Privacy Policy

Washington residents: Sunkind processes consumer health data covered by the Washington My Health My Data Act (RCW 19.373). Please also read our separate Consumer Health Data Privacy Policy.

What we collect

Contact information (from Sign in with Apple)

When you sign in with your Apple ID, Apple may share your name and a real or privately-relayed email address. You control which from the iOS sign-in prompt; if you choose “Hide My Email,” we only ever see a relay address. We use your email to identify your account and send transactional notifications (account or payment confirmations). We do not send marketing email.

Identifiers

Before you sign in, Sunkind generates a random anonymous device identifier stored in your iPhone’s Keychain. When you sign in, it’s linked to your Sunkind user ID so your onboarding answers carry over. These scope your data on our servers, identify your subscription, and group your analytics events. We do not use the iOS Advertising Identifier (IDFA) and we do not track you across other apps or websites.

Onboarding answers

• your Fitzpatrick skin type, from a short quiz (a UV-response classification, not racial or ethnic data)
• your tanning goals (build a base, vacation prep, year-round, etc.)
• your “tan-by” vacation date, if you enter one
• pain points and preferences you select during the flow

Tan session history

When you time a session or log sun exposure, we store the timestamp, duration, the UV index at the time, your approximate (city-level) location, and any self-reported skin response. We use this to show your history, calculate progress, personalize recommendations, and send timely reminders.

Tan progress photos (Pro)

If you add selfies to your tan journal, they are stored only on your device(in the app’s private storage) along with the date and an on-device shade reading. We do not upload your tan-journal photos to our servers, do not use them for advertising, do not share them, and do not use them to train AI. Because they never leave your iPhone, only you have them: deleting a photo (or your data) in the app removes the file, and deleting the app removes all of them.

If you choose to share a progress photo or a before/after comparison, it leaves your device only when and where you send it, through the standard iOS share sheet — you control the destination. You can optionally hide your face in shared images.

Skin scan (optional AI analysis)

If you use the optional AI skin scan, Sunkind captures a photo and sends it to OpenAI to estimate your skin tone and skin type so we can personalize your tan plan. The scan photo is not stored by Sunkind — it is transmitted solely to produce your result, and we do not save the image to our servers or your account. We have configured our use of the OpenAI API so that your image is not used to train OpenAI’s models. Only the resulting skin-type/tone estimate is saved to your account. The result is a personalization estimate, not a medical diagnosis; the skin scan is optional, and you can use the quiz-based skin type instead.

Location

With your permission, Sunkind uses your approximate (city-level) location to fetch UV data from Apple WeatherKit and to log session location. We do not request precise GPS location and do not track your movement. Revoke it anytime in iOS Settings → Privacy & Security → Location Services → Sunkind.

Purchase status

RevenueCat verifies your Sunkind Pro subscription status with Apple. It receives your Sunkind user ID and purchase receipt, not your name, email, or payment details. Payments are processed by Apple — we never see your card information.

Product analytics

We use PostHog to understand how Sunkind is used — which screens convert, where users get stuck, which features help. Events are tied to your user ID and contain things like screen views, taps, and funnel completions. We do not sell or share this with advertisers, data brokers, or any third party outside of PostHog (our analytics processor).

Push notification token

If you allow notifications, we store an Apple Push Notification service (APNs) token so we can deliver session reminders, UV alerts, and vacation countdowns. Revoke anytime in iOS Settings → Notifications → Sunkind.

Performance data

We may log anonymous performance metrics (such as onboarding render times) through PostHog to improve the app.

Crash diagnostics

We do not use a third-party crash SDK. Crash reports reach us only through Apple’s built-in crash reporting, and only when you’ve opted in to share diagnostics with developers in iOS Settings. Apple anonymizes them before they reach us.

Apple Health data

If you grant permission, Sunkind logs tan sessions to Apple Health as Sun Exposure workouts. Apple Health data does not leave your device through Sunkind. We write Sun Exposure workouts into Apple Health on your iPhone; we do not transmit Apple Health data to our servers, to RevenueCat, to PostHog, or to any third party. The session metadata we store (duration, UV index, location) is derived from your in-app activity, not read from Apple Health.

Apple’s HealthKit framework requires both read and write purpose strings in the app bundle even when only one is used. Sunkind requests write-only HealthKit authorization at runtime; the read string exists only because Apple requires it. Revoke access anytime in iOS Settings → Privacy & Security → Health → Sunkind.

Tracking

Sunkind does not track you across other apps or websites. We do not use the IDFA, do not share data with ad networks or data brokers, and do not sell or share your personal information as defined under the CCPA or other state privacy laws.

Where your data is stored

• Supabase, Inc. (US) — database (account, onboarding answers, tan session history, push tokens), with row-level security tied to your user ID. Tan progress photos are not stored here — they stay on your device.
• RevenueCat, Inc. (US) — subscription status from your user ID and Apple receipts; no name, email, or payment details.
• PostHog, Inc. (US) — product analytics events tied to your user ID.
• Apple Inc. (US) — Sign in with Apple, WeatherKit (which receives approximate location for UV lookups), the Apple Push Notification service, and the on-device HealthKit framework.
• OpenAI (US) — receives your skin-scan photo only when you use the optional AI skin scan, solely to return a skin-tone/type estimate. The image is not stored by Sunkind and is not used to train OpenAI’s models.

