Privacy Policy
Last updated: May 4, 2026
This Privacy Policy explains how Brushr ("we", "us", or "our") collects, uses, and protects information in connection with the Brushr mobile application (the "App") and our website (the "Site"), together the "Services." We've designed Brushr to collect only the information needed to make the App work well and personalize your experience. This document describes what that means in practice.
Information You Provide
When you use the App, we collect information you provide directly during onboarding and ongoing use, including:
- Account information: If you sign in with Apple or Google, we receive a unique identifier and (depending on your selections) your name and email. You may also choose to skip account creation and use the App anonymously.
- Onboarding inputs: Your name, age range, gender identification, brushing habits, goals, preferred voice style, and morning/evening brush times. These are used to personalize your routine and content.
- Smile Scan: A selfie photo you choose to capture during onboarding (and optionally re-capture later from the Insights tab). See the dedicated "Smile Scan" section below for a complete description of how this feature works.
- Commitment signature: A drawn signature image captured during onboarding to mark your commitment to the habit.
- Settings and preferences: Your content type toggles for morning and evening, notification preferences, and dark mode setting.
Information Collected Automatically
When you use the App, we collect information automatically about how you interact with it:
- Brushing session data: When each session started and ended, duration, whether you completed the full two minutes, which content piece played, and which voice style was used.
- Streak and stats: Computed from your session history.
- Diagnostic data: Anonymous performance and crash data to help us identify and fix bugs.
- Analytics events: We use PostHog to track anonymized product usage events, such as which onboarding screens you viewed, when you started a session, and when you reached streak milestones. These events help us improve the App.
Smile Scan: How the Camera Feature Works
Because the Smile Scan involves your camera, we want to be precise about exactly what it does and what happens to the data. This section describes the implementation in detail.
What the camera captures. When you start a Smile Scan, the App opens the front-facing camera using Apple's standard AVFoundation framework. While the camera is active, on-device Apple Vision processing analyzes the live preview at approximately 5 frames per second to detect that a face and lips are visible — this gates the shutter so that the scan is only captured when you are properly framed. These live preview frames are processed in memory and are never saved, uploaded, or copied off the device. When you tap the shutter, a single still photo is captured.
On-device analysis. Once the photo is captured, Apple's Vision framework runs again on the still image, entirely on your device. Vision detects the position of your face and the landmarks that outline your lips, and the App computes simple aggregate statistics over the inner-mouth region of the photo (such as average brightness and color characteristics). These values are converted into four small numeric adjustments that nudge your Smile Factors. The raw landmark coordinates and pixel statistics are never stored or transmitted — only the final score and the five resulting Smile Factor numbers.
What we do not do. The Smile Scan does not use ARKit, face mesh data, depth sensors, or blendshapes. It does not generate a faceprint, biometric template, or face embedding. It is not used for face recognition or face identification — there is no technology in the App that could identify you from your face or match your face against any other face. The photo is not analyzed for medical or dental conditions, and Brushr is not a medical or healthcare service.
What is uploaded. The captured photo is JPEG-compressed and uploaded over HTTPS to a private storage bucket on our backend (Supabase Storage). The photo is stored under a path tied to your user ID. Access controls (row-level security) restrict the photo so it can only be retrieved by your authenticated session — no other user, and no third party, can access it. The corresponding score and Smile Factor values are written to a database row associated with your account.
How many scans we keep. The App stores up to your 10 most recent Smile Scans. When you take an 11th scan, the oldest one is automatically deleted from both storage and the database.
Where the photo is shown. Smile Scans are visible only to you, within your authenticated session in the App. They are not displayed to any other user and are not shared with any third party.
What is sent to third parties. Nothing about the photo or any biometric-derived data is sent to third parties. Apple Vision runs entirely on your device with no network call. Our analytics provider (PostHog) receives only an event noting that a scan was completed and the resulting numeric score — no image, no landmarks, no pixel data. No AI service, advertising network, or other third party receives the photo or any data derived from it. The photo is not used to train any model.
How We Use Information
- To provide and personalize the App's features, including selecting content for your sessions and computing your Smile Factors;
- To send you notifications you've opted into (Morning Nudge, Evening Nudge, Streak Protection);
- To process and manage your subscription;
- To improve the App through aggregated, anonymized analytics;
- To respond to your support requests;
- To comply with legal obligations.
Service Providers
We rely on third-party service providers to operate Brushr. These providers process information on our behalf under contractual privacy obligations:
- Supabase — hosts our database and storage. Stores your account data, your Smile Scan photos and scores, and your brushing session history.
- RevenueCat — processes your subscription and trial. They receive a customer identifier and subscription metadata.
- Apple App Store / Google Sign-In — handle authentication when you use those sign-in methods.
- PostHog — captures anonymized product analytics events.
- ElevenLabs and Anthropic — power our content generation pipeline. These providers do not receive your personal information; they generate the audio and text content that the App later plays to you.
- NewsAPI.ai — supplies news headlines for our daily news content. They do not receive your personal information.
Information We Do Not Collect
We do not sell your personal information. We do not share your data with advertisers. We do not track you across other apps or websites for advertising purposes. We do not collect biometric identifiers, faceprints, or face embeddings, and we do not use face recognition or face identification anywhere in the App. The Smile Scan is not used for medical or dental analysis, and we do not claim to diagnose any condition.
Children's Privacy
The App is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. Onboarding requires users to confirm they are 13 or older. If you believe a child under 13 has provided us with information, contact us at the email below and we will delete it.
Your Rights
You have the right to access, correct, or delete the personal information we hold about you. You can:
- Edit your preferences and brush times in the App's Profile tab at any time;
- Delete your account from Profile → Account → Delete Account. When you delete your account, we mark it as deleted and immediately sign you out. Your account data — including your Smile Scans, brushing history, and preferences — is then permanently removed by a scheduled cleanup process and is no longer accessible to anyone, including you. If you wish to use Brushr again afterward, you will need to create a new account;
- Manage your subscription in Profile → Manage Subscription or directly through your iOS subscription settings;
- Contact us at the email below to request access to your data, ask for early deletion, or make any other privacy request.
If you reside in California, the European Economic Area, the United Kingdom, or another jurisdiction with applicable privacy laws, you may have additional rights, including the right to data portability and the right to lodge a complaint with a supervisory authority.
Data Retention
We retain your account information and brushing history for as long as your account is active. Smile Scans are kept on a rolling basis: only your 10 most recent scans are retained, and older scans are automatically deleted. When you delete your account, your personal data is removed by our cleanup process and we do not retain it beyond what is necessary for legal, accounting, or fraud-prevention purposes.
Security
We take reasonable technical and organizational measures to protect your information, including encryption in transit and at rest. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above. Material changes will be communicated through the App or the Site. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.
Contact Us
If you have any questions about this Privacy Policy or want to exercise any of your rights, contact us at support@getsmileapp.com.
← Back to home