ProDIY Privacy Policy
This Privacy Policy explains what information ProDIY ("ProDIY," "we," "our," or "us") collects when you use the ProDIY iOS app (the "App"), how that information is used, where it is stored, and the choices you have. The App is operated by ProDIY (contact details in ยง10). This Policy works alongside our Terms of Service.
We've kept this document short and plain-language on purpose. If a section is unclear, write to us at privacy@prodiy.ai and we will clarify.
1. What ProDIY does
ProDIY is a home-repair coach. You describe a problem at home โ by photo, text, or both โ and the App returns a diagnosis, a parts list, and step-by-step guidance. To produce that response, the App sends your description to third-party AI services (see ยง3).
2. Information we collect
We collect only what is needed to deliver the diagnosis you ask for, operate your account, and keep the App safe.
2.1 You give us this directly
- Account email when you sign up with email and password. We use this to sign you in, send verification links, and contact you about your account.
- Password when you sign up with email and password. Your password is stored only as a one-way bcrypt hash; we never see or store the plaintext.
- Apple Sign In identifier when you choose to sign in with Apple. If you use Apple's "Hide My Email" feature, we receive a private relay address (e.g.
xxxx@privaterelay.appleid.com) instead of your real email โ your real address is never disclosed to us. - Consent choices โ your timestamped agreement to our Terms of Service, this Privacy Policy, the age confirmation, and (optional, off by default) marketing emails.
- Photos you take or pick from your library to attach to a diagnosis or project plan.
- Text you type to describe the problem (the "note" field).
- Optional context you set: room/location, project category, budget hint.
- Feedback when you tell us whether a recommendation was helpful, or how a project turned out.
2.2 The device sends us this automatically
- IP address at the moment of each request โ used for rate limiting, abuse prevention, and breaking ties when investigating account-takeover attempts. We do not derive precise location from your IP.
- Authentication metadata โ login timestamps, session refresh times, the device family ("iPhone"), and a generic user-agent string. Used to keep your account secure.
- Device locale (e.g.
en-US,ko-KR) โ used so the AI response carries a locale tag for downstream localization. - Generic crash and error events โ when the App crashes or the AI call fails, we collect a stack trace and a non-personal error code. We do not collect the photo, the note, or any text you typed in these reports.
2.3 We do NOT collect
- Your contact list, calendar, microphone audio, or precise GPS location.
- Health, biometric, financial, or payment data. (Payment information for any future Premium tier will be processed by Apple's In-App Purchase and is governed by Apple's privacy policy โ we never see your card.)
- Browsing history outside the App.
- Any information from third-party social profiles beyond your Apple Sign In identifier (described in ยง2.1).
3. How your photos and text are processed
This is the most important section. Read it carefully.
3.1 Where the data goes
When you submit a diagnosis, the App sends your photo(s) and note to Google's Gemini API (a third-party AI service operated by Google LLC). Gemini analyzes your input and returns a structured diagnosis, which the App renders for you.
To compose the personalized recommendation that follows the diagnosis (parts list, step-by-step guidance, safety routing), our backend also calls Anthropic's Claude API. The query sent to Anthropic includes the diagnosis text returned by Gemini and the relevant retrieval context from our knowledge base; it does not include the original photo.
We use Gemini under Google's standard Generative AI Terms (ai.google.dev/gemini-api/terms, policies.google.com/privacy) and Claude under Anthropic's Commercial Terms of Service (anthropic.com/legal/commercial-terms, anthropic.com/legal/privacy). Each provider's own privacy and data-use practices apply to data once it is sent to their service.
3.2 What we do not do
- We do not save your photos to a ProDIY server. Each photo travels directly from your device to Google Gemini for diagnosis. We never persist the photo bytes on our backend.
- We do not share your photos or notes with anyone other than the AI providers listed above for the sole purpose of generating your diagnosis.
- We do not sell your data, ever. (CCPA "Do Not Sell" applies by default for all users โ there is nothing to opt out of because we do not sell.)
- We do not use your photos or notes to train any AI model on our side.
- We do not embed advertising SDKs in the App.
3.3 What we store on our backend
The following is stored on our backend (Supabase, hosted in the United States, encrypted at rest, access-controlled by row-level security so only your account can read its own rows):
- Your account record (email or Apple Sign In identifier, hashed password, account creation timestamp).
- Your consent events (which version of our Terms / Privacy / Age confirmation / marketing opt-in you agreed to, and when).
- Your feedback events (the rating you gave each recommendation, the outcome you reported for each project).
