SunIQ – Vitamin D Tracker

Privacy Policy

Last updated: April 19th, 2026

Overview

This Privacy Policy explains how SafeMe Inc. (“we”, “us”, “our”) collects, uses, and protects your information when you use our SunIQ vitamin D and tanning tracking mobile application and website (suniq.app). By using SunIQ, you agree to the practices described in this policy.

SunIQ is designed as a local-first application. Your health profile, vitamin D intake, supplement and food logs, lab results, and other sensitive information always remain on your device and are never uploaded to our servers. We also offer an optional account-based Cloud Backup feature that backs up a limited set of non-sensitive data (your sun sessions, tanning sessions, and related tan-logging content) so you can restore it if you lose your device or sign in on another device. Sections 1.9, 1.10, and 4 explain how this works.

1. Information We Collect

1.1 Health and Wellness Data (Stored Locally on Your Device Only)

The following information is stored exclusively on your device. It is never transmitted to our servers, whether or not you enable Cloud Backup:

  • Personal profile: Age, weight, skin type, and daily vitamin D & tanning goals.
  • Vitamin D tracking totals: Daily vitamin D levels aggregated from all sources.
  • Supplement intake: Daily supplement records and IU amounts.
  • Food intake: Foods consumed and their vitamin D content.
  • Lab test entries and vitamin D blood level estimates: Any lab results you record, along with any estimated blood-level values the app calculates.

Important: This data is stored exclusively on your device. We do not access or transmit it, and it is not included in Cloud Backup, even if you enable that feature. It leaves your device only if you explicitly export it yourself (for example, using the in-app export tool or emailing us a diagnostic export for support).

1.2 Location Information

We request access to your location (only while using the app) to:

  • Calculate real-time UV index and UVB intensity for accurate vitamin D and tanning estimates.
  • Determine cloud cover and atmospheric conditions to adjust recommendations.
  • Provide location-specific sun safety and tanning guidance.
  • Suggest optimal sun exposure and tanning times based on sunrise/sunset.
    You can disable location access anytime in your device settings; note that disabling may reduce accuracy of calculations and recommendations.

Precise location data is never included in Cloud Backup and is not transmitted to our servers.

1.3 Camera Access

We request camera permission for optional features:

  • Sun Analysis feature: To help you analyze the sun’s current index and position.
  • Tan logging feature: To allow you to take before-and-after photos or videos of your tanning progress.

Photos and videos taken for tan logging are stored on your device. If you create a SunIQ account and enable Cloud Backup, those photos or videos are also backed up to our secure cloud storage so they can be restored on your device or a new device. Photos and videos are encrypted in transit and at rest, are accessible only to your authenticated account, are never shared with other users, and are never used for advertising. SafeMe staff do not access your photos or videos except as strictly necessary to respond to a support request you initiate.

1.4 Device Information

We automatically collect technical data to support app performance:

  • Device type and model (e.g., iPhone 15), operating system version.
  • App version, build, and feature configuration.
  • Time zone and language preferences.
  • Crash reports and performance diagnostics.
  • WeatherKit usage data (e.g., UV index queries).
    This data helps us troubleshoot issues and optimize performance across devices.

1.5 Purchase Information

If you make in-app purchases or subscribe to premium features:

  • Transaction details (purchase date, product ID) and subscription status.
  • Receipt data for validation.
  • Anonymous customer identifiers managed by RevenueCat.
    We do not store credit card or payment credentials directly.

1.6 Notification Settings

If you enable reminders and alerts:

  • Notification preferences (times, frequency).
  • Interaction data (which notifications you act upon).
  • Goal reminders for sun exposure, tanning, and supplement intake.

1.7 Analytics Data

We use Firebase Analytics (Google Analytics for Firebase) to understand how the app is used and to improve it. Firebase Analytics collects:

  • Feature usage metrics (e.g., how often you use sun sessions vs. tanning sessions).
  • Session frequency, duration, and in-app navigation patterns.
  • Screen views and performance data.
  • Device information such as model, operating system version, app version, language, country, and time zone.
  • A pseudonymous app-instance identifier that persists across sessions on your device.

