Privacy Policy
Effective date: 2026-05-30 Version: privacy-v1
Suvant is built on a single principle: your data belongs to you, not us. This policy explains plainly what we collect, why, and how you can delete it at any time.
1. Who we are
Suvant ("we", "us", "our") is a web-based personal improvement service at app.suvant.com. Contact: privacy@suvant.com.
2. What we collect and why
Account data
- Email address — to identify your account, send receipts, and send deletion confirmations.
- Name (optional) — for your account display.
- Password hash (argon2, one-way) — to authenticate email/password sign-in.
- Google account (OAuth refresh token, encrypted at rest) — if you sign in with Google.
Biometric data (facial features)
When you use the audit feature you upload 3 selfies. These photos are biometric information under the Illinois BIPA, the Washington My Health MY Data Act, and similar state laws. We handle them as follows:
- Stored encrypted (AES-256-GCM) in a private Google Cloud Storage bucket, never publicly accessible.
- Processed by OpenAI's vision API (training-excluded; OpenAI is a disclosed subprocessor) to produce 8 numeric scores and an honest assessment. The image is never stored by OpenAI after the API call completes.
- Optionally (only if you opt in), one photo is sent to OpenAI's image API to generate an illustrative "after you" transformation image. This is off by default and governed by the AI Transformation Policy; if you opt in, the generated image is stored in your private bucket and automatically deleted about a day later (the same minimization window as your selfies), or sooner on account deletion or request.
- The raw selfie files are automatically deleted within 30 days of your audit completing, or immediately on account deletion, whichever comes first.
- The 8 numeric category scores and derived text are retained while your subscription is active so you can track progress over time.
- We will never sell, lease, trade, or profit from your biometric data.
- We will never share your biometric data except with OpenAI as a subprocessor for the processing steps above.
A separate, explicit consent step is required before any selfie is accepted. See our Biometric Policy for the full disclosure.
Subscription and billing
- Stripe processes all payments. We store your Stripe customer ID and subscription status but never your raw card number.
Usage data
- Audit scores and quest progress — to power your dashboard and track improvement over time.
- Analytics events — aggregated funnel events (e.g. "reached audit screen") sent to our backend and to Microsoft Clarity (session replay, masked on biometric screens) and Google Analytics 4. These never include selfie pixels or raw audit scores.
- Attribution data — UTM parameters and advertising click IDs captured when you arrive from an ad, used to measure which campaigns are working. We use our own Meta/Facebook Conversion API endpoint; your hashed email is sent to Meta only when a purchase event fires.
3. How we use your data
We use your data to:
- Provide and improve the Suvant service.
- Run the GPT-4o vision audit on your uploaded selfies.
- Track your quest progress, XP, streaks, and levels.
- Process and manage your subscription via Stripe.
- Send transactional emails (receipts, deletion confirmations) via Postmark.
- Comply with legal obligations.
We do not use your data for:
- Selling or licensing to any third party.
- Training AI models (OpenAI API is training-excluded).
- Advertising targeting beyond the conversion measurement disclosed above.
4. Data retention
| Data type | Retention |
|---|---|
| Selfie photos (raw) | Deleted within 30 days of audit, or on account deletion |
| Audit numeric scores | Retained while subscription active; deleted on account deletion |
| Biometric consent records | Retained for your account lifetime + 4 years (legal hold) |
| Billing records | Retained per Stripe and tax law requirements |
| Account data | Deleted on account deletion request |
5. Your rights
You have the right to:
- Access all data we hold about you via "Download my data" in Account > Privacy.
- Delete your selfies without closing your account via "Delete my photos" in Account > Privacy.
- Delete your account and all data via "Delete my account" in Account > Privacy.
- Withdraw biometric consent at any time; this will trigger immediate photo deletion.
- Request deletion by email at privacy@suvant.com if you cannot sign in (magic-link erasure flow available at the deletion page).
Requests are fulfilled within 30 days for GDPR/CCPA purposes. Biometric deletion requests are fulfilled within 72 hours.
6. Geographic restrictions
Suvant is designed for adult users in the United States and general international markets. Users in the European Union, United Kingdom, and European Economic Area are not permitted to complete a purchase at this time. This restriction is documented and will be revisited as we expand.
7. Security
We use AES-256-GCM encryption at rest for sensitive fields, TLS for all data in transit, and Google Cloud KMS for selfie bucket key management. Access to the selfie bucket is restricted to the backend service account; no human employee has direct access to raw selfie files.
8. Subprocessors
| Subprocessor | Purpose | Data shared |
|---|---|---|
| OpenAI (API) | Vision audit + optional "after you" image generation | Selfie images (not retained per API terms) |
| Google Cloud (GCS) | Selfie storage | Encrypted selfie files |
| Neon (Postgres) | Database | Account and progress data |
| Stripe | Payment processing | Email, billing info |
| Postmark | Transactional email | Email address |
| Google Analytics 4 | Funnel analytics | Hashed user ID, events (no biometrics) |
| Microsoft Clarity | Session replay | Masked UI interactions (biometric screens excluded) |
| Meta (CAPI) | Conversion measurement | Hashed email on purchase only |
9. Contact
For privacy questions or to exercise your rights: privacy@suvant.com.