Legal

Privacy Policy

Last updated: April 2026

Arovya is built with privacy by design. Your health data stays on your device. We do not sell your personal data to anyone, ever.

1. Who We Are

Arovya is an iOS application developed by Anand Muddi, an independent developer based in the United Kingdom. The app is available on the Apple App Store under the bundle identifier com.muddi.arovya.

For any privacy-related questions, contact us at: support@arovya.uk

2. What Data We Collect

Data stored locally on your device only:

Your name (entered during onboarding, optional)
Health profile: age range, dietary pattern, sun exposure, health goals
Supplement routine: names, dosages, timing preferences
Daily supplement logs and adherence history
Food scan history and cached product results
App preferences and settings

All of the above is stored exclusively on your device using iOS UserDefaults and local storage. It is never transmitted to our servers.

Data processed by third-party services:

Crash reports — anonymised crash data sent to Sentry (ingest.de.sentry.io) to help us fix bugs. No personal health data is included.
Analytics events — anonymised usage events (e.g. "scan completed", "pro purchased") sent to Mixpanel EU servers. Events do not include your name, health profile, or specific scan results.
Purchase information — subscription status managed by RevenueCat. RevenueCat receives your Apple-assigned anonymous subscriber ID and purchase status only.
AI label scanning — when you use the AI label scan feature, the photos you take are sent via a secure Cloudflare proxy to OpenAI for ingredient extraction. Photos are not stored after processing.
Product database lookups — barcode lookups are sent to OpenFoodFacts (world.openfoodfacts.org), an open-source food database. No personal data is included in these requests.

3. How We Use Your Data

To provide personalised health scores based on your goals and dietary preferences
To track your supplement routine and adherence
To identify ingredient conflicts with your dietary preferences
To improve app stability using crash reports
To understand which features are used most via anonymised analytics
To manage your Pro subscription status

4. Data Sharing

We do not sell, rent, or trade your personal data to any third parties for marketing or advertising purposes.

Your health profile, supplement logs, and scan history are never shared with anyone. They exist only on your device.

The only data that leaves your device is:

Anonymised crash reports (Sentry)
Anonymised analytics events (Mixpanel)
Purchase status (RevenueCat / Apple)
Photos you choose to scan (OpenAI, deleted after processing)
Barcode numbers for product lookups (OpenFoodFacts)

5. GDPR & UK GDPR

We are committed to compliance with the UK GDPR and EU GDPR. Our lawful basis for processing anonymised analytics and crash data is our legitimate interest in maintaining and improving the app.

Our analytics provider (Mixpanel) processes data on EU servers, ensuring data does not leave the European Economic Area.

Your rights under UK/EU GDPR include:

Right to access — request a copy of data held about you
Right to erasure — delete all your data via Settings → Delete My Data within the app
Right to object — contact us to opt out of analytics processing
Right to portability — your local data can be exported on request

6. Data Retention

Local data on your device is retained until you delete the app or use the "Delete My Data" option in Settings.

Anonymised crash reports are retained by Sentry for 90 days.

Anonymised analytics events are retained by Mixpanel for 12 months.

AI scan photos are deleted by OpenAI immediately after ingredient extraction is complete.

7. Children's Privacy

Arovya is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, please contact us and we will delete it.

8. Security

Your health data is stored only on your device and is protected by iOS device encryption. API keys and secrets are never stored in the app binary — they are injected at build time and never visible to users.

Communication with third-party services uses HTTPS/TLS encryption.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via an in-app notice. The "last updated" date at the top of this page will always reflect the most recent version.

10. Contact Us

If you have any questions about this privacy policy or how we handle your data, please contact:

Anand Muddi
Email: support@arovya.uk
Website: arovya.uk