Firebase Analytics does not receive your SunIQ account credentials, your health profile, your supplement, food, or lab data, your tan photos or videos, or your precise location. Analytics data is pseudonymous: it is not tied to your name or email address, but a persistent app-instance identifier allows Google to recognize repeat usage from the same device. You can reset this identifier by reinstalling the app. We do not enable advertising identifier collection (IDFA) for analytics purposes.

1.8 Apple Health Integration (Optional)

With your explicit permission, SunIQ can integrate with Apple Health to:

Read existing data from Apple Health:

  • Your age and weight (if available) to auto-populate your SunIQ profile
  • Existing vitamin D intake records from other apps
  • UV exposure data from other sources
  • Note: We only read the specific data types you approve and only use this data within the SunIQ app

Write data to Apple Health:

  • Your vitamin D intake from sun, food, and supplements
  • Sun exposure session data as UV exposure minutes
  • Tanning session duration and notes

Important Privacy Notes:

  • Each data type requires separate permission that you grant
  • Data read from Apple Health is used only to enhance your SunIQ experience
  • We never access your full Apple Health records or any data types you haven’t specifically approved
  • All Apple Health data syncing occurs locally on your device
  • You can revoke these permissions anytime in iOS Settings > Privacy & Security > Health > SunIQ

1.9 Account Information (Optional)

Creating a SunIQ account is optional. You can continue to use SunIQ without an account, in which case all of your data stays on your device.

If you choose to create an account, we collect and store the following:

  • Email address (if you sign up with email/password)
  • Hashed password: We never see or store your plaintext password.
  • A unique user identifier assigned to your account
  • Account metadata: account creation date, last sign-in time, and authentication method used
  • Sign-in provider identifiers if you choose to use Sign in with Apple or Sign in with Google (e.g., the pseudonymous identifier returned by the provider)

We use this information solely to authenticate you, enable Cloud Backup, recover your account, and communicate with you about your account. We do not use your email address for marketing without your separate consent.

1.10 Cloud Backup (Optional)

If you create a SunIQ account and enable Cloud Backup, a deliberately narrow set of non-sensitive data is backed up to our secure cloud infrastructure so it can be restored if you lose your device or sign in to SunIQ on another device.

What is included in Cloud Backup:

  • Sun session records: session duration, start and end times, and the UV index recorded at the time of the session.
  • Tanning session records: session duration and intensity.
  • Tan-logging photos or videos that you choose to save.
  • Non-sensitive app preferences (for example, units of measurement, notification settings).

What is NOT included in Cloud Backup — always local only:

  • Your personal profile (age, weight, skin type, daily goals)
  • Supplement intake logs and food intake logs
  • Lab test entries and vitamin D blood-level estimates
  • Aggregated daily vitamin D totals
  • Estimated vitamin D generated from any individual session (this value is calculated on your device from your local profile and is not synced)
  • Session notes (any free-text notes you attach to a sun or tanning session)
  • Precise location or GPS coordinates from any session
  • Apple Health data (which remains in Apple’s secure Health ecosystem on your device)

How your backup is protected:

  • Data is encrypted in transit using TLS and encrypted at rest on our cloud infrastructure.
  • Access controls ensure that only your authenticated account can read or write your data.
  • SafeMe staff do not routinely access backup contents and only do so when strictly necessary for security, legal compliance, or to respond to a support request you initiate.
  • Backup data is processed and stored primarily in the United States.

Your control:

  • Disabling Cloud Backup stops further uploads. You can delete your cloud-stored data, your photos/videos, or your entire account from within the app at any time.
  • Deleting your account removes your authentication record and all associated backup data (including photos and videos) from our systems within 45 days, subject to any retention required by law.

