Privacy Policy

Last updated: May 22, 2026 (post-audit revision)

This Privacy Policy applies to Universal AI LLC ("we", "us", "our") and the iOS apps we operate, including Jineo, Cooked, and Banchan.

1. What we collect

Our apps are designed to operate anonymously. We do not require sign-up to use core features. Where data is collected, it falls into one of these categories:

• On-device data: preferences, streaks, saved items, scan history, and chat history are stored locally on your device via Apple's secure storage. We never receive a copy.
• Inline AI processing: when you take a photo (skin scan, ingredient label, food photo, or text screenshot), the image is sent securely to our processing server, analyzed by an AI model (e.g., OpenAI GPT-4o), and immediately discarded. We do not retain the image.
• Subscription status: when you purchase a subscription, Apple's StoreKit + RevenueCat handle the transaction. We receive only a non-PII identifier confirming your subscription state.
• Crash + diagnostic data: pseudonymized crash reports via Sentry to help us fix bugs. Personal content (chat, scan results, ingredient lists) is stripped before send via a beforeSend hook in our client code. Crash events are keyed to a random Supabase-issued user identifier, not to your name or email.

1a. Categories of personal information we collect (CCPA / CPRA Notice at Collection)

For California residents, the following table maps each category we collect to its business purpose, retention period, and whether we sell or share it:

We do not sell or share personal information as defined by CCPA / CPRA § 1798.140. See § 4 below for how to exercise your rights, including the right to opt out of any future sale or sharing.

2. What we do not collect

• We do not collect your name, phone, or address. We collect your email only if you opt in to our weekly digest, contact us directly, or send us a privacy/legal request.
• We do not sell your data to third parties.
• We do not embed third-party advertising trackers (no Meta Pixel, no Google Analytics, no Facebook SDK). Note: when you tap a "buy" link, you are routed to the retailer's website (Amazon, Sephora, Olive Young, etc.) which uses its own cookies and tracking — that is governed by the retailer's privacy policy, not ours.
• We do not store the photos or text you submit for AI analysis on our servers; they are sent inline to the AI model and immediately discarded.

3. Third-party services we use

To deliver app functionality, we use the following processors:

• OpenAI — vision and language model for AI analysis. OpenAI Privacy Policy
• Supabase — secure backend infrastructure. Supabase Privacy Policy
• RevenueCat — subscription management. RevenueCat Privacy Policy
• Apple — iOS distribution, subscription billing, and push notifications. Apple Privacy Policy
• Sentry — anonymized crash reporting. Sentry Privacy Policy
• PostHog — pseudonymous product analytics (screen views, feature usage) keyed to a non-PII Supabase user identifier; payloads do not contain your name, email, scan content, or chat messages. PostHog Privacy Policy
• Resend — transactional email delivery (welcome message, weekly digest if you opt in, account deletion confirmation). Resend Privacy Policy
• ElevenLabs — voice synthesis for the Hana skincare coach in Jineo and the IRL Practice mode in Cooked. ElevenLabs Privacy Policy
• Google (Workspace + Pages) — email hosting at contact@/privacy@/security@universalaillc.com and static site hosting at universalaillc.com. Google Privacy Policy
• GitHub — code repository + Pages hosting infrastructure for universalaillc.com. GitHub Privacy Statement

We have signed Data Processing Agreements (or have GDPR Art. 28-compliant terms on file) with every processor above.

4. Your rights

• Right to deletion (GDPR Art. 17 + Apple Guideline 5.1.1(v)): every app includes a one-tap "Delete Account & Data" option in Settings. This permanently erases all on-device data and any server-side account if applicable.
• Right to access: since we store no personal data on our servers, there is generally nothing to provide. If you believe we hold data about you, email privacy@universalaillc.com.
• Right to opt out: you can stop using our apps at any time. Subscriptions can be cancelled in iOS Settings → Apple ID → Subscriptions.
• EU/UK (GDPR Articles 15-22): residents of the European Economic Area, UK, and Switzerland have specific rights:
  • Art. 15 access, Art. 16 rectification, Art. 17 erasure ("right to be forgotten"), Art. 18 restriction of processing, Art. 20 portability, Art. 21 objection
  • Art. 7(3) right to withdraw consent at any time — if you opted in to the weekly digest you may opt out at any time without affecting prior processing
  • Art. 22 right not to be subject to automated decisions — our skin-type classification is profiling within Art. 22; you may request a human review of any AI inference by emailing privacy@universalaillc.com
  • Art. 77 right to lodge a complaint with a supervisory authority — for example the Irish Data Protection Commission (dataprotection.ie) or UK Information Commissioner's Office (ico.org.uk)
  Send requests to privacy@universalaillc.com — we respond within 30 days per Article 12(3).
• California (CCPA / CPRA): California residents have the right to (a) know what personal information we collect (see § 1a above), (b) delete it, (c) correct inaccurate data, (d) limit the use of sensitive personal information, and (e) opt out of sale or sharing. We do not sell or share personal information as defined by Cal. Civ. Code § 1798.140. There is no "sale" mechanism to opt out of, but if that changes we will update this policy and provide an opt-out link below.
• Do Not Sell or Share My Personal Information (CCPA § 1798.135): To assert this right or any CCPA right, email privacy@universalaillc.com with subject line "CCPA Request." We respond within 45 days per § 1798.130(a)(2).
• EU representative (GDPR Article 27 derogation): Universal AI LLC is a small US business (single member, <250 employees, no special-category data retained on our servers — all skin-scan images are discarded immediately after inference). We rely on the Article 27(2) derogation for occasional, low-risk processing and have not appointed an EU representative. If our processing pattern changes (e.g., we begin retaining scan images or hit larger EU usage), we will appoint a representative and update this policy.

5. Children's privacy

Our apps are rated 17+ and not directed at children under 13. We do not knowingly collect data from children. If you believe a child has used our app, contact contact@universalaillc.com and we will assist.

6. Data retention

We retain no personal data beyond what is necessary to deliver the service. Inline AI requests are processed and discarded. Subscription identifiers are retained for the duration of the subscription per Apple's requirements.

7. Changes to this policy

We may update this policy as our apps evolve. Material changes will be reflected in the "Last updated" date at the top of this page.

8. DMCA + copyright

If you believe content on our apps or backend infringes your copyright, send a notice meeting the requirements of 17 U.S.C. §512(c)(3) to our designated agent. Notices must include: (a) identification of the copyrighted work, (b) identification of the infringing material with enough detail to locate it, (c) your contact information, (d) a good-faith statement that the use is not authorized, (e) a statement under penalty of perjury that the information is accurate, and (f) your physical or electronic signature.

Designated Agent: Aiden Price, Universal AI LLC
Email: privacy@universalaillc.com
Postal: 18415 Thundercloud Rd, Boyds, MD 20841, USA

9. Contact

General privacy questions: privacy@universalaillc.com
Other questions: contact@universalaillc.com

Universal AI LLC
18415 Thundercloud Rd
Boyds, MD 20841
United States