Privacy Policy

Last updated: 18 June 2026

This Privacy Policy describes how the Suntic app ("Suntic", "the app", "we", "us", or "our") handles information when you use it. Suntic is an iOS app for UV-index tracking and guided tanning, developed by Taha Bozdemir ("the developer").

By downloading or using the app, you agree to the practices described in this policy. If you do not agree, please do not use the app.

Our approach to privacy

Suntic is built to keep your personal data on your device wherever possible. We do not sell your data, and we do not use it for advertising or profiling. Most of the app (UV forecasts, tanning routines, health estimates, and on-device AI insights) works without sending your personal information anywhere.

There is one exception that involves sending data off your device: the optional Skin Analysis feature, described in detail below.

Information stored on your device

The following information is created and stored only on your device (and, where you enable it, in Apple Health and Apple's iCloud backup under your own Apple account). We do not collect or receive it:

• Profile details you enter, such as skin type (Fitzpatrick), age, and vitamin-D preferences.
• Tanning sessions and routines, including duration, SPF, and clothing choices.
• Tan progress photos, stored in the app's private storage and excluded from device backups. These are never uploaded and never added to your photo library.
• AI insights and daily plans generated on-device using Apple Intelligence (Foundation Models). Prompts and outputs are processed locally and are never sent to us or any third party.

You can delete this information at any time from within the app.

Location

With your permission, Suntic uses your device location only to fetch an accurate local UV index from Apple Weather (WeatherKit). Your precise device location is used to retrieve weather and is not sent to our servers or shared for any other purpose. You can disable location access at any time in your device Settings, though UV accuracy for your current position will be reduced.

Separately, our analytics provider (PostHog) derives an approximate, city/region-level location from your network IP address to understand which regions our users are in. This is coarse, never your precise device location, and is described under "Anonymous account and analytics" below.

Health data

With your permission, Suntic integrates with Apple HealthKit:

• Reads your date of birth and biological sex (if available) to improve UV and vitamin-D estimates. This data stays on your device.
• Writes sun-exposure details for each session (UV exposure, time in daylight, and an estimated vitamin-D amount) so Apple Health holds a complete record.

Health data is governed by Apple's HealthKit privacy protections, stays on your device, and is never sent to us or any third party. You control HealthKit access in the Health app or device Settings.

Camera

Suntic uses the camera, with your permission, for two optional features:

• Tan progress photos: these stay on your device.
• Skin Analysis selfies: these are sent securely for cosmetic analysis as described below.

Skin Analysis (cloud-processed)

The optional Skin Analysis feature is the only part of Suntic that sends personal data off your device.

• What is sent: a compressed, metadata-stripped JPEG of your selfie, together with one or more randomly generated request identifiers (UUIDs) and an anonymous account token.
• How it is processed: the image is transmitted over an encrypted connection to our secure cloud backend (built on Google Firebase, primarily processed in the EU (europe-west1)). The image is never written to any database or file storage on our backend: it passes through the analysis job in memory only and is sent to a third-party AI provider, OpenRouter, which routes the request to a Google Gemini model, to produce a cosmetic skin-appearance reading. Every request enforces a no-retention, no-training routing rule: it is sent only to providers that will not store or train on the image, and if no such provider is available the request fails rather than falling back to one that would. Our server logs exclude image data.
• What it is NOT used for: facial recognition, identifying you, advertising, profiling, or building a personal profile.
• Retention: the backend does not store your selfie. Because the image is processed only in transit and is never retained by us or by any AI provider, no photo or video data is collected or stored by this feature. The cosmetic result and related job metadata are held briefly to deliver the reading to your device and then automatically deleted (typically within about 24 hours). For analyses you start from your profile, a private copy of the selfie may be kept on your device only (backup-excluded, never re-uploaded) so you can re-view the result; you can delete it at any time.
• Data sold or shared for marketing: never.

By submitting a Skin Analysis request, you consent to this processing. If you do not wish your selfie to be processed in this way, do not use the feature. If you do not use the Skin Analysis feature, no images leave your device.

Face data

The Skin Analysis selfie is the only feature in Suntic that involves face data. We treat the selfie image as face data and handle it as follows. Suntic does not use the selfie for facial recognition or identification, does not create a faceprint or biometric template, and does not use face data to identify, track, or build a profile of you.