2. How We Use Your Information

2.1 To Provide Core Features

  • Estimate vitamin D production and tan development based on UV index, exposure time, and skin type.
  • Track and display daily totals from sun, tanning, food, and supplements.
  • Show progress toward your vitamin D, tanning, and skin health goals.
  • Enable photo-based tan logging and historical comparison.
  • Send personalized reminders and alerts for sun sessions, tanning sessions, and supplement intake.
  • Sync vitamin D and sun exposure data with Apple Health (if enabled)
  • Import existing vitamin D data from Apple Health to avoid duplicate tracking
  • Provide a comprehensive view of your vitamin D intake across all health apps
  • Auto-populate your profile with age and weight from Apple Health (if permitted) to simplify setup
  • Provide more accurate vitamin D calculations using your Apple Health profile data

2.2 To Enhance User Experience

  • Save preferences like skin type, tanning mode settings, and daily goals.
  • Provide interactive charts for vitamin D and tanning progress over time.
  • Suggest optimal times for healthy tanning and sun safety.
  • Offer in-app tips on safe tanning practices and UV protection.

2.3 To Improve Our Service

  • Diagnose and fix bugs using crash reports.
  • Optimize app performance on diverse devices.
  • Analyze feature usage trends to prioritize enhancements.
  • Refine our vitamin D and tanning estimation algorithms.

2.4 Legal Compliance and Protection

We may access, preserve, and disclose your information when we have a good faith belief that doing so is necessary to:

  • Comply with applicable law, legal process, or governmental request
  • Respond to valid subpoenas, court orders, warrants, or other legal demands
  • Protect the rights, property, or safety of SafeMe, our users, or the public
  • Detect, prevent, or address fraud, security, or technical issues
  • Enforce our Terms of Service or investigate potential violations
  • Protect against imminent harm to any person

We will make reasonable efforts to notify you of any legal demands for your information unless:

  • Prohibited by law or court order
  • Notification would create risk of harm or be counterproductive
  • The request relates to an emergency involving danger to any person

3. Third-Party Services

We use the following third-party services to operate SunIQ:

RevenueCat: Manages in-app purchases and subscriptions (anonymous user ID, purchase history).
Privacy Policy: https://www.revenuecat.com/privacy

Apple Analytics: Monitors app performance and crash data (no health or location data).
Privacy Policy: https://www.apple.com/legal/privacy

WeatherKit (Apple): Provides UV index and local weather data (temporary location data for queries).
Privacy Policy: https://www.apple.com/legal/privacy

Apple Health: Optional integration to read/write vitamin D and UV exposure data (data remains within Apple’s secure Health ecosystem).
Privacy Policy: https://www.apple.com/legal/privacy

Google Firebase: SunIQ uses several Firebase services operated by Google LLC:

  • Firebase Authentication, Cloud Firestore, and Cloud Storage power optional account creation and Cloud Backup for users who opt in. Firebase stores your authentication credentials (hashed) and a limited, non-sensitive subset of your activity data (sun and tanning sessions, tan photos or videos, and related items described in Section 1.10). Firebase does not receive your personal health profile, lab results, supplement or food logs, or precise location.
  • Firebase Analytics (Google Analytics for Firebase) collects pseudonymous usage data as described in Section 1.7. Analytics data is used by Google as our service provider to help us understand and improve the Service. We have not enabled advertising features within Firebase Analytics and do not use Firebase Analytics data for targeted advertising.
  • Firebase Crashlytics collects crash reports and diagnostic information when the app crashes or encounters errors. This includes device model, operating system version, app version, a pseudonymous installation identifier, and the technical details of the crash. Crashlytics does not receive your health data, account data, or Cloud Backup contents.
  • Firebase App Check verifies that requests to our backend originate from the legitimate SunIQ app. It uses Apple App Attest device attestation and does not collect information linked to you as an individual.
  • Firebase Remote Config is used to adjust app configuration and feature availability without requiring a new app update. It collects only limited device and locale metadata (country, language, time zone, operating system version) to deliver the correct configuration to your device.

