Privacy Policy

Last updated: November 10, 2025

  1. Introductory

Hey Apps LLC (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy (“Policy”) explains how we collect, use, disclose, and safeguard information when you use the Hey Supplement mobile application (the “App”).

By using the App, you acknowledge that you have read, understood, and agreed to this Policy.

This Policy applies to all users worldwide who are eighteen (18) years of age or older. The App is not intended for children or minors under this age.

When we refer to personal data (or personal information), we mean any information relating to an identified or identifiable individual, as defined by applicable privacy laws (including GDPR, CCPA, and other regional regulations).

This Policy forms an integral part of the Terms of Use for Hey Supplement. If you have questions about this Policy or our data practices, please contact us at support@heyapps.co.


2. Personal Information We Collect

We collect only the minimum amount of personal information necessary to operate and improve the App.

The information we collect falls into the following categories:

1. Information You Provide
When you scan or upload an image of a supplement or vitamin product, the image is transmitted securely to our AI processing partner, OpenAI, solely to generate an informational response.

  • OpenAI acts as our data processor, under strict confidentiality and security obligations.

  • Images are not stored on our servers and are not linked to any user identity.

  • Your scan history remains stored locally on your device and can be deleted at any time by removing the App.

  • Information automatically collected

2. Information Collected Automatically
When you use the App, we and our service providers automatically collect certain technical data, such as:

  • Device information (model, operating system, version)

  • Log and diagnostic data (crash reports, usage patterns)

  • General location (derived from IP address)

  • Transaction and subscription metadata

This information is used solely to maintain performanceensure reliability, and improve the user experience.

3. Payment and Subscription Information
All payments are handled through Apple’s In-App Purchase system.
Our subscription management partner, RevenueCat, receives only limited technical identifiers (for example, device ID and subscription token) to verify and manage your access.

  • We do not collect or store your credit card data, Apple ID credentials, or any payment details.

4. Information from Third Parties
We may receive aggregated, anonymized analytics from third-party tools used to monitor performance and detect errors.

  • These reports cannot identify you personally and are used exclusively for technical improvement.

3. How We Use Personal Information

We use the information we collect only for legitimate, clearly defined purposes that are necessary for the App to function securely and reliably. We do not use or sell personal information for advertising or marketing.

  1. To Provide and Operate the App
    We process limited data to deliver the App’s core functionality. When you upload or scan an image of a supplement, it is temporarily processed through our trusted AI partner, OpenAI, to generate an informational response. The content is not retained, not shared, and not linked to your identity.

  2. To Maintain and Improve Performance
    We use aggregated and anonymous analytics to understand how users interact with the App, detect technical issues, and enhance stability and feature quality.

  3. To Manage Purchases and Subscriptions
    We process limited subscription metadata through RevenueCat and Apple In-App Purchase to confirm entitlement status, prevent fraud, and ensure your access to paid features. We do not handle your payment details.

  4. To Ensure Security and Prevent Misuse
    Technical logs may be used to identify bugs, detect unauthorized use, protect system integrity, and respond to potential security incidents.

  5. To Comply with Legal Obligations
    We may retain or disclose limited information if required by law or legitimate government request. Any such processing is performed in accordance with applicable privacy regulations.

  6. To Support Research and Development
    We may use de-identified and aggregated data for internal statistics and performance research to improve our algorithms and user experience. Such data cannot identify you personally.

4. Legal Bases For Processing (Pursuant to Applicable Law)

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or any other jurisdiction that requires a lawful basis for data processing, we process your personal data under one or more of the following legal grounds:

  1. Performance of a Contract – when processing is necessary to provide and operate the App, fulfill your subscription, or deliver core features.

  2. Legitimate Interests – to maintain App functionality, improve performance, prevent misuse, ensure security, and perform analytics, provided that such interests are not overridden by your rights and freedoms.

  3. Consent – when you voluntarily upload content (e.g., images for analysis) or when local law requires your explicit consent. You may withdraw consent at any time by discontinuing the use of such optional features.

  4. Legal Obligations – when processing is necessary to comply with applicable laws, regulations, or lawful governmental requests.

  5. Other Bases Permitted by Law – when processing is otherwise authorized by relevant privacy legislation.

    For residents of the United States, including California, Virginia, Colorado, Connecticut, and Utah, we process personal information in compliance with applicable state privacy laws. We do not sell or share personal data as defined under these laws.

5. Data Sharing And Disclosure

We do not sell, rent, or trade personal information. We share data only in limited and clearly defined circumstances, as described below. All third-party providers act under written agreements that require them to maintain the same level of privacy and security as we do.

1. Service Providers (Data Processors)
We may share limited information with trusted third-party service providers that support the operation and maintenance of the App, including:

  • OpenAI – for secure, temporary image processing to generate informational results. OpenAI acts solely as our data processor and is bound by confidentiality and non-retention obligations.

  • RevenueCat – for managing subscription verification and entitlements. RevenueCat receives only minimal identifiers (e.g., subscription token) and does not access personal payment data.

  • Apple Inc. – for processing In-App Purchases and subscription payments. Apple acts as the payment processor and controller of your Apple ID information under its own Privacy Policy.

