1. Who we are
Arc ("Arc", "we", "our") is a body transformation tracking app operated by MyArc. Our contact address is support@getmyarc.app.
2. Information we collect
- Account information — email address and password hash when you register.
- Profile data — height, weight, age, sex, date of birth (used to verify the 18+ redemption gate), and fitness goal that you enter voluntarily.
- Meal logs — food descriptions, photos, and AI-estimated macros you record in the app.
- Body photos — progress photos you upload; stored in your private storage bucket.
- Weight entries — dates and weights you log.
- Usage data — app version, device platform (iOS/Android), and anonymous usage events for debugging.
- Fraud-prevention signals — IP address, device fingerprint (a hash derived from non-sensitive device properties such as model, OS version, and locale), and behavioral patterns (signup velocity, referral graph). Collected only for the purposes described in Section 3.f below.
- Phone number — collected if you opt into or are required to complete SMS verification (e.g. for high-volume signups or large redemptions).
- Identity verification documents — for redemptions above $50 USD-equivalent, we may collect a government-issued ID image and a real-time selfie. These are processed by our KYC provider and not retained on Arc servers beyond verification.
3. How we use your information
- To provide the app's core features: meal logging, deficit tracking, weight trends, and body photo storage.
- To generate AI macro estimates from your meal descriptions and photos.
- To display personalized coaching messages based on your logged data.
- To process subscription payments via Apple App Store, Google Play Store, or Stripe (we do not store card numbers).
- To send optional push notifications (reminders you configure).
- 3.f — Fraud prevention. IP address, device fingerprint, phone number (when collected), and behavioral patterns are used solely to detect and prevent abuse of the Referral Program, Arc Credits redemption, and account creation. These signals are retained for up to 24 months and are not used for advertising. We may share fraud-related signals with payment processors (Apple, Google, Stripe) when investigating chargebacks or coordinated abuse.
4. AI analysis disclaimer
Arc uses AI models to estimate meal macronutrients from text or photo descriptions. These estimates are for personal reference only and are not medical, clinical, or nutritional advice. Always consult a qualified healthcare provider for clinical nutrition guidance.
5. Data sharing
We do not sell your personal data. We share data only with:
- Supabase — cloud database and storage (EU/US infrastructure).
- OpenAI / Google Gemini — AI providers that receive your meal descriptions/photos for analysis. They process data under their own privacy policies.
- Apple / Google / Stripe — payment processors. We pass your email and a customer ID; payment providers handle all card data.
- SMS provider (e.g. Twilio) — when SMS verification is required, your phone number is sent to our SMS provider solely to deliver the verification code.
- KYC provider — when identity verification is required for high-value redemptions, your ID image and selfie are processed by our KYC provider under their privacy policy. Documents are not retained by Arc.
- Gift card and reward fulfillment providers — when you redeem AC for gift cards or partner rewards, we pass your email and reward selection to the fulfillment provider to deliver the reward.
- Vercel — web and API hosting.
6. Data retention
Your data is retained while your account is active. When you delete your account, your profile, meal logs, weight entries, and body photos are permanently deleted within 30 days.
7. Your rights
You may request at any time:
- Access to the personal data we hold about you.
- Correction of inaccurate data.
- Deletion of your account and all associated data.
- Export of your data in a portable format.
To exercise these rights, email us at support@getmyarc.app.
8. Security
All data is encrypted in transit via HTTPS/TLS. Body photos are stored in private, access-controlled storage buckets. We follow industry-standard practices to protect your information.
9. Children
Arc is not intended for users under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us data, contact us and we will delete it promptly.
10. Changes
We may update this policy. Material changes will be communicated via email or an in-app notice. Continued use after the effective date constitutes acceptance.