Google acts as a data processor on our behalf under Google’s Data Processing and Security Terms.
Privacy Policy: https://firebase.google.com/support/privacy
Data Processing Terms: https://firebase.google.com/terms/data-processing-terms

Each third-party service operates under its own privacy policy. We encourage you to review their policies to understand how they handle data. We only share the minimum data necessary for each service to function as described above.

4. Data Storage and Security

4.1 Where Your Data Lives

  • Health profile, vitamin D intake, supplements, food logs, lab results, session notes (always local): Stored only in an encrypted SQLite database on your device. Never transmitted to our servers.
  • Sun sessions, tanning sessions, tan photos or videos (local; optionally backed up): Always stored locally. If you create an account and enable Cloud Backup, a copy is also stored on our secure cloud infrastructure, encrypted in transit and at rest.
  • Account credentials: Securely managed by our authentication provider; we do not store plaintext passwords.
  • User preferences: Secure device storage (e.g., Keychain for sensitive settings). Non-sensitive preferences may be backed up via Cloud Backup if enabled.
  • Purchase data: Managed securely by RevenueCat’s servers.
  • Analytics data: Anonymously processed in the United States.
  • Apple Health data: If enabled, stored in Apple’s encrypted Health database on your device.
  • iCloud backups: If you have iCloud backup enabled on your device, your SunIQ data may be included in your encrypted iCloud backup according to Apple’s policies.

Cloud Backup is optional and deliberately narrow. Sensitive information — including your personal profile, supplement and food logs, lab data, session notes, and precise location — never leaves your device, whether or not Cloud Backup is enabled.

4.2 How We Protect Your Data

  • Local encryption: iOS encrypted storage ensures only you can access on-device data.
  • Cloud encryption: If you enable Cloud Backup, data is encrypted in transit using TLS and encrypted at rest on our cloud infrastructure.
  • Access controls: Only your authenticated account can read or write your cloud-stored data.
  • Data minimization: We intentionally exclude sensitive categories — including your health profile, lab results, supplement and food intake, derived health values such as estimated vitamin D generated, and precise location — from Cloud Backup to reduce risk. Where possible, we store only the raw inputs needed to restore your sessions and recompute derived values on your device.
  • Authentication security: Passwords are hashed and managed by our authentication provider; we never see your plaintext password. We recommend using a strong, unique password and, where available, Sign in with Apple or Sign in with Google.
  • Analytics minimization: Analytics data is limited to usage patterns and device characteristics and excludes sensitive categories such as your health profile, lab data, supplement and food logs, and precise location.
  • Purchase security: RevenueCat uses industry-standard encryption and tokenization.
  • Regular updates: We maintain current best practices for iOS and cloud security.
  • Breach notification: In the event of a security incident affecting your personal data, we will notify you and applicable regulators in accordance with applicable law.

4.3 Data Retention

  • On-device data: Retained until you delete specific entries or uninstall the app.
  • Cloud Backup data (if enabled): Retained on our cloud infrastructure for as long as your account exists and Cloud Backup remains enabled. You may delete individual entries or all cloud data at any time from within the app.
  • Account deletion: You may request deletion of your SunIQ account at any time from within the app or by contacting us at [email protected]. Upon receipt of your request, we will acknowledge it and, where necessary to protect against unauthorized deletion, may ask you to verify your identity or confirm the request from the email address associated with your account. Once your request is verified, we will delete your authentication record and all associated Cloud Backup data (including photos or videos) from our systems within 45 days, subject to any retention required by law.
  • Inactive accounts: We may delete accounts that have been inactive for 24 consecutive months, after providing advance notice to the email address on file.
  • Purchase records: Retained as required by subscription management policies.
  • Analytics data: Anonymized and retained for up to 2 years.