  • Analytics or Infrastructure Providers – for crash reporting, diagnostics, and performance monitoring, using de-identified data only.

2. Legal Requirements
We may disclose limited information if required to comply with applicable laws, lawful court orders, or governmental requests. Any disclosure is carefully reviewed to ensure compliance with privacy and data protection standards.

3. Business Transfers
In the event of a merger, acquisition, restructuring, or sale of assets, your information may be transferred as part of that transaction, subject to this Policy and applicable privacy safeguards.

4. Aggregated or De-Identified Data
We may share statistical or aggregated data that cannot reasonably identify any individual, for purposes such as performance analytics or market research. Such information does not contain personal identifiers.

6. Data Retention And Security

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy or as required by law. Most App data is temporary and stored locally on your device, giving you full control over deletion.

1. Data Retention

  • Scan images processed through OpenAI are not stored on our servers and are deleted automatically after generating the response.

  • Subscription and transaction metadata managed through RevenueCat and Apple In-App Purchase are retained only as long as needed for verification, billing, and fraud prevention.

  • Aggregated analytics and diagnostic data are kept in a non-identifiable form for internal reporting and service improvement.

  • When information is no longer required, it is securely deleted or anonymized.

2. Security Measures
We implement industry-standard administrative, technical, and physical safeguards to protect your personal data from unauthorized access, loss, misuse, or alteration.
These include encryption in transit, secure cloud infrastructure, strict access controls, and continuous monitoring.

While we take reasonable precautions to safeguard your information, no security system is completely impenetrable. If you believe your data has been compromised, please contact us immediately at support@heyapps.co.

3. Data Storage and International Transfers
Data may be processed and stored in the United States or other jurisdictions where our service providers operate.
For users in the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms approved by the European Commission to ensure equivalent data protection standards.

7. Your Rights And Choices

Depending on your location, you may have certain rights and choices regarding how your personal data is used. Because Hey Supplement does not maintain individual user accounts, most data can be managed or deleted directly on your device.

1. Access, Correction & Deletion
You may request access to, correction, or deletion of personal data that we hold.

  • Data stored locally on your device (such as scan history) can be deleted at any time by removing the App.

  • If you contact us regarding data handled by our processors (e.g., OpenAI or RevenueCat), we will coordinate deletion through those partners as permitted by law.

2. Opt-Out of Analytics & Tracking
You may limit analytics or tracking on iOS via:
Settings → Privacy & Security → Tracking,
and by disabling “Allow Apps to Request to Track.”
Hey Supplement does not track users for advertising or behavioral targeting purposes.

3. Withdrawal of Consent
When you voluntarily upload or scan images, you provide consent for that specific use. You can withdraw consent at any time by discontinuing those optional features.

4. Rights Under Applicable Law
Depending on your jurisdiction, you may have additional rights such as:

  • Data portability (receive a copy of your information in a machine-readable format);

  • Object to processing or restrict certain uses;

  • File a complaint with a data protection authority.

5. U.S. State Privacy Rights
Residents of certain U.S. states—including California, Virginia, Colorado, Connecticut, and Utah—may exercise rights under state privacy laws.
We do not sell or share personal information as defined by those laws.
To make a request, contact us at support@heyapps.co and include the state in which you reside.

8. Children's And Age Restrictions

The App is intended only for adults aged eighteen (18) years and older.

We do not knowingly collect, store, or process personal information from anyone under this age. If you are under eighteen (18), you must not use or access the App.

If we learn that we have inadvertently collected personal information from a minor, we will delete such data promptly.

Parents or legal guardians who believe that their child may have provided information through the App may contact us at support@heyapps.co to request removal.

By using the App, you confirm that you are at least eighteen (18) years old and have the legal capacity to enter into agreements in your jurisdiction.

9. International Data Transfer

We may transfer, process, and store information outside your country of residence, including in the United States, where our infrastructure and certain service providers (such as OpenAIRevenueCat, and Apple Inc.) operate.

These locations may have data protection laws that differ from those of your jurisdiction. Whenever we transfer personal data internationally, we implement appropriate legal and technical safeguards to ensure that your information remains protected to the same standard required by applicable privacy laws.

For users located in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission; and

  • Other lawful transfer mechanisms recognized under GDPR and UK GDPR.

All third-party processors are required by written contract to process data solely on our instructions, maintain confidentiality, and implement security controls consistent with international standards (such as ISO 27001 or equivalent).

By using the App, you acknowledge and agree that your data may be transferred and processed in countries outside your own, subject to these safeguards.

10. Contact Information And Updates

Hey Apps LLC

Email: support@heyapps.co

Website: https://heyapps.co/supplements

We may update this Privacy Policy periodically to reflect legal, operational, or technical changes.
When updates are made, the “Last updated” date at the top of this document will be revised.

If material changes are made, we will provide notice through the App or other reasonable means before they take effect.
Your continued use of the App after such updates constitutes your acknowledgment and acceptance of the revised Policy.

For questions, requests, or complaints regarding this Policy or our data practices, please contact us using the email above.
We will make every reasonable effort to respond promptly and resolve any issues in accordance with applicable privacy laws.


From San Francisco with ♥️

© Hey Apps 2025