We follow industry-standard security practices: encrypted transit (HTTPS / TLS 1.2+), at-rest encryption in Supabase, row-level security tied to your user ID, secret storage in Apple Keychain on your device, and access controls with audit logging for staff accounts.

How long we keep your data

• Account, onboarding answers, and tan session history: retained while your account exists; deleted within 30 days of account deletion. See Deleting your account.
• Tan progress photos: stored only on your device for as long as you keep them; removed when you delete them in the app, delete your data, or delete the app. We hold no server copy.
• Subscription state (RevenueCat): retained for the life of the subscription plus seven years after the final transaction for tax and accounting requirements.
• Product analytics (PostHog): retained for 12 months, then automatically deleted.
• Push tokens: retained while valid; stale tokens removed automatically.

Your choices

• Delete your data: in-app Settings → Delete My Data, or see Deleting your account. You can also email hello@foxtide.co.
• Health, location, notifications: revoke each in iOS Settings as described above.
• Cancel your subscription: iOS Settings → Apple ID → Subscriptions → Sunkind.

California residents (CCPA / CPRA)

In the past 12 months we have collected these categories of personal information from California residents:

• Identifiers: Apple-relayed (or real) email, name if shared, Sunkind user ID, anonymous device ID, APNs token
• Commercial information: subscription and purchase events via RevenueCat
• Internet activity: screen views, taps, and funnel events via PostHog
• Geolocation: approximate (city-level) location for tan sessions and UV lookups
• Visual information: tan progress selfies you save to your journal (Pro), which stay on your device and are not transmitted to us; and optional skin-scan photos, which are sent to OpenAI for analysis and not stored
• Sensitive personal information: health-related data including your Fitzpatrick skin type (a UV-response classification, not racial or ethnic data), tan session history, UV exposure logs, and self-reported skin response

We do not use or disclose your sensitive personal information for any purpose other than providing the Sunkind service you requested. We do not use it to infer characteristics for marketing, advertising, or cross-context behavioral profiling, so we are not required to provide a “Limit the Use of My Sensitive Personal Information” link — but you may still exercise that right by emailing hello@foxtide.co.

We do not sell or share your personal information as defined by the CCPA / CPRA. PostHog is a contractual service provider; it does not use Sunkind data for its own purposes or for cross-context behavioral advertising.

Your rights include the right to know, delete, correct, limit sensitive PI, opt out of sale/sharing (we do neither), non-discrimination, and to opt out of automated decision-making producing legal or similarly significant effects (we do none). Email hello@foxtide.co; we acknowledge within 10 business days and substantively respond within 45 days.

Global Privacy Control. Sunkind is iOS-native and does not present web content where browser GPC signals apply. If we add web flows, we will honor GPC.

Shine the Light (Civ. Code § 1798.83). We do not disclose your personal information to third parties for their direct marketing.

EU, UK, and EEA residents (GDPR / UK GDPR)

Foxtide LLC is the data controller. Reach us at hello@foxtide.co. Legal bases:

• Providing the service (account, onboarding, sessions, push tokens): contract performance, Art. 6(1)(b).
• Health-related data (skin type, session and UV logs): explicit consent, Art. 9(2)(a). You consent by voluntarily entering it and can withdraw anytime by deleting your account or emailing hello@foxtide.co. Tan-journal photos stay on your device and are not processed by us; Apple Health data itself is not transmitted to our servers (see above). We continue to strengthen the in-app consent UX for special-category data.
• Subscriptions (user ID, purchase events): contract performance, Art. 6(1)(b).
• Product analytics (screen views, taps): legitimate interests, Art. 6(1)(f). Object anytime via hello@foxtide.co.
• Legal obligations (tax records): Art. 6(1)(c).

Your rights: access, rectification, erasure, restriction, objection, portability, and withdrawal of consent. Email hello@foxtide.co; we respond within one month.

International transfers. Our processors (Supabase, RevenueCat, PostHog, Apple) are in the US. We rely on the EU-US Data Privacy Framework where certified, and EU Standard Contractual Clauses with the UK Addendum where not. Copies available on request.

EU / UK representatives (Art. 27). We will appoint representatives before distributing Sunkind in those storefronts; until then, EU and UK residents may contact hello@foxtide.co directly.

Other US state privacy rights

Residents of states with comprehensive privacy laws (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) have rights to confirm, access, correct, delete, port, and opt out of sale/sharing. We do not sell your data, share it for cross-context behavioral advertising, or profile in ways producing legal or similarly significant effects. Email hello@foxtide.co.

Other state consumer-health-data laws

Residents of Washington (RCW 19.373), Nevada (SB 370), and Connecticut (§ 42-515 et seq.) have specific consumer-health-data rights. See our Consumer Health Data Privacy Policy. Email hello@foxtide.co to exercise any of them.

AI features and training

The optional AI skin scan sends your photo to OpenAI’s API solely to generate a skin-tone/type estimate; the image is not stored by us and is not used to train OpenAI’s models. Apart from that real-time analysis, we do not collect, use, or sell your personal data — including your tan photos — to train large language models or other AI systems, our own or a third party’s.

Children

Sunkind is intended for adults and is not directed to children under 13. We do not knowingly collect data from anyone under 13 (COPPA). If you believe a child under 13 has used Sunkind, contact hello@foxtide.co and we will delete the data.

Changes

We may update this policy. We’ll revise the date above and, for material changes — especially to health data — notify you in the app and, where required, ask for fresh consent.

Contact

Questions? Email hello@foxtide.co.

Foxtide LLC · Sunkind · iOS