5. Legal Bases and Regional Privacy Rights

5.1 Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction that requires a lawful basis for processing personal data, we rely on the following bases:

  • Consent: We rely on your explicit consent to process data you choose to back up via our optional Cloud Backup feature, including any data concerning your health within the meaning of GDPR Article 9. You may withdraw this consent at any time by disabling Cloud Backup or deleting your account from within the app.
  • Performance of a contract: We process account credentials, purchase information, and technical data as necessary to provide the Service you have requested under our Terms of Service.
  • Legitimate interests: We process anonymous analytics, crash diagnostics, and security-related data based on our legitimate interest in maintaining, securing, and improving the Service. These interests are balanced against your rights and freedoms, and you may object to such processing by contacting us at [email protected].
  • Legal obligation: We process and retain certain information as required to comply with applicable law, respond to valid legal process, and enforce our Terms of Service.

Data concerning your health that remains on your device (your personal profile, supplement and food logs, lab results, and aggregated vitamin D totals) is not processed by SafeMe as a controller, as it is not transmitted to or accessible by our systems.

5.2 Regional Privacy Rights

We respect privacy rights under applicable laws. Depending on your location, you may have additional rights:

United States:

The following states have comprehensive consumer privacy laws that may grant you rights including access, correction, deletion, data portability, and the ability to opt out of targeted advertising, sale of personal data, or profiling. Specific rights, thresholds, and remedies vary by state.

  • California (CCPA/CPRA): Rights to know, delete, correct, opt-out of sale/sharing, and limit use of sensitive personal information. We do not sell or share your personal data.
  • Colorado (CPA)
  • Connecticut (CTDPA), including amendments effective January 1, 2026 recognizing Universal Opt-Out Mechanisms
  • Delaware (DPDPA)
  • Indiana (ICDPA), effective January 1, 2026
  • Iowa (ICDPA)
  • Kentucky (KCDPA), effective January 1, 2026
  • Maryland (MODPA)
  • Minnesota (MCDPA)
  • Montana (MCDPA)
  • Nebraska (NDPA)
  • New Hampshire (NHPA)
  • New Jersey (NJDPA)
  • Oregon (OCPA), including amendments effective January 1, 2026 prohibiting the sale of precise geolocation data and enhancing protections for minors under 16
  • Rhode Island (RIDTPPA), effective January 1, 2026
  • Tennessee (TIPA)
  • Texas (TDPSA)
  • Utah (UCPA)
  • Virginia (VCDPA)

State Health Data Laws:

  • Washington (My Health My Data Act): Consumers have rights to confirmation, access, deletion, and withdrawal of consent regarding consumer health data. For details specific to health data, please see our Consumer Health Data Privacy Policy, available at suniq.app/health-data-privacy.
  • Nevada (SB 370): Consumers have rights regarding consumer health data similar to those described above.

European Union/UK (GDPR):

  • Rights to access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, object to processing, and not be subject to automated decision-making.
  • Right to withdraw consent at any time, where processing is based on consent (see Section 5.1).
  • Right to lodge a complaint with supervisory authorities.

Other Jurisdictions:

  • Canada (PIPEDA): Rights to access, correct, and challenge compliance.
  • Brazil (LGPD): Rights similar to GDPR including access, correction, deletion, and data portability.
  • Australia (Privacy Act): Rights to access and correct personal information.

To exercise any of these rights, please contact us at [email protected]. We will respond within the timeframe required by applicable law (typically 30-45 days).

6. International Users

SunIQ operates from the United States. If you use our app elsewhere:

  • Analytics data may be processed in the US.
  • Purchase data may be processed by RevenueCat’s global infrastructure.
  • If you do not create an account, your health, tanning, photo, and video data remain on your device.
  • If you create an account and enable Cloud Backup, the limited data described in Section 1.10 is transferred to and stored on our cloud infrastructure in the United States. For users in the European Union, United Kingdom, or other jurisdictions with cross-border data transfer requirements, such transfers are conducted pursuant to appropriate safeguards, including Standard Contractual Clauses with our cloud processors.
  • Local privacy laws may grant additional rights regarding international transfers of your personal data. For EEA, UK, and other GDPR-covered users, the legal bases described in Section 5.1 and the rights described in Section 5.2 (including the right to object to processing and to lodge a complaint with a supervisory authority) apply to such transfers.

