1. Who we are and what this policy covers

StackFlow is operated by Hangdong Guo. This policy applies to the StackFlow iOS app, the StackFlow marketing and support site, support communications, account administration, subscription handling, and AI-powered planning or insight features that are part of the current product.

It covers personal data we collect from you directly, data collected through your use of the app or website, and data we receive from service providers such as Apple or Supabase in order to run the service.

2. Information we collect

Depending on how you use StackFlow, we may collect the following categories of information:

• Account and identity data. Email address, Sign in with Apple identifiers, authentication state, account status, linked sign-in methods, and session-related identifiers needed to keep you signed in.
• Profile and wellness data. Profile details such as name, age, height, weight, market, goals, focus areas, dietary preferences, reminders preferences, and other user-entered settings.
• Routine and supplement data. Your supplement stacks, time slots, supplement selections, custom entries, planning choices, interaction summaries, check-ins, and related notes.
• Feelings and feedback data. Feeling logs, free-text notes, subjective body feedback, and other inputs you provide to track how a routine feels over time.
• AI feature inputs and outputs. When you ask StackFlow for planning, explanation, or insight features, we may process relevant profile, routine, and note data together with the resulting AI output.
• Label scanning and OCR data. If you choose to scan a supplement label or select a label image, StackFlow may access your camera or photo library, run OCR locally on device, and send recognized text, OCR lines, and related metadata to our backend to help identify products or formulas.
• Notifications and reminders data. Notification preferences, stack reminder settings, local scheduling state, and other reminder-related settings associated with your account or device usage.
• Subscription and transaction data. Product identifiers, entitlement status, renewal state, purchase restoration results, and other subscription state provided through Apple’s App Store and StoreKit. We do not receive your full payment card number from Apple.
• Support and communications. Emails you send to support or privacy inboxes, screenshots or attachments you choose to share, and the information needed to respond to your request.
• Technical and service data. App version, operating system version, device characteristics, timestamps, error context, security logs, and service diagnostics reasonably necessary to keep the app reliable and secure.
• Website and browser data. On the website, we may process standard request metadata and essential browser storage such as language preference. The current site is not described here as a third-party advertising or tracking property.

3. How we collect information

• Directly from you. For example, when you create an account, complete your profile, add supplements, log feelings, contact support, or request AI guidance.
• From your device permissions and app usage. For example, when you grant camera, photo library, or notification permissions, or when the app stores local reminder settings.
• From service providers you use to access the app. For example, Apple provides Sign in with Apple or subscription information, and Supabase provides authentication and session infrastructure.
• Automatically through normal operation. For example, when our systems create security, error, performance, or operational logs needed to run the service.

4. How we use information

We use personal data to operate StackFlow in ways that are consistent with this policy and applicable law, including to:

• create and maintain your account, authenticate sign-in, and keep your session active across app launches;
• store, sync, and show your supplement routine, profile, stack structure, history, notes, and feelings data;
• power planning, explanation, and insight features you actively request;
• process label text and OCR-based matching flows when you use scanning features;
• schedule or honor reminder settings, including local notifications you choose to enable;
• verify and reflect subscription or entitlement state from Apple;
• respond to support or privacy requests;
• monitor reliability, prevent abuse, investigate incidents, and protect the service and our users;
• comply with legal, accounting, tax, audit, fraud-prevention, or recordkeeping obligations; and
• improve the service in ways consistent with the data handling practices described here.

5. AI features, label scanning, and OCR

StackFlow includes AI-assisted planning, explanation, and insight features. When you invoke those features, we may send the minimum relevant profile, routine, notes, and product-context data needed to generate the requested output to our AI provider, currently Google Gemini.

StackFlow also includes supplement label scanning flows. In the current app, OCR is performed locally on device using Apple Vision APIs before recognized text and related metadata are sent to our backend for product matching. The current OCR flow is based on extracted text, OCR lines, and metadata; it is not described here as a general cloud image-hosting feature.

6. How we share information

We do not sell personal data. We also do not use your personal data for third-party cross-context behavioral advertising. We may disclose personal data only as follows:

• To service providers that help us run StackFlow. These include providers for authentication and account infrastructure, AI processing, subscription handling, hosting, website delivery, network protection, and similar business operations.
• Current providers include. Supabase for authentication and account infrastructure, Google Gemini for AI features you invoke, Apple for Sign in with Apple and App Store subscriptions, Railway for backend hosting, Vercel for website hosting, and Cloudflare where enabled for DNS, CDN, network protection, or object-storage-related services.
• Legal, safety, or enforcement reasons. When reasonably necessary to comply with law, respond to lawful requests, investigate fraud or abuse, or protect rights and safety.
• Business transfer. If StackFlow is reorganized, acquired, or transferred, information may be transferred as part of that transaction subject to applicable law.

