Pinchpoint — Privacy Policy

What we collect

Pinchpoint does not require an account. On first launch the app generates a random 256-bit identifier on your phone. We hash that identifier with a server-side salt and store the hash — that's how your history connects across requests, and it's the only thing tied to you.

When you tap to estimate your body fat, the app sends:

• The belly photo you just took (so we can run the analysis).
• The hashed device id (so we can attach the result to your history).

We persist the photo (so you can see it on the result and progress screens), the body-fat percentage, the model's confidence, and the timestamp. That's it.

What we do NOT collect

• No name, email, phone number, or contacts.
• No location.
• No advertising / analytics identifiers (no IDFA).
• No HealthKit / biometric data.
• No tracking across other apps or sites.

Third parties

Photo analysis runs on Anthropic Claude (Haiku). The photo is sent to Anthropic for a single inference and is not retained by Anthropic for training. See Anthropic's privacy policy.

Our backend runs on Vercel with a Turso SQLite database and Vercel Blob for photo bytes. All traffic is HTTPS.

Selling or sharing

We never sell, share, or rent your device id, photos, or any other data to anyone outside the providers above. Period.

Deleting your data

Tapping Erase all photos & history in Settings calls DELETE /api/me on our backend, which deletes every row and photo blob associated with your device id. Uninstalling the app also wipes the local device id, leaving the server-side record orphaned — we then garbage-collect orphaned rows on a schedule.

Children

Pinchpoint is not directed at children under 13.

Contact

Questions about this policy: open an issue on the project's GitHub repository (link on the App Store listing).