Privacy Policy

this privacy policy explains what information quill collects, how we use it, who we share it with, how long we keep it, and what rights you have. it applies to quill (the imessage product, the web dashboard at this site, and the marketing pages), operated by peacock bloom llc (“peacock bloom”, “we”, “us”).

if you have questions, email quill.fitnesslogger@gmail.com.

1. who we are

peacock bloom llc operates quill. for purposes of the california consumer privacy act and similar state laws, peacock bloom is the “business” (or controller) responsible for the personal information described here.

2. what we collect

we collect only the information we need to deliver the service to you. concretely, that’s:

2.1 contact and identity

• phone number (the imessage number you sign up with — this is also the key we use to find your records)
• name (the first name or display name you give during onboarding)
• email address, only if you contact us at quill.fitnesslogger@gmail.com or otherwise provide one

2.2 profile and biometric information

• age range (e.g., “25–34”) — we do not ask for your exact date of birth
• sex (female / male / prefer not to say)
• height
• weight (current weight + your weight-log history over time)
• activity level, goal (lose, maintain, build, etc.), and target weight
• timezone

2.3 dietary and health-related information

this is information you choose to give us so quill’s suggestions reflect what you actually eat and any limits you have:

• dietary restrictions (e.g., vegetarian, gluten-free, kosher)
• cuisine preferences
• self-reported health conditions (e.g., diabetes, high blood pressure, thyroid condition)

some of this is “sensitive personal information” under california’s privacy law. we use it only to deliver the service to you (e.g., to flag foods that interact with a condition you told us about). see your rights in section 9.

2.4 food logs and messages

• food descriptions you send and the parsed calorie, macro, fiber, sugar, and meal-type values our ai produces
• weight readings you report
• recent message history (the last several user/assistant turns are retained so quill can understand follow-ups like “make it 2 portions”)
• edits and corrections you make to a previous log (kept as an append-only audit trail so we can roll back errors)

2.5 photos

when you send a photo of a meal, we fetch the image, forward it to our ai provider for analysis, and discard it. we do not store the photo itself. only the parsed structured result (description, calories, macros) is saved to your log history.

2.6 payment information

when you subscribe, our payment processor (stripe) handles your card information directly. we never see or store your card number, cvv, or full bank account information. what we do receive and store is your stripe customer id, subscription id, plan type, billing status, and trial-end date.

2.7 account-security artifacts

• hashed login pins (we never store the pin itself; the hash auto-expires after 10 minutes)
• hashed session tokens for the dashboard (with a 30-day rolling expiry)
• ip address and user-agent string when a session is created (used for fraud and abuse prevention and rate limiting)

2.8 telemetry and analytics

• request-stage logs of the imessage pipeline; phone numbers in these logs are partially redacted to the last 4 digits (e.g., ***1234)
• per-call token-usage records for our ai provider, used for cost auditing
• product analytics through posthog (page views, navigation, feature usage). on the onboarding phone-number screen, the input field is explicitly masked from session replay so your phone number is not captured as keystrokes
• vercel hosting metrics and speed insights

3. what we do not collect

we do not collect your exact date of birth, your contacts, your real-time location, your camera roll, your card number, or any biometric identifier (face geometry, fingerprint, voiceprint, etc.).

4. how we use your information

we use your information to:

• provide the service — parse your meals, track your weight and goals, and reply to your messages
• operate the dashboard, your charts, and the welcome flow
• process subscription payments and prevent payment fraud
• send you transactional service messages (replies to your texts, payment receipts, security pins, important account notices)
• diagnose bugs, debug pipeline issues, and measure how the product is working
• prevent abuse, spam, and security incidents
• comply with our legal obligations

we do not use your photos or messages to train ai models — our or anyone else’s. we do not sell your personal information. we do not share your personal information with anyone for cross-context behavioral advertising.

5. how ai processing works

when you send a message or photo, we send the contents to google’s gemini api to classify your intent, extract calorie and macro estimates, and generate coaching responses. the request is governed by the google ai/gemini api terms applicable to paid api customers, which prohibit google from using your inputs to train google’s general-purpose models. nothing about this turns google into your healthcare provider; google is a software vendor we use, the same way we use a database vendor or a hosting vendor.

