LittleYou
Get the app

Privacy Policy

Effective Date: April 22, 2026 · Last Updated: April 22, 2026

This Privacy Policy explains how LittleYou ("we," "us," or "the app") collects, uses, and protects your information when you use our mobile application.

LittleYou is a wellness companion app that helps you build healthy habits through a virtual mascot tied to your real-world sleep, hydration, focus, nutrition, and daily activities.

We take privacy seriously. We collect the minimum amount of data needed to run the app, and we never sell your data or share it with advertisers.

1. Information We Collect

1.1 Information you provide

  • Account information. When you sign in with Google or Apple, we receive your email address and display name from those providers. You also choose a username that appears on the leaderboard. If you use Apple's "Hide My Email" feature, we only receive a private relay address, not your real email.
  • Feedback. If you submit feedback through the in-app form, we store the text of your message along with your user ID (if signed in).
  • Preferences. Settings you configure in the app (alarms, bedtime, focus items, difficulty level, notification preferences, calorie and hydration goals) are stored so the app works the way you set it up.
  • Meal photos (optional). If you use the "LittleAI" meal-scan feature, you capture a photo of your meal with your device camera (or choose one from your photo library). The photo is transmitted to our servers solely for analysis and is not stored on our servers after the analysis completes. See Section 1.4 below for how the analysis works.

1.2 Information collected automatically

  • Usage events. When you interact with the app (opening it, setting an alarm, completing a focus session, scanning a meal, dismissing an alarm, purchasing premium, etc.), we log these events to understand how LittleYou is used and improve it.
  • Engagement metrics. Your streaks (alive streak, focus streak, hydration streak, wake streak), mascot health, recent sleep duration averages, average calories, and similar summary statistics are associated with your account for leaderboard, analytics, and personalization.
  • AI usage counters. Each time you successfully run a LittleAI meal scan, we record the event (user ID + timestamp only, not the photo or the analysis result) so we can enforce the daily scan cap (10/day free, 30/day premium) and apply a global service-wide rate limit. No meal content, nutrition data, or image data is stored server-side as part of this counter.
  • Device information. App version, platform (iOS/Android), device language, and time zone.
  • Approximate location. When usage events are sent to our analytics provider, your approximate country/region is derived from your IP address by the analytics provider's servers. We do not access GPS or precise location.
  • Purchase information. If you subscribe to LittleYou Premium, subscription status and purchase history are tracked by our subscription management provider (RevenueCat). Apple and Google handle the actual payment. We never see your card number, bank details, or billing address.

1.3 Information stored only on your device

Some data stays entirely on your phone and is never transmitted to our servers:

  • Journal entries. The text of your diary entries is stored locally and never leaves your device.
  • Detailed sleep, hydration, focus session, and task history. Only summary statistics are sent to our servers; full day-by-day history stays local.
  • Meal analysis results. The detected meal name, calorie estimate, macronutrients, ingredient list, and A to E nutrition grade returned by the LittleAI scan are stored only on your device. They are never uploaded to our servers.
  • Meal photos. Full-resolution meal photos are stored locally for 60 days and then automatically deleted from your device. A small (128-pixel) thumbnail is retained locally so your meal history remains visual after the original is purged. Neither version is uploaded to our servers for storage.

1.4 How LittleAI meal scanning works

When you tap the meal-scan camera button, the following happens:

  1. You take or choose a photo of your meal.
  2. The photo is transmitted over HTTPS/TLS to our edge server.
  3. Our edge server forwards the photo to OpenAI (our AI subprocessor) for visual nutrition analysis.
  4. OpenAI returns a structured JSON result with detected dish name, calorie estimate, macronutrient breakdown, ingredient list, and an A to E nutrition grade.
  5. The result is sent back to your device and stored locally.
  6. Neither the photo nor the analysis result is kept on our servers. The only record of the scan on our side is a timestamped rate-limiting entry tied to your user ID (see Section 1.2).

OpenAI does not train its models on data submitted via the API per its API Data Usage Policy.

2. How We Use Your Information

We use the information we collect for these purposes:

  • App functionality. To authenticate you, save your preferences, sync your streaks to the leaderboard, deliver notifications, run AI meal analysis, enforce subscription and rate limits, and process purchases.
  • Analytics. To understand how people use LittleYou, measure feature adoption, compute retention, identify bugs, and plan new features.
  • Personalization. To show you relevant content such as your own stats, your place on the leaderboard, premium-gated features, streak history, and meal-history tips.
  • Customer support. To respond to feedback you submit through the app.
  • Security and fraud prevention. To protect user accounts, enforce per-user and global AI usage limits, and maintain the integrity of the leaderboard (e.g., anti-cheat checks on submitted stats).

