Privacy Policy

This Privacy Notice for Alan Zhumabay ("we," "us," or "our") describes how and why we might access, collect, store, use, and/or share your personal information when you use Bapcare and related services.

Bapcare is a mobile wellness app that helps users build a personalized plan for reducing facial puffiness and improving daily health habits. The app may use onboarding answers, face scan photos, nutrition logs, hydration data, activity information, and other wellness inputs to provide personalized routines, progress tracking, reminders, and recommendations.

If you do not agree with our policies and practices, please do not use our Services. If you have questions or concerns, contact us at ozganbajt99@gmail.com.

1. What Information Do We Collect?

Personal information you disclose to us

We collect personal information that you voluntarily provide when you register for the Services, use app features, participate in activities in the Services, or contact us.

• Names
• Email addresses
• Usernames
• Passwords and authentication data
• Profile and account information
• Onboarding answers and wellness preferences

Sensitive information

When necessary, with your consent or as otherwise permitted by law, we may process sensitive information including health data, biometric data, and account login information. Bapcare may process face scan photos and related facial analysis data to provide personalized recommendations and progress insights.

Payment data

If you make purchases, payment data is handled by Apple and RevenueCat. We do not directly store full payment card details. You can review their privacy notices here: Apple Privacy Policy and RevenueCat Privacy Policy.

Application data

If you use our application, we may request permission to access certain device features, including camera access, reminders, push notifications, and other features needed to operate the app. You can change these permissions in your device settings.

Information automatically collected

We may automatically collect device and usage information such as IP address, device characteristics, operating system, language preferences, country, app activity, timestamps, crash data, and other technical information. This information is primarily needed to maintain security, operate the Services, troubleshoot problems, and support internal analytics and reporting.

2. Face Data and Face Scan Photos

Bapcare offers an optional "face scan" feature that lets you take a selfie inside the app to receive personalized facial puffiness and wellness insights. Because face data is sensitive personal information, this section explains exactly what we collect, why, how it is processed, with whom it is shared, and how long it is retained.

What face data we collect

When you use the face scan feature, Bapcare captures a standard two-dimensional facial photograph (a selfie) using your device camera, together with the timestamp of the scan and any wellness inputs you choose to log alongside it (such as hydration, sleep, or food entries).

Bapcare does not use Apple Face ID, the TrueDepth camera, ARKit face geometry, depth maps, or any biometric face-recognition technology. We do not create a face template, faceprint, or unique biometric identifier from your photo, and we do not use face data to identify or authenticate you.

Why we collect it

Face scan photos are used solely to:

• Estimate visible signs of facial puffiness and related wellness indicators (such as zone-by-zone changes versus your own baseline).
• Generate the personalized insights, scores, and recommendations shown to you after each scan.
• Save the scan to your private in-app history so you can compare results over time.

We do not use face photos for advertising, marketing, profiling, identification, or any purpose unrelated to providing the face scan feature to you.

How face data is processed and where it is stored

Each face scan photo is transmitted over an encrypted connection (HTTPS/TLS) to Bapcare's backend servers, where it is stored in association with your account. To produce the wellness analysis you see in the app, the photo is sent to third-party AI providers acting as our data processors. These currently include OpenAI (Vision API, operated by OpenAI, L.L.C., United States) and Google Gemini (operated by Google LLC, United States). Both providers process the photo solely on our behalf to return analysis results, are bound by data-processing agreements that require them to maintain confidentiality and data-protection standards equivalent to those described in this Privacy Notice, and are contractually prohibited from using your face data to train their own models or for any other purpose. The photo is requested to be deleted from the provider's systems on completion of the request, in line with their published API data-retention policies for processor data.

Sharing with third parties

We do not sell face data, do not share it for cross-context behavioral advertising, and do not disclose it to advertisers, data brokers, social networks, or analytics partners. The only third parties that ever receive your face scan photo are the AI processors named above, and only to the extent strictly necessary to perform the analysis you requested. We may also disclose face data if required to do so by law, court order, or valid legal process.

How long face data is retained and how to delete it

Face scan photos and their analysis results are retained until you delete them. You can delete any individual scan from inside the app at any time via your scan history. You can also delete your entire Bapcare account from the in-app Settings, which permanently removes all of your face scan photos and associated analysis data from our servers as soon as the account is deleted. Any transient copies held by our AI processors solely to perform the requested analysis are expired according to their data-retention policies for processor data.

You can additionally request deletion at any time by emailing us at ozganbajt99@gmail.com.

3. How Do We Process Your Information?

We process personal information to provide, improve, and administer the Services, communicate with you, protect our Services, prevent fraud, comply with law, and request feedback.