• Whether face data is retained: Our backend does not retain your face data. The selfie is processed only in transit: it passes through the analysis job in memory and is never written to any database or file storage on our servers, and it is excluded from our server logs. The only optional storage of the selfie is a private copy kept on your own device; we never receive or keep that copy.
• Why a copy is stored on your device, and for how long: For analyses you start from your profile, a private copy of the selfie is saved only on your device (in app-private storage that is excluded from device backups, never added to your photo library, and never re-uploaded). Its sole purpose is to let you re-view and re-share your saved result. It is kept until you delete it: you can remove it at any time in the app (per-record deletion or Settings → Data & Privacy → Delete Account Data). We do not impose a fixed time limit because the copy stays under your control on your device and is never transmitted to us.
• How long any associated data is kept off-device: Because the selfie itself is never stored off your device, there is no off-device face-data retention period. The non-image cosmetic result and job metadata needed to deliver the reading are held only transiently and are automatically deleted, typically within about 24 hours. Limited, non-image abuse-prevention records may be kept briefly for security.
• Which third parties receive the face data: To produce the reading, the selfie is transmitted to Google Firebase (our cloud backend; processed primarily in the EU, europe-west1) and from there to OpenRouter, which routes it to a Google Gemini model.
• Why we share it with them: Solely to generate the cosmetic skin-appearance reading you requested (for example, visible tone, evenness, texture). It is not shared for advertising, profiling, identification, or any other purpose.
• Whether those third parties store the face data: No. Each request enforces a no-retention, no-training routing rule: the image is sent only to providers that will not store the image or use it to train models, and if no such provider is available the request fails rather than falling back to one that would. Firebase passes the image through in memory only and does not store it. Under these terms, OpenRouter and Google (Gemini) do not retain the image or use it for training. Each provider operates under its own privacy policy, and any incidental processing on their side is governed by the no-retention, no-training terms described here.

Anonymous account and analytics

To operate the app, an anonymous account is created for you through Firebase. This anonymous identifier is not linked to your name or email and is used to authenticate requests (such as Skin Analysis) and to align your subscription and product analytics. It is stored in your device Keychain so it can persist across reinstalls on the same device.

We use the following third-party services to operate and improve the app:

• Firebase (Google): anonymous authentication, abuse protection, and the Skin Analysis backend.
• OpenRouter and Google Gemini: process Skin Analysis selfies to generate the cosmetic appearance reading.
• RevenueCat: manages subscriptions and purchases.
• PostHog: privacy-respecting product analytics and crash diagnostics. PostHog derives an approximate, city/region-level location from your IP address for regional analytics; we configure PostHog to discard the raw IP address after this lookup so it is not retained. Analytics otherwise receive only event tags and non-identifying metadata, and crash reports contain only anonymous stack traces, never your photos, health data, precise location, or AI prompts.
• Apple WeatherKit: UV and weather data.

These providers process data only to provide their services and are not permitted to use it for unrelated purposes. Each operates under its own privacy policy.

Subscriptions and Apple

Suntic offers an optional paid subscription ("Suntic Pro"). Purchases are processed by Apple through the App Store and managed via RevenueCat. We do not receive or store your payment card details. Apple may share information about your usage and in-app purchases with us for purposes such as processing refund requests.

Children

Suntic is not directed to children and is intended for a general audience. We do not knowingly collect personal information from children. Because sun exposure carries health considerations, users should consult a parent, guardian, or healthcare professional as appropriate.

Data security

We use industry-standard measures, including encrypted connections, app-integrity protection (Firebase App Check), and single-use request tokens, to safeguard data in transit and at rest. However, no method of transmission or electronic storage is 100% secure, and we cannot guarantee absolute security.

Data retention

• On-device data (profile, sessions, tan photos, AI insights, local analysis results) is kept until you delete it or remove the app.
• Skin Analysis selfies are never stored on our backend; the cosmetic result and job metadata are auto-deleted, typically within about 24 hours.
• Anonymous account and analytics identifiers are retained while your account is active and removed when you delete your account data.
• Limited abuse-prevention and security records may be retained for a short period as required to operate the service securely.

International data transfers

Our backend is configured to process data primarily in the European Union (europe-west1). However, some service providers, in particular the AI provider used for Skin Analysis (OpenRouter / Google Gemini) and our analytics and subscription providers (PostHog, RevenueCat), may process data in other countries, including the United States. Where data is transferred outside your country or the European Economic Area, we and our providers rely on appropriate safeguards, primarily the European Commission's Standard Contractual Clauses (and, where applicable, the providers' certification under the EU-US Data Privacy Framework). You may contact us for more information about these safeguards.

Your choices, rights, and deletion

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to the processing of your personal data, and to withdraw consent. To exercise these, use the in-app controls below or contact us. You can:

• Revoke camera, location, or health permissions at any time in device Settings.
• Delete tan photos, sessions, and analysis results within the app.
• Delete your cloud account data using Settings → Data & Privacy → Delete Account Data, which removes your anonymous account and any associated backend data, requests deletion of your associated analytics records, and resets your analytics identity.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. If you are a California or EEA/UK resident, you may exercise the applicable rights described above; we will not discriminate against you for doing so.

Third-party links

The app may reference third-party sites or services. We are not responsible for their content or privacy practices and encourage you to review their policies.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above. Continued use of the app after an update constitutes acceptance of the revised policy.

Contact

If you have questions about this Privacy Policy or your data, contact:
Taha Bozdemir, data controller, based in Istanbul, Türkiye
Email: hello@boldbiscuit.com