This Privacy Policy explains how Surya Palsam ("we," "us," "our"), the developer of the Trigger mobile application (the "App"), collects, uses, discloses, and protects your information. We are the data controller responsible for your personal data. By creating an account or using the App, you agree to this Policy.
Developer / data controller: Surya Palsam, located in the State of Georgia, United States.
Privacy & data-rights contact: palsamsurya@gmail.com.
We only collect what the App needs to function. The categories below reflect the App's actual features.
| Category | Examples | Why we collect it |
|---|---|---|
| Account data | Email address; authentication credentials (your password is hashed by our auth provider and never visible to us) | To create and secure your account |
| Health & skin data (sensitive) | Skin type, acne severity, medications and supplements you enter, goals, daily logs (skin status, diet, shaving, stress, sleep, barrier symptoms, workouts) | To track your skin and compute trigger correlations and insights |
| Photos (sensitive) | Face/skin photos you choose to capture or upload | To let you track visible changes and to generate AI skin-score estimates |
| AI-derived data | Skin scores, per-zone scores, barrier estimates, and written insights generated from your logs and photos | To show progress and pattern analysis |
| Approximate location (optional) | Coarse device location, only if you enable Auto Weather Tracking | Used once per day to retrieve local weather (humidity, UV, temperature). See §4. |
| Routine data | Products you add and their ingredients | To manage your routine and flag ingredients |
| Device settings | Your notification and tracking toggle preferences (stored on your device) | To honor your preferences |
We do not use your data for advertising, and we do not sell or rent your personal information.
Auto Weather Tracking is off by default. If you turn it on, the App requests your approximate location and sends those coordinates to Open-Meteo (a weather API) to retrieve the current humidity, UV index, and temperature for your area. We store only the resulting weather values alongside your daily log — we do not store your GPS coordinates or build a location history. You can disable this at any time in Settings.
We use a small number of trusted providers to operate the App. They process data only on our behalf and only as needed:
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Cloud database, file storage, authentication, and backend functions | Your account, logs, profile, routine, and photos (stored in a private, access-controlled bucket) |
| Anthropic PBC (Claude AI) United States | AI analysis of photos and log summaries (the "AI features") | The relevant text from your logs (skin status, diet, sleep, stress, routine notes) and — only for photo scoring — the specific skin photo you choose to score. Per Anthropic's commercial terms, this data is used only to return your result, is not used to train their models, and is not sold. Anthropic is contractually bound to protections equivalent to those in this Policy. |
| Open-Meteo | Weather lookup (only if Auto Weather Tracking is enabled) | Approximate coordinates at the time of lookup |
| Apple | App distribution and (if you subscribe) payment processing | Handled by Apple under Apple's privacy policy; we do not receive your payment card details |
Notifications: Reminders are scheduled locally on your device. We do not operate a push-notification server and do not transmit device push tokens.
Some optional features use a third-party AI service to analyze your data. We want to be completely clear about how this works:
| Question | Answer |
|---|---|
| What data is sent? | For trigger analysis and the weekly briefing: the relevant text from your logs (skin status, diet, sleep, stress, and routine notes). For photo scoring: the specific skin photo you choose to score. We do not send your email, password, or precise location. |
| Who is it sent to? | Anthropic PBC, the United States company that makes the Claude AI model. Anthropic acts as our data processor and receives your data only to generate your result. |
| How is it used? | Only to produce your analysis, score, or briefing. Under Anthropic's commercial terms, your data is not used to train AI models, is not sold, and is not used for advertising. |
| Do you ask first? | Yes. The first time you use an AI feature, the App shows this disclosure and asks you to agree before anything is sent. If you decline, no data is sent. You can review or withdraw this permission anytime in Settings → AI & data. |
If you are in the EEA or UK, we rely on the following legal bases:
Depending on where you live, you may have the right to access, correct, delete, export, or restrict processing of your personal data, and to withdraw consent. You can exercise the core rights directly in the App:
You may also email palsamsurya@gmail.com to make a request. We will respond within the timeframe required by applicable law (generally 30–45 days). You have the right to lodge a complaint with your local data protection authority.
If you are a California resident, you have the right to know what personal information we collect, to request deletion, and to correct it. In the past 12 months we have collected the categories described in §2, including health information and photos, which are treated as sensitive personal information and used only to provide the App's features. We do not sell your personal information and do not share it for cross-context behavioral advertising. We do not use sensitive personal information for purposes beyond those permitted under the CPRA. We do not knowingly discriminate against you for exercising your rights.
We keep your data for as long as your account is active. When you delete an item, it is removed. When you delete your account, your profile, logs, routine data, and photos are permanently deleted from our systems, and any backups are cycled out in the ordinary course. Aggregated or de-identified data that cannot reasonably identify you may be retained.
We protect your data with industry-standard measures, including encryption in transit (TLS/HTTPS), encryption at rest, row-level security so each account can only access its own data, and a private, non-public storage bucket for photos accessed only through short-lived signed links. No system is perfectly secure, but we work to protect your information and limit access to what is necessary.
Our providers (including Supabase and Anthropic) are based in the United States, and your data may be processed there. If you access the App from outside the U.S., you understand your information will be transferred to and processed in the U.S. Where required, transfers rely on appropriate safeguards such as Standard Contractual Clauses.
Trigger is not intended for children under 13 (or under 16 where a higher age applies), and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us and we will delete it.
We may update this Policy from time to time. We will revise the "Last updated" date above and, for material changes, provide notice in the App. Continued use after changes means you accept the updated Policy.
Questions or requests: palsamsurya@gmail.com.
See also our Terms of Service and Medical Disclaimer.