6. third parties that process your information for us

we work with the following service providers (called “subprocessors” in some laws). they only see what they need to do their job, and only for as long as we need them to:

• sendblue — delivers our imessage messages. sees your phone number and message content.
• google (gemini) — runs the ai models that classify, parse, and respond. sees the content you send (including food photos) and the structured profile context we attach.
• supabase — primary database and auth tables. stores everything we keep about you.
• stripe — payments. sees your card details (we don’t) and a phone-keyed reference id.
• vercel — hosting, performance metrics (vercel speed insights), and platform analytics (vercel analytics).
• posthog — product analytics and session replay. session replay records dashboard interactions for product debugging; the onboarding phone input is masked.

all of these are u.s.-based services, and your data is stored and processed in the united states. we do not currently offer the service in regions that require eu-style data-transfer instruments.

7. sale and sharing of personal information

we do not sell your personal information, and we do not share it for cross-context behavioral advertising (the two specific terms used in the california privacy law). we have not done so in the preceding 12 months. if that ever changes, we will update this policy and (for california residents) provide an opt-out before the change takes effect.

8. how long we keep your information

we keep your account data while you have an active subscription and for a reasonable period after you cancel so we can re-activate you if you come back. specifically:

• profile and food logs — kept as long as your account is active. we add to your food and weight logs over time rather than overwriting, so your history stays continuous. you can request deletion any time (see section 9).
• message history — we retain the recent turns needed for context. older messages are not used by the service and you can request deletion of all of it.
• auth pins — auto-expire 10 minutes after creation.
• session tokens — 30-day rolling expiry. deleted when you sign out.
• billing records — kept for at least the period required by tax and consumer-protection law (typically 3–7 years).
• consent records — kept for at least 3 years per california’s auto-renewal law.
• routine system backups — expire on their normal schedule, generally within 30 days.

9. your privacy rights

we extend the following rights to all quill users, regardless of where you live:

• right to know — request a summary of the personal information we have about you and how we use it.
• right to access and portability — request a copy of your data. the dashboard already lets you download your food logs as a csv; for the rest, email us.
• right to delete — text the word DELETE in reply to a recent log to remove that single log; or email quill.fitnesslogger@gmail.com with subject “delete my account” for full deletion. we will fulfill full-deletion requests within 45 days (extendable to 90 if needed; we will tell you).
• right to correct — email us if any data on file is wrong; you can also correct individual food logs by texting a correction to quill.
• right to limit use of sensitive personal information — applies to your self-reported health conditions. we already use that information solely to deliver the service. if you object to even that use, email us; we will stop using your health-condition data and your service will lose the condition-aware features.
• right to opt out of sale or sharing — not applicable, because we do not sell or share your personal information.
• right to non-discrimination — we will not refuse, downgrade, or charge differently for your service because you exercised a privacy right.

california residents under 18. california business and professions code § 22581 gives minor users the right to request removal of content they posted. text or email us with the relevant detail and we will remove it.

to exercise any of these rights, email quill.fitnesslogger@gmail.com from the email you registered with or text the relevant request from your registered phone number; we use those as the verification step. you may use an authorized agent (with proof of authorization).

10. children

quill is not intended for anyone under 13. we do not knowingly collect personal information from children under 13. if we learn we have, we will delete it. if you are a parent or guardian and believe a child under 13 is using quill, contact us at quill.fitnesslogger@gmail.com.

quill may be used by minors aged 13–17 with parental or guardian supervision and consent, as required by our terms of service.

11. cookies and similar technologies

our website uses a small number of cookies and similar technologies — primarily for product analytics through posthog and for performance through vercel. we do not use third-party advertising cookies and we do not allow ad networks to track you on the quill site.

you can control cookies through your browser settings. blocking analytics cookies will not affect your ability to use quill.

12. session replay

we use posthog session replay on the web dashboard to debug bugs and improve the product. replays capture your interactions with the dashboard interface (clicks, navigation, scrolling). on the onboarding phone-number screen, the phone input is explicitly masked so we never see the keystrokes. you can request that we exclude your account from session replay by emailing us.

13. security

we take reasonable measures to protect your information, including transport-layer encryption (tls) for data in transit, encrypted storage at rest in supabase, hashing of pins and session tokens, server-side-only handling of service-role credentials, and rate limiting on authentication endpoints. no system is perfectly secure; if we ever experience a breach affecting your information, we will notify you and the relevant regulators as required by law.

14. data location

quill is operated from and stored in the united states. if you access quill from outside the u.s., you consent to your information being transferred to and processed in the united states.

15. changes to this policy

we may update this policy. if a change is material, we will notify you at least 30 days before it takes effect, by imessage to your registered number or by email if we have one. the “last updated” date at the top of this page tells you when the current version became effective.

16. contact

questions, complaints, or rights requests:

peacock bloom llc
[BUSINESS_ADDRESS]
quill.fitnesslogger@gmail.com