This Privacy Policy describes how the HeightMax mobile app ("HeightMax", "we", "us") collects, uses, and shares
your information. It applies to the iOS app published under Apple ID com.antnee.heightmax.
| Data | How collected | Why | Retention |
|---|---|---|---|
| Photo you choose or capture | You explicitly pick or take it after we ask permission, and you agree to the in-app AI-consent prompt before it is uploaded. | To score perceived height, posture, framing, and proportions, and to generate an enhancement preview and style recommendations. | Not stored on our servers. Held only in memory for the duration of the request to Google's Gemini API. |
| Random anonymous device ID | Generated on-device the first time you open the app and saved in app storage. | To count your monthly free analyses, store your purchase entitlement, and de-duplicate analytics events. It is not linked to your Apple ID, email, name, or device identifiers. | Stored on your device until you uninstall HeightMax. Reset by uninstalling and reinstalling the app, which generates a new anonymous ID. |
| Analysis result (score, recipe, recommendations) | Returned to the app by our backend. | Shown to you on the Results screen and stored locally on your device. | Held on your device only. Deleted when you uninstall the app or clear app storage. |
| Quota records | Created server-side when you run an analysis. | To enforce the monthly free-analysis limit. | Anonymous ID + month + count, kept for up to 13 months for quota enforcement, then deleted. |
| Anonymous analytics events | Logged when you take key actions (e.g. start analysis, complete analysis, view paywall). We strip any keys that look like file paths or URLs before logging. | To understand which flows work and which break. Used in aggregate only. | Stored in our Supabase database keyed by your anonymous ID, retained up to 13 months. |
| Purchase state | Sent by Apple's StoreKit to RevenueCat when you buy or restore an unlock. | To confirm whether you've purchased the Lifetime, Weekly, or Single-photo unlock so we can deliver the entitlement. | Retained by RevenueCat per their policy. We receive only "entitled" or "not entitled" plus product identifier. |
| Crash reports (optional) | Collected automatically by Sentry if and only if the build was compiled with Sentry credentials. | To diagnose crashes. | Retained by Sentry per their policy. Contains a stack trace and device class, never your photo or your anonymous ID. |
HeightMax shares the data above with a small set of service providers strictly to deliver the app. Each provider is bound by a written data-processing agreement and provides protections equivalent to those described here.
| Provider | What they receive | Their role | Policy |
|---|---|---|---|
| Google LLC (Gemini API) | The single photo you chose, plus the prompt we send. | Runs the AI analysis and returns scores, recipe, and recommendations. Google's paid-API terms prohibit the use of your content to train Google's models. | ai.google.dev/gemini-api/terms |
| Supabase Inc. | The request payload while it is in flight (photo, anonymous ID), plus the stored quota row and analytics events. | Hosts the backend Edge Function and Postgres database that proxy requests to Google and store quota/events. | supabase.com/privacy |
| RevenueCat, Inc. | The StoreKit purchase token and your anonymous ID as an "app user ID". | Validates Apple receipts and tells the app whether you are entitled to the unlock. | revenuecat.com/privacy |
| Functional Software, Inc. d/b/a Sentry (optional) | Crash stack traces and device class — only when the build is compiled with Sentry credentials. | Aggregates crash reports for our triage. | sentry.io/privacy |
| Apple Inc. | In-app purchase transactions and standard App Store telemetry. | Operates the App Store and StoreKit. | apple.com/legal/privacy |
Before HeightMax sends any photo to Google's Gemini API, the app shows you a disclosure sheet that names Google as the AI processor, lists exactly what is sent (your chosen photo plus your random anonymous device ID), and states the retention policy above. You must tap "Agree and continue" for the photo to be sent. Tapping "Not now" cancels the request and no data is transmitted. Your consent decision is stored locally.
To withdraw consent, uninstall the app or contact us at the email below; we will mark your anonymous ID for deletion from our quota and events tables on the next reconciliation run.
HeightMax is rated 4+ and is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has used the app and you would like us to delete their anonymous ID, contact us.
Depending on where you live (including under the EU/UK GDPR and the California CCPA), you may have the right to request a copy of the personal data we hold about you, to correct it, to delete it, or to object to certain processing. Because we identify you only by an anonymous device ID that is not exposed in the app, please email us at the address below from the device you use HeightMax on, and include the approximate date and time of a recent analysis. We will use that timestamp plus your iOS region/locale to locate the matching anonymous ID in our quota and analytics tables, confirm with you, and then action your request. We will respond within 30 days.
We do not sell or "share" personal information for cross-context behavioral advertising, as those terms are defined under the CCPA.
All traffic between the app and our backend is encrypted with TLS. Photos are transmitted as base64 inside HTTPS request bodies and are never written to disk on our servers. Stored data (anonymous IDs, quota rows, analytics events) is encrypted at rest by Supabase.
Our backend runs on Supabase infrastructure in the United States. Google's Gemini API processes data on Google infrastructure that may include locations outside your country. By using HeightMax, you consent to your data being transferred to these jurisdictions, subject to the protections described here.
We may update this policy. We will change the "Effective" date above and, for material changes, present an in-app notice the next time you open the app.
Privacy questions, deletion requests, or other concerns: lachhman.anthony@gmail.com.
© 2026 Anthony Lachhman.