7. Children’s Privacy

  • SunIQ is strictly for users 18 years and older. We do not knowingly collect data from minors.
  • If we identify underage usage, we will promptly delete associated data.

8. App Permissions Explained

  • Location (While Using App): Required for accurate UV and tanning estimates; used only during active sessions. Precise location is not included in Cloud Backup.
  • Camera (Optional): For Sun Analysis and Tan Logging. Photos and videos remain on-device unless Cloud Backup is enabled.
  • Notifications (Optional): For session reminders and goal updates.
  • Health (Optional): Read/write vitamin D and UV exposure data to provide comprehensive tracking across health apps.
  • Account & Cloud Backup (Optional): Create a SunIQ account to back up your sun and tanning session history and tan photos or videos; see Sections 1.9 and 1.10.

9. Website Visitors

9.1 Information We Collect from Website Visitors

When you visit suniq.app, we may collect:

  • Visitor Analytics: Pages viewed, time spent, browser type, device type, and general geographic location (country/city level)
  • Contact Form Data: Name, email address, and any message content you voluntarily provide
  • Technical Data: IP address (anonymized), referring website, and browser information for security and performance

9.2 Cookies and Similar Technologies

Our website uses minimal cookies for essential functions:

  • Cloudflare: Security and performance cookies to protect against attacks and optimize loading speed
  • Google Analytics: Anonymous usage statistics to understand how visitors interact with our site
  • Essential Cookies: Required for basic website functionality and security

You can control cookies through your browser settings. Disabling cookies may affect website functionality.

9.3 How We Use Website Data

We use website visitor information to:

  • Respond to inquiries submitted through contact forms
  • Improve website content and user experience
  • Ensure website security and prevent abuse
  • Analyze traffic patterns and popular content
  • Comply with legal obligations

9.4 Website Data Retention

  • Analytics Data: Aggregated and anonymized, retained for up to 26 months
  • Contact Form Submissions: Retained for as long as necessary to address your inquiry, typically 90 days
  • Security Logs: Retained for 30 days for security monitoring

9.5 Third-Party Services on Website

  • Cloudflare: Content delivery and security (Privacy Policy: cloudflare.com/privacypolicy/)
  • Google Analytics: Website analytics with IP anonymization enabled (Privacy Policy: policies.google.com/privacy)

9.6 Universal Opt-Out Mechanisms and Do Not Track

Our website recognizes Universal Opt-Out Mechanisms, including the Global Privacy Control (GPC) signal, where required by applicable state law. When we detect a valid opt-out signal from your browser, we treat it as a request to opt out of the sale or sharing of personal information and the use of personal information for targeted advertising, to the extent that our processing would otherwise involve such activities. We do not currently sell or share personal data, and we limit website tracking to essential analytics and security purposes only.

9.7 Marketing Communications

If you provide your email through our contact form or newsletter signup:

  • We may send occasional updates about SunIQ features and news
  • You can unsubscribe at any time using the link in any marketing email
  • We never sell or share your email with third parties for marketing

10. Language

This Privacy Policy is written in English. If we provide a translation of this Privacy Policy into any other language, the English version will control if there is any conflict or discrepancy between the English version and the translation. Any translations are provided solely for convenience and are not intended to alter the terms of this Privacy Policy.

11. Changes to This Policy

We may update this policy to reflect new features, legal requirements, or user feedback.
Significant changes will be communicated via in-app notifications, update notices, or email if provided.

12. Contact Us

For privacy inquiries or to exercise your rights:

For account deletion or data access requests, please send your request from the email address associated with your SunIQ account so we can verify the request.

By using SunIQ, you acknowledge that you have read, understood, and agree to this Privacy Policy.