7. International transfers

Your information may be processed in jurisdictions outside your own where we or our service providers operate. As a result, your information may be transferred to and processed outside your country or region of residence.

Where applicable law requires transfer safeguards, we aim to rely on appropriate contractual, organizational, or technical measures. However, international transfers still involve risk, especially where local legal protections differ from those in your home jurisdiction.

8. How long we retain information

We generally retain account, profile, routine, and subscription-related data while your account remains active and as long as reasonably necessary to provide the service you requested.

• Account and routine data are typically retained until you delete the account or ask us to remove the data.
• Support records may be retained for follow-up, legal, or operational purposes.
• Security, backup, audit, and fraud-prevention records may be retained for longer when reasonably necessary or legally required.
• De-identified or aggregated information may be retained for service improvement, reliability review, security analysis, or similar internal purposes where permitted by law.

9. Your choices and rights

Depending on where you live, you may have rights to access, correct, export, delete, or restrict certain processing of your personal data.

• Account controls. Many profile, routine, and reminder settings can be updated in the app.
• Notifications. You can manage notification permissions in iOS Settings, and certain reminder preferences are also available inside the app.
• Subscriptions. You can manage or cancel your subscription through your App Store account settings. Refunds are handled by Apple.
• Support and privacy requests. To request access, correction, export, deletion, or other privacy help, email privacy@stackflow.life.
• Website language preference. The site may store your language preference locally in your browser.

10. Account deletion

StackFlow supports in-app account deletion. In the app, go to Settings > About & Help > Delete Account. You can also email privacy@stackflow.life.

• We aim to complete primary account-data deletion within 30 days after a valid request.
• If your account is linked with Sign in with Apple, Apple may require reauthentication before deletion can be completed.
• Deleting your account does not automatically cancel your App Store subscription; subscriptions must still be managed through Apple.
• Limited backup, security, fraud-prevention, accounting, or legally required records may remain for longer even after deletion is completed.

11. EEA, UK, and Switzerland

If you are in the EEA, UK, or Switzerland, we generally rely on one or more of the following legal bases, depending on the context: performance of a contract with you, our legitimate interests in operating and securing the service, your consent (for example, for certain device permissions), and compliance with legal obligations.

You may have rights to access, rectify, erase, export, object to, or restrict processing of your personal data, and to withdraw consent where consent is the legal basis. To exercise those rights, contact privacy@stackflow.life.

12. U.S. state privacy and consumer health data

If U.S. state privacy laws apply to you, you may have rights to know, access, correct, delete, or export your personal data, and to appeal a denied request where required by law. Where applicable, you may also act through an authorized agent, subject to verification that the agent is permitted to act for you.

To the extent supplement routines, body metrics, check-ins, or feeling logs qualify as consumer health data under applicable U.S. law, we use and disclose that information only to provide the service, support account administration, maintain security, comply with law, or act on your instructions.

13. Children

StackFlow is not intended for children under 13, or under the minimum age of digital consent in the user’s jurisdiction where that age is higher. If you believe a child has provided personal data to StackFlow in violation of this policy, contact us and we will review the request.

14. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal data. No system can promise absolute security, and you should also protect your own device, account, and sign-in methods.

15. Changes to this policy

We may update this Privacy Policy when the product, law, or service providers change. If we make a material change, we will update the date at the top of this page and, where appropriate, provide additional notice in the app, on the website, or by email.

16. Contact

For privacy questions, access or deletion requests, or other data-rights questions, contact privacy@stackflow.life.

For general product support, contact support@stackflow.life.

1. 运营主体与适用范围

StackFlow 由 Hangdong Guo 运营。本政策适用于 StackFlow iOS App、StackFlow 官网、支持沟通、账号 管理、订阅处理，以及当前产品中的 AI 规划与洞察功能。