We do not use your information for advertising or marketing, and we do not share your information with advertisers or data brokers. Meal photos are used solely for one-shot nutrition analysis and are discarded immediately after processing.

3. Third-Party Services

LittleYou uses third-party services that process some of your information on our behalf, including Google and Apple (sign-in, push delivery, in-app purchases), RevenueCat (subscription management), our analytics provider, Supabase (backend), and OpenAI (AI meal photo analysis).

Each of these providers has its own privacy policy, which applies to their processing of your information. We recommend reviewing those policies if you are concerned about any specific provider. In particular, for the AI meal scan feature, see OpenAI's privacy policy at openai.com/policies/privacy-policy.

4. Data Retention

  • Account data is retained for as long as your account is active. If you delete your account through the in-app "Delete Account" option, your data is permanently removed from our servers within 30 days.
  • Usage and analytics data is retained for up to 24 months in our analytics provider for trend analysis. You can request earlier deletion by contacting us.
  • AI rate-limiting entries (timestamped records of meal scans) are retained for 30 days, which is long enough to enforce the 24-hour usage cap and maintain fraud-prevention audit trails. These entries never contain photos, analysis results, or any meal content.
  • Meal photos. Full-resolution meal photos stored on your device are automatically purged 60 days after capture. 128-pixel thumbnails are kept locally for as long as the corresponding meal entry exists in your history. You can delete individual meal entries at any time from within the app.
  • Meal analysis data (names, calories, macros, grades) stored on your device is retained until you delete the corresponding meal entry, clear the app, or delete the app.
  • Feedback messages are retained indefinitely for reference and product improvement, unless you request deletion.
  • Purchase records are retained for as long as required by tax and accounting laws (typically 7 years).

5. Your Privacy Rights

Depending on where you live, you have some or all of the following rights regarding your personal data:

  • Access. Request a copy of the personal data we hold about you.
  • Correction. Ask us to correct inaccurate data.
  • Deletion. Ask us to delete your account and associated data. You can do this directly in the app via Settings → Delete Account, or by contacting us.
  • Portability. Request a copy of your data in a machine-readable format.
  • Objection. Object to certain types of processing, such as analytics.
  • Withdraw consent. Where processing is based on consent, you can withdraw consent at any time.

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR).

If you are in California, United States, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect and the right to request deletion. We do not sell personal information as defined under these laws.

To exercise any of these rights, contact us at support@littleyou.net.

6. Deleting Your Account

You can delete your account at any time from within the app:

  1. Open LittleYou.
  2. Go to Settings.
  3. Tap Delete Account.
  4. Confirm the deletion.

When you delete your account, we remove your profile, leaderboard entries, friendship records, feedback messages (if linked to your account), AI rate-limiting entries, and game scores from our servers within 30 days. Your locally-stored data (journal entries, session history, meal entries, meal photos and thumbnails) is removed when you uninstall the app. You can also wipe local data without deleting your account by using the in-app "Reset" option in Settings → Advanced.

7. Children's Privacy

LittleYou is not directed at children under the age of 13 (or 16 in certain EU member states). We do not knowingly collect personal information from children under that age.

The LittleAI meal-scan feature, which processes photos of food through a third-party AI service (OpenAI), is intended only for users 13 years of age or older. Parents and guardians are responsible for supervising their children's use of the app.

If you believe a child under the applicable age has provided us with personal information, please contact us and we will remove the information.

If you are between 13 and 18 (or the age of majority in your country), you should use LittleYou only with the permission of a parent or guardian.

8. Data Security

We use industry-standard security measures to protect your information, including:

  • HTTPS/TLS encryption for all data transmitted between the app, our servers, and our AI subprocessor.
  • Row-Level Security policies on our database to ensure users can only access their own data.
  • Separate, restricted access to sensitive columns (push tokens, friend codes) via server-side functions.
  • Atomic per-user and global rate limits on AI meal scans, enforced at the database level, to prevent abuse.
  • Automatic account protection including rate limiting and anti-cheat validation on leaderboard submissions.

No system is 100% secure. We cannot guarantee absolute security, but we work continuously to protect your information.

9. International Data Transfers

LittleYou is operated globally. Your information may be transferred to and processed in the United States (where our backend and AI providers are located) and other countries that may have different data protection laws than your home country.

By using LittleYou, you consent to the transfer of your information to these countries. Where required by law, we rely on Standard Contractual Clauses or other approved mechanisms to ensure your data is protected during these transfers. Our AI subprocessor (OpenAI) is covered under its own Data Processing Addendum, which we have accepted as part of our API terms.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, new features, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you in the app.

Your continued use of LittleYou after changes are posted constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions about this Privacy Policy, our data practices, or your rights, please contact us at:

Email: support@littleyou.net

We will respond to requests within 30 days (or 45 days for complex requests).