SculptR Privacy Policy

Last updated: 14 July 2026

This Privacy Policy explains what personal data the SculptR mobile app ("SculptR", "we", "us", "our") collects, how and why we use it, who we share it with, and the rights you have. It is written to meet the requirements of the UK GDPR and the EU General Data Protection Regulation (GDPR).

Who we are (data controller)

SculptR is operated by Saifur Rahman, based in the United Kingdom ("the controller"). For any privacy question or to exercise your rights, contact us at support@sculptr-app.com.

Information we collect

Legal bases for processing

Under the GDPR we rely on the following legal bases:

How we use your information

How and where your data is stored

Your account and synced data are stored using Supabase, our backend and database provider, over encrypted connections and with access restricted to your own account. Some data is also cached on your device so the app works offline.

Sub-processors we use

SupabaseAuthentication, database and cloud backup/sync.
AnthropicAI model that generates plans, coaching replies and meal-photo estimates.
RevenueCatManages subscription entitlements and purchase status.
AppleSign in with Apple, Apple Health (opt-in), and App Store payment processing.
GoogleSign in with Google and Google Play payment processing (Android).
Open Food FactsLooks up product nutrition when you scan or enter a barcode.

We do not sell your personal data, and we do not use it for third-party advertising.

International data transfers

Some of our providers (including Anthropic and RevenueCat, and, depending on the hosting region, Supabase) process data on servers in the United States. Where your data is transferred outside the UK/EEA, we rely on appropriate safeguards, such as the EU Standard Contractual Clauses (and the UK Addendum) and, where applicable, the providers' certification under the EU–US Data Privacy Framework.

Data retention

We keep your account and associated data for as long as your account is active. When you delete your account, we remove it from our live systems immediately and from encrypted backups within 30 days. Content sent to our AI provider may be retained by that provider for a limited period (up to around 30 days) to detect misuse, after which it is deleted. We may keep minimal records where required to comply with a legal obligation.

Your rights

Subject to the GDPR, you have the right to:

How to exercise your rights

Security

We protect your data with encrypted connections, database row-level security that limits each record to its owner, and server-side controls on sensitive actions. No system is perfectly secure, but we work to protect your information.

Data breaches

If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours where required, and we will inform affected users without undue delay where the risk is high.

Children

SculptR is not directed to children under 13, and we do not knowingly collect their data. In the EU, where the applicable digital-consent age is higher than 13, users below that age should only use SculptR with the consent of a parent or guardian.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by the "Last updated" date above and, where appropriate, notified in the app.

Contact

Questions about this policy or your data? Email support@sculptr-app.com.

SculptR · Back to support