• To create, authenticate, and manage user accounts.
• To personalize facial puffiness and wellness plans.
• To analyze face scans, nutrition logs, hydration, and habits.
• To send reminders, service messages, and support responses.
• To improve app features, reliability, and user experience.
• To protect the Services and prevent fraud or abuse.
• To comply with legal obligations.

4. What Legal Bases Do We Rely On?

Depending on where you are located, we may rely on consent, legitimate interests, legal obligations, contractual necessity, or vital interests to process your personal information. If we rely on consent, you may withdraw your consent at any time by contacting us.

5. When and With Whom Do We Share Your Information?

We may share personal information with service providers and vendors that help us operate the app, process subscriptions, provide AI analysis, maintain infrastructure, deliver notifications, and provide customer support. We may also share information in connection with business transfers, legal obligations, fraud prevention, or to protect rights and safety.

We do not sell personal information. We do not knowingly share personal information for cross-context behavioral advertising.

6. Do We Offer AI-Based Products?

Yes. Bapcare includes features powered by artificial intelligence that send personal data you provide to third-party AI providers for processing. These features and the data they share are:

• Face scan analysis — the face photo you capture is sent to OpenAI and Google Gemini for puffiness and wellness analysis. See Section 2 for full details.
• Food photo analysis — when you log a meal using a photo (camera or gallery), the food photo is sent to OpenAI (Vision API) and/or Google Gemini to identify the food and estimate calories and macronutrients.
• Food text analysis — when you log a meal by typing a description, the text you type is sent to OpenAI, Google Gemini, and Perplexity to identify the food and look up nutrition information.

The third-party AI providers we use, and where to read their privacy policies, are:

• OpenAI (operated by OpenAI, L.L.C., United States) — OpenAI Privacy Policy.
• Google Gemini (operated by Google LLC, United States) — Google Privacy Policy.
• Perplexity (operated by Perplexity AI, Inc., United States) — Perplexity Privacy Policy.

These providers act as our data processors. They process the data we send only to return the analysis result you requested, are bound by data-processing agreements requiring confidentiality and data-protection standards equivalent to those described in this Privacy Notice, are contractually prohibited from using your data to train their own models, and do not sell or share your data for advertising. Requests are made over encrypted TLS connections and data sent for API processing is retained by the provider only transiently in accordance with their published API data-retention policies.

Before any data is sent to a third-party AI provider for the first time, the Bapcare app shows you an in-app consent dialog that names these providers and explains what will be sent. You may decline the dialog, in which case the AI-powered features will not be used and no data will be sent to those providers. You can also withdraw consent at any time by deleting the app or contacting us at ozganbajt99@gmail.com.

7. How Do We Handle Social Logins?

If you register or log in using a third-party account, such as Google or Apple, we may receive profile information from that provider, such as your name, email address, and account identifier. We use this information to create and manage your account.

8. How Long Do We Keep Your Information?

We keep personal information for as long as necessary to fulfill the purposes described in this Privacy Notice, unless a longer retention period is required or permitted by law. In general, we retain account data for as long as you maintain an account with us.

When we no longer have a legitimate business need to process your personal information, we will delete or anonymize it, or securely store and isolate it until deletion is possible.

9. How Do We Keep Your Information Safe?

We use reasonable organizational and technical safeguards designed to protect personal information, including encrypted transmission, authenticated access, access controls, and secure third-party service providers. However, no electronic transmission or storage technology can be guaranteed to be 100% secure.

10. What Are Your Privacy Rights?

Depending on your location, you may have rights to request access to your personal information, request correction or deletion, request a copy of your data, withdraw consent, object to or restrict certain processing, opt out of certain processing, or appeal a decision about your request.

You can exercise your rights by contacting us at ozganbajt99@gmail.com. We will consider and act upon requests in accordance with applicable data protection laws.

11. Do United States Residents Have Specific Privacy Rights?

Residents of certain US states, including California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia may have additional rights regarding their personal information.

We only collect sensitive personal information for purposes allowed by law or with your consent. We do not collect or process sensitive personal information for the purpose of inferring characteristics about you.

12. Controls for Do-Not-Track Features

Because there is not currently a uniform standard for recognizing or honoring Do-Not-Track browser signals, we do not respond to them at this time. If a standard is adopted in the future, we will update this Privacy Notice.

13. Do We Make Updates to This Notice?

Yes. We may update this Privacy Notice from time to time. The updated version will be indicated by an updated date at the top of this page. We encourage you to review this notice frequently.

14. How Can You Contact Us?

If you have questions or comments about this notice, you may email us at bapkerrizz@gmail.com or ozganbajt99@gmail.com.

15. How Can You Review, Update, or Delete Your Data?

You may request access to the personal information we collect from you, ask us to correct inaccuracies, or request deletion of your personal information by contacting us at ozganbajt99@gmail.com.