本政策覆盖你直接提供给我们的信息、你在使用 App 或网站过程中产生的信息，以及我们为了运行服务而从 Apple、 Supabase 等服务提供方接收的信息。

2. 我们收集的信息

根据你实际使用 StackFlow 的方式不同，我们可能会收集以下类型的信息：

• 账号与身份信息。 例如邮箱地址、Sign in with Apple 标识、认证状态、账号状态、绑定的登录方式，以及维持登录所需的会话相关标识。
• 档案与健康管理信息。 例如姓名、年龄、身高、体重、市场、目标、关注方向、饮食偏好、提醒偏好和其他用户主动填写的设置。
• 补剂与 routine 数据。 例如 supplement stack、时间段、补剂选择、自定义条目、规划结果、交互摘要、打卡记录以及相关备注。
• 感受与反馈数据。 例如 feeling logs、自由文本备注、主观身体反馈，以及你为追踪 routine 体感而输入的其他内容。
• AI 功能输入与输出。 当你主动请求 AI 规划、解释或洞察时，我们可能会处理相关档案、routine、备注以及生成的 AI 输出。
• 标签扫描与 OCR 数据。 如果你选择扫描补剂标签或从相册选择标签图片，StackFlow 可能会访问你的相机或相册，在本地设备上运行 OCR，并把识别出的文本、OCR 行和相关元数据发送到后端，用于产品或配方匹配。
• 通知与提醒数据。 例如通知偏好、stack 提醒设置、本地提醒调度状态，以及和提醒有关的其他设置。
• 订阅与交易数据。 例如产品标识、权益状态、续订状态、恢复购买结果，以及 Apple 通过 App Store 和 StoreKit 提供的其他订阅状态信息。我们不会从 Apple 收到你的完整银行卡号。
• 支持沟通信息。 例如你发送给 support 或 privacy 邮箱的内容、你选择附带的截图或附件，以及我们处理请求所需的信息。
• 技术与服务信息。 例如 App 版本、系统版本、设备特征、时间戳、错误上下文、安全日志，以及为保证服务稳定和安全所必需的诊断信息。
• 网站与浏览器信息。 在官网场景下，我们可能会处理标准请求元数据，以及语言偏好这类必要的浏览器本地存储信息。当前官网不按第三方广告或跨站追踪站点模式来描述。

3. 我们如何收集信息

• 由你直接提供。 例如创建账号、完善档案、添加补剂、记录感受、联系支持，或主动请求 AI 功能时。
• 通过设备权限与 App 使用行为收集。 例如当你授予相机、相册或通知权限，或当 App 在本地保存提醒设置时。
• 通过你使用的第三方服务接收。 例如 Apple 提供 Sign in with Apple 或订阅状态信息，Supabase 提供认证与会话基础设施。
• 在正常运行中自动生成。 例如为运行服务而生成的安全、错误、性能或运营日志。

4. 我们如何使用信息

我们会在符合法律要求和本政策描述的前提下使用个人信息，以便：

• 创建和维护你的账号，完成身份认证，并在多次打开 App 之间保持会话连续性；
• 存储、同步并展示你的补剂 routine、档案、stack 结构、历史记录、备注与感受数据；
• 提供你主动请求的规划、解释与洞察功能；
• 在你使用扫描功能时处理标签文本和 OCR 匹配；
• 安排或执行你选择开启的提醒设置，包括本地通知；
• 校验并反映 Apple 提供的订阅或权益状态；
• 回复支持或隐私请求；
• 监控稳定性、防止滥用、调查事件，并保护服务和用户安全；
• 履行税务、审计、会计、反欺诈、记录保存等法律义务；以及
• 在符合本政策的前提下改进服务。

5. AI 功能、标签扫描与 OCR

StackFlow 包含 AI 辅助的规划、解释与洞察功能。当你主动调用这些功能时，我们可能会把生成结果所需的最小相关 档案、routine、备注和产品上下文数据发送给当前 AI 服务提供方 Google Gemini。

StackFlow 也提供补剂标签扫描流程。当前 App 中，OCR 先使用 Apple Vision 在设备本地完成，再把识别出的文本 和相关元数据发送到后端，用于产品匹配。当前 OCR 链路以提取后的文本、OCR 行和元数据为主，而不是把它描述为 一个通用的云端图片托管流程。

6. 我们如何共享信息

我们不会出售个人信息，也不会把你的个人信息用于第三方跨上下文行为定向广告。我们仅会在以下情况下披露个人信息：

• 向帮助我们运行 StackFlow 的服务提供方披露。 这包括认证与账号基础设施、AI 处理、订阅处理、托管、官网分发、网络防护，以及其他类似业务运行所需的服务提供方。
• 当前服务提供方包括。 Supabase 用于认证和账号基础设施，Google Gemini 用于你主动调用的 AI 功能，Apple 用于 Sign in with Apple 和 App Store 订阅，Railway 用于后端托管，Vercel 用于官网托管，Cloudflare 在启用时用于 DNS、CDN、网络防护或对象存储相关服务。
• 法律、安全或执行需要。 在合理必要时用于遵守法律、响应合法请求、调查欺诈或滥用、保护权利与安全。
• 业务转移。 如果 StackFlow 发生重组、收购或转让，相关信息可能作为交易的一部分被转移，但会受适用法律约束。

