email privacy@healthlens.io.

Privacy Policy — HealthLens AI · HealthLens