This policy covers Zisper ("the App", "we", "us"), operated by David Britz, a natural person established in Germany, reachable at geronimo20023@gmail.com. We are the controller of your personal data under Article 4(7) of the EU General Data Protection Regulation (GDPR).

This policy is drafted to comply with EU/UK GDPR, the German BDSG, the California Consumer Privacy Act (as amended), the Washington My Health My Data Act, the FTC Health Breach Notification Rule, and Apple's App Store requirements. If you live in Washington State, please also read our Consumer Health Data Privacy Policy.

The short version

• You speak or type what you ate and how you worked out; we turn that into nutrition and training numbers.
• Your voice is sent to OpenAI in the USA for transcription; the text is sent to Google in the USA for parsing and to generate your insights. Both hold the data for up to 30 days and then delete it; neither trains their models on your data.
• Your account and history are stored in Supabase on AWS.
• We never sell your data. We show no ads. We do not track you.
• You can export or delete everything at any time in Settings.
• We are not a doctor. Zisper is not a medical device and gives no medical advice.

1. Who we are

David Britz, sole operator, Germany. Postal address available on request at geronimo20023@gmail.com. We have not appointed a Data Protection Officer — this is assessed under Article 37 GDPR as not currently required for a sole-operator service of our scale.

You have the right to lodge a complaint with a supervisory authority. For Germany this is your Bundesland's data protection authority. For the UK this is the ICO (ico.org.uk).

2. What we collect and why

We collect only what is necessary to run the app. Each data type is mapped to a specific lawful basis under GDPR Article 6 (and Article 9 for health data).

• Email + password hash — to authenticate you. Art 6(1)(b) contract.
• Date of birth (year only) — to verify minimum age at signup. Art 6(1)(c) legal obligation.
• Body weight, daily calorie/protein/sugar totals, body notes (energy, sleep, pain, mood), meal logs, workout logs, voice recordings of meal/workout descriptions — to operate the Service. This is Art 9 special-category health data under GDPR; we process it on the basis of your explicit consent (Art 9(2)(a)) given at signup via a clearly labelled, non-pre-ticked checkbox separate from the Terms of Service.
• IP address, user-agent, Supabase session cookie — to deliver the app and prevent abuse. Art 6(1)(b) contract + Art 6(1)(f) legitimate interest in service integrity.
• Consent records (timestamp, IP hash, consent version) — to prove you agreed. Art 6(1)(c) + Art 7 accountability.

3. What we do NOT collect

We do not collect precise geolocation, contacts, financial information, advertising identifiers, or your browsing history. We do not integrate with Apple HealthKit.

4. Who we share your data with

Each processor is contractually bound by a signed Data Processing Agreement (GDPR Art 28). None sells your data. None trains AI models on your data.

• Supabase Inc. (USA/EU) — database, auth, storage — privacy / DPA
• Vercel Inc. (USA) — hosting — DPF-certified — privacy
• OpenAI, L.L.C. (USA) — voice transcription (Whisper) — DPF-certified — enterprise privacy
• Google LLC (USA) — natural-language parsing and insight generation (Gemini) — DPF-certified — privacy
• Open Food Facts (France) — barcode lookup (no personal identifiers)

We do not share your data with advertisers, data brokers, analytics vendors, or social networks.

International transfers

US transfers rely on the EU-US Data Privacy Framework adequacy decision (Art 45 GDPR) where the importer is certified, plus Standard Contractual Clauses (Commission Implementing Decision 2021/914) as a fallback. Re-verify DPF status at dataprivacyframework.gov.

5. AI processing

Zisper relies on AI at three points: OpenAI Whisper (USA) transcribes your voice; Google Gemini (USA) extracts meals, weights, workouts, and body notes from voice transcripts and typed text; and Google Gemini (USA) also generates the personalised insights shown on the Analytics tab from your aggregated meal, workout, and body history. Neither OpenAI nor Google is used to train models on your data (OpenAI per its enterprise privacy policy for API traffic; Google per the Gemini API terms for paid API usage). AI does not make decisions with legal or similarly significant effects on you (GDPR Art 22 does not apply). You have the right to human review — edit any meal, weight, or note in the app, or email us. Before any AI call, the app shows an explicit consent notice at the point of use; you can withdraw consent by deleting your account in Settings. Because all logging and insights depend on AI, Zisper cannot function without it — barcode scanning remains available for a subset of meal logging, but voice, text parsing, and insights stop working once consent is withdrawn.

6. Retention

• Your account and history — for as long as your account exists.
• Raw voice audio — deleted immediately after transcription. OpenAI and Google hold copies up to 30 days before deletion (we have applied for Zero Data Retention on Whisper).
• Soft-deleted records — 7 days, then hard-deleted.
• Backups — old backups age out within 90 days of hard-deletion.
• Consent records — 3 years after consent is withdrawn or account deleted (accountability, Art 7 GDPR).
• Inactive accounts — warning email at 24 months, deletion at 36 months.

7. Your rights

Under GDPR and UK GDPR you have the right to:

• Accessyour data — use "Export my data" in Settings.
• Correct inaccurate data — edit in the app, or email us.
• Delete your data — use Settings → Danger Zone → Delete account.
• Restrict processing — email us.
• Portyour data — use "Export my data".
• Object to legitimate-interest processing — email us.
• Withdraw consent — toggle off in Settings → Privacy.
• Lodge a complaint with your supervisory authority.

We respond within 30 days (extendable by 60 days with reason).

Washington residents have additional rights — see the Consumer Health Data Privacy Policy.

California residents: Zisper does not currently meet the CCPA thresholds that make it a regulated business. We honour the same rights voluntarily. We do not sell or share personal information (in the CCPA sense), and we do not use sensitive personal information except to provide the Service.

8. Children

Zisper is not directed to children. You must be at least 16 years old. We verify at signup via a date-of-birth entry and reject signups from users under 13. If we learn a younger user has signed up, we delete the account and data within 7 days. We do not sell or share minors' data.

9. Security

TLS in transit, encryption at rest, Row-Level Security on every database table, service-role keys stored server-side only, rate limits, private repository. No system is perfect. If a breach affects you, see Section 10.

10. Breach notification

We notify our supervisory authority within 72 hours if a breach is likely to risk your rights (GDPR Art 33). We notify you directly if the risk is high (Art 34). We notify the US Federal Trade Commission within 60 days as required by the Health Breach Notification Rule.

11. Cookies

Zisper uses one cookie: the Supabase authentication session cookie. It is strictly necessary, so it does not require consent (ePrivacy Directive Art 5(3), German TDDDG §25). We use no analytics or advertising cookies.

12. Not medical advice

Zisper is a wellness and tracking app. It is not a medical device and does not provide medical advice. Calorie and protein estimates are approximations produced by AI and may be inaccurate, especially for branded or homemade foods. Consult a qualified healthcare professional before making medical, dietary, or pharmaceutical decisions.

13. Changes

We will post new versions of this policy at this URL and update the "Last updated" date. Material changes (new data types, new processors) trigger an email to registered users at least 14 days before the change takes effect.

14. Contact

geronimo20023@gmail.com

Full audit-ready version of this policy and the underlying compliance research live in the legal/ folder of our source repository.