- Your recommendation history โ the AI-generated diagnosis text, parts list, and step-by-step guidance that was shown to you, plus identifiers for the prompt and retrieval version used. We retain this so the App can show you what you've previously been shown, and so we can investigate and reproduce any safety-relevant issue.
- Authentication metadata (ยง2.2) โ login timestamps, IP at sign-in, device family โ for the security purposes described above.
3.4 What stays on your device
The App also uses iOS device storage to keep:
- the projects you save (with a copy synced to our backend in a later release, so you can pick them up on a second device),
- the most recent in-progress diagnosis draft (not sent to our backend until you submit feedback or save the project),
- your onboarding answers and notification preferences,
- your active authentication tokens โ stored in Apple's Keychain via
expo-secure-store, never in plainAsyncStorage.
Everything on your device stays on your device. Deleting the App removes all local storage immediately. Deleting your account (see ยง6) is the only way to remove the backend records described in ยง3.3.
4. Why we collect what we collect
| Data | Purpose |
|---|---|
| Photos, notes, room, category | Generate the AI diagnosis you requested |
| Email / Apple Sign In ID, hashed password | Identify your account and let you sign in |
| Consent events | Prove your consent and respect your choices over time |
| Feedback events | Improve recommendation quality and surface safety issues |
| Recommendation history | Show you what you've previously been shown and audit safety |
| IP address, login timestamps | Rate limiting, abuse prevention, account-takeover investigation |
| Locale | Tag responses for localized rendering |
| Crash and error events | Diagnose bugs and improve reliability |
We do not use any of the data above for advertising. The App contains no third-party advertising SDKs.
5. How long we keep your data
| Category | Retention |
|---|---|
| Photos / notes you send to the AI | Held by the AI provider per their terms; not retained on ProDIY servers |
| Backend account, consent, feedback, recommendation history | Until you delete your account; then anonymized within 30 days and fully removed within 90 days |
| Authentication metadata (IP, login times) | 180 days, then aggregated or deleted |
| Local projects and drafts on your device | Until you delete them or uninstall the App |
| Crash / error events | 90 days, then aggregated or deleted |
6. Your rights and choices
6.1 Delete your account
You can delete your account at any time from inside the App: Settings โ Account โ Delete Account. Deleting your account immediately revokes your sessions on every device, anonymizes the backend records described in ยง3.3 within 30 days, and fully removes them within 90 days. Deletion cannot be undone. (We provide this in-app deletion path in compliance with Apple's App Store Review Guideline 5.1.1(v).)
6.2 Other in-app controls
- Delete a project โ the project is removed from your device's local storage and (where synced) marked for deletion from the backend on next sync.
- Discard a diagnosis โ the photo and note are removed from the local draft and never sent to the backend.
- Sign out โ clears your authentication token from this device while keeping your account active. You can sign back in on the same or another device.
- Stop using the App entirely โ deleting the App removes all local storage. To also remove your backend data, delete your account first (ยง6.1) and then uninstall.
6.3 Statutory rights
Where applicable, you also have the rights granted by GDPR (if you are in the EU/EEA/UK) and CCPA (if you are a California resident), including the right to access, correct, delete, port, and restrict processing of your data, and the right to lodge a complaint with your local data-protection authority. To exercise any of these rights, email privacy@prodiy.ai and identify yourself well enough that we can locate any data we hold about you. We will respond within 30 days.
We do not sell personal information or share it for cross-context behavioral advertising.
7. Children and minimum age
The App is rated 17+ on the App Store because some content discusses tools, chemicals, and procedures unsuitable for younger users. By creating an account, you confirm that you are at least 17 years old (or the higher minimum age that applies in your jurisdiction).
The App is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13 in compliance with the U.S. Children's Online Privacy Protection Act (COPPA). If you are a parent or guardian and believe your child has created an account or used the App, contact privacy@prodiy.ai and we will delete the account and any associated data.
8. Security
We protect your data with the following controls:
- Transport encryption โ all network requests, including calls to our backend and to AI providers, use HTTPS / TLS 1.2 or higher.
- Encryption at rest โ backend data hosted on Supabase is encrypted at rest using AES-256.
- Row-Level Security (RLS) โ database policies in Supabase enforce that each row in your account's data can only be read or modified by your authenticated session.
- Hashed passwords โ passwords are stored only as bcrypt hashes; the plaintext is never stored or logged.
- Session security โ authentication uses Supabase Auth with JWT-based sessions and rotating refresh tokens. Tokens are stored in Apple Keychain on your device, not in plain storage.
- Backend hosting โ our backend runs on Fly.io in the
sjcregion (San Jose, California, United States), behind HTTPS atapi.prodiy.ai. - Sandboxed local storage โ local storage on iOS is sandboxed