1. What we collect
When you buy a license: • Email address (to deliver the license code) • Transaction ID and amount (for accounting, refunds, support) • IP address and User-Agent (anti-fraud, debugging) • Payment method metadata from OxaPay (we never see card numbers or wallet contents)
When you accept the agreement: • Versions of documents you accepted • Timestamp • IP and User-Agent (legal evidence) • Stored in consent_log table
When you use the app (locally on your device, NOT sent to us): • Your tasks, notes, food entries, transactions, workouts • Athena chat history • Settings, preferences, photos All of this lives in localStorage on your phone. We do not have a copy.
When you submit a support ticket: • Name, email, message text • Auto-detected device info (Android version, app version) • Sent to our Telegram support channel
2. What we do NOT collect
• Your AI chat content (it goes directly from your device to Claude/Gemini/GPT using YOUR API key) • Photos you take in SnapEat (stored locally, sent only to your chosen AI for analysis) • Phone contacts, location, microphone, camera (unless you snap a photo) • Browsing history outside the app • Cross-app tracking identifiers • Advertising IDs
We do not use third-party analytics SDKs, Facebook Pixel, Google Analytics, or any behavioral tracking.
3. Where data is stored
Supabase (EU region) — transactions, licenses, consent log, email bounces, ios_backers. Hosted on AWS.
Resend — only the email address + license code at the moment of sending. Resend retains delivery metadata for 7 days.
OxaPay — payment processor sees your wallet/card data. We see only their callback (amount, status, track_id).
Telegram — support tickets and admin alerts go to our private support channel.
Your device — everything else stays local (tasks, AI chat, settings, photos).
4. Your rights (GDPR / CCPA)
You can request at any time: • A copy of your data we store on our servers • Correction of inaccurate data • Deletion of all server-side data (transaction history will be kept for 6 years for tax compliance — anonymized) • Restriction of processing • Data portability (export as JSON)
Email support@prime-os.site with the subject "Data request". We reply within 30 days.
For app-local data (tasks, AI chat, photos): you fully control it. Settings → "Export data" produces a JSON. Settings → "Delete account" wipes localStorage on your device.
5. AI providers (BYOK model)
PRIME OS uses Bring-Your-Own-Key (BYOK). You bring your own API key from Claude (Anthropic) / Gemini (Google) / GPT (OpenAI) / Grok (xAI) / Perplexity / Kimi.
Your key is stored on YOUR device, AES-encrypted in localStorage. We never receive it.
When you chat with Athena, your message + chat history + (optionally) photo go DIRECTLY from your device to the AI provider. We do not proxy, log, or store this traffic.
The AI provider has its own privacy policy that applies to your data. Check their terms before using.
6. Cookies
Landing site uses 2 cookies: • admin_session — httpOnly Secure cookie for admin panel access (only if you log into /admin) • No advertising or tracking cookies The app itself does not use cookies — only localStorage.
7. Data retention
Transactions: 6 years (tax compliance requirement).
Consent log: 6 years (legal evidence).
Email bounces: 1 year (after resolution).
Admin sessions: 7 days (auto-expire).
iOS backers list: until iOS release + 90 days (for thank-you fulfillment).
Support tickets: 1 year.
8. Children
PRIME OS is intended for users 16 and older. We do not knowingly collect data from children under 16. If you believe a child under 16 has provided us data, email support@prime-os.site for deletion.
9. Changes
We may update this Privacy Policy. The version number at the top changes. When you next open the app, you will be asked to accept the new version. We log your acceptance in consent_log.
10. Contact
Data controller: PRIME OS (sole developer).
Email: support@prime-os.site
For GDPR / CCPA requests, use the same email with "Data request" in subject.