← Back to Scan Dose

Privacy Policy

Last updated: April 8, 2026

What we collect

When you use Scan Dose, we collect:

  • Your email address (for account creation and login)
  • Supplement label images you scan (processed in real-time, not stored permanently)
  • Health profile data you optionally provide (goals, sensitivities, medications)
  • Journal check-in entries you submit
  • Basic usage analytics (page views, scan counts)

How we use your data

  • To analyze supplement labels and provide scores
  • To personalize ingredient flags based on your health profile
  • To track your wellness journal entries and generate insights
  • To send you verification codes for login
  • To process your subscription payments via Stripe

What we do NOT do

  • We do not sell your personal data to third parties
  • We do not share your health profile with advertisers
  • We do not permanently store your supplement label images
  • We do not use your data to train AI models

Wearable device data (Oura Ring, WHOOP)

If you connect a wearable device, we access the following daily summary scores via the device's official API:

  • Oura Ring: Sleep score, readiness score, HRV, resting heart rate, steps, active calories, temperature deviation, stress/recovery indicators
  • WHOOP: Recovery score, sleep performance, strain, HRV (RMSSD), resting heart rate, average/max heart rate, kilojoules burned

We store only aggregated daily scores in our database, not raw sensor data. This data is used solely to correlate your supplement usage with your health metrics. You can disconnect any device and delete all stored wearable data at any time from the Connected Devices page.

Third-party services

We use the following services to operate Scan Dose:

  • Stripe for payment processing
  • Resend for transactional email
  • Vercel for hosting
  • Neon for database hosting
  • OpenAI for supplement label analysis
  • Oura for wearable health data (only if you connect your ring)
  • WHOOP for wearable health data (only if you connect your band)

Each service has its own privacy policy and processes only the minimum data required.

Data retention

Your account data is retained as long as your account is active. You can request deletion of your account and all associated data by emailing us.

Cookies

We use a single httpOnly session cookie (dose_session) for authentication. We do not use tracking cookies or third-party advertising cookies.

Contact

For privacy questions or data deletion requests, contact us at ben@scandose.com.