7. 跨境传输

你的信息可能会在我们或服务提供方所在的其他司法辖区被处理。因此，你的信息可能会被传输到并在你所在国家或地 区之外处理。

在适用法律要求跨境传输保障措施的情况下，我们会尽力采用适当的合同、组织和技术措施。但跨境传输本身仍然有风 险，尤其是在当地法律保护水平和你所在地区不一致时。

8. 我们保留信息多久

只要你的账号保持活跃，且为实现你请求的服务所合理必要，我们通常会保留账号、档案、routine 和订阅相关数据。

• 账号与 routine 数据通常会保留到你删除账号或请求我们删除数据为止。
• 支持记录可能为了后续沟通、法律或运营原因保留更久。
• 安全、备份、审计和反欺诈记录在合理必要或法律要求时可能保留更长时间。
• 在法律允许范围内，去标识化或汇总后的信息可能会为了服务改进、稳定性复盘、安全分析或类似内部用途而继续保留。

9. 你的选择与权利

根据你所在地区的法律，你可能拥有访问、更正、导出、删除或限制部分处理行为的权利。

• 账号控制。 很多档案、routine 和提醒设置可以在 App 内直接修改。
• 通知。 你可以在 iOS 设置里管理通知权限，也可以在 App 内调整部分提醒偏好。
• 订阅。 你可以在 App Store 账户设置里管理或取消订阅；退款由 Apple 处理。
• 隐私请求。 如果你要请求访问、更正、导出、删除，或需要其他隐私帮助，请写信到 privacy@stackflow.life。
• 网站语言偏好。 网站可能会在浏览器本地保存你的语言选择。

10. 账号删除

StackFlow 支持在 App 内删除账号。你可以在 App 中前往 Settings > About & Help > Delete Account， 也可以写信到 privacy@stackflow.life。

• 我们会尽力在有效请求后的 30 天内完成主要账号数据删除。
• 如果账号绑定了 Sign in with Apple，Apple 可能要求再次验证身份后才能完成删除。
• 删除账号不会自动取消你的 App Store 订阅；订阅仍需在 Apple 端管理。
• 有限的备份、安全、反欺诈、会计或法律要求的记录，在删除完成后仍可能保留更久。

11. 欧盟、英国与瑞士

如果你位于欧盟、英国或瑞士，我们通常会根据具体场景依赖以下一种或多种法律基础：与你履行合同、我们在运行和 保护服务方面的合法利益、你的同意（例如设备权限），以及法律义务。

你可能拥有访问、更正、删除、导出、反对或限制处理个人信息的权利，也可能有权在以同意为基础的情况下撤回同意。 如需行使这些权利，请联系 privacy@stackflow.life。

12. 美国州法与消费者健康数据

如果美国州法隐私规则适用于你，你可能拥有知情、访问、更正、删除、导出个人信息，以及在法律要求下对被拒请求 提出申诉的权利。在适用情况下，你也可以通过经授权代理人提出请求，但我们可能要求核验该代理人确有权代表你行事。

如果补剂 routine、身体指标、打卡或感受日志在适用美国州法下被视为消费者健康数据，我们仅会为提供服务、支持 账号管理、维护安全、履行法律义务或根据你的指示而使用和披露这些数据。

13. 未成年人

StackFlow 不面向 13 岁以下儿童，或在当地法律要求更高年龄门槛时，不面向低于当地最低数字同意年龄的个人。如 果你认为有儿童违反本政策向 StackFlow 提供了个人信息，请联系我们，我们会进行审查。

14. 安全措施

我们会采取合理的管理、技术和组织措施来保护个人信息。但任何系统都无法承诺绝对安全，你也应自行保护设备、账 号和登录方式。

15. 政策更新

当产品、法律或服务提供方发生变化时，我们可能更新本隐私政策。如果更新属于重大变化，我们会修改页面顶部日期， 并在适当情况下通过 App、官网或邮件提供额外通知。

16. 联系方式

如有隐私问题、访问或删除请求，或其他数据权利相关问题，请联系 privacy@stackflow.life。

如有一般产品支持问题，请联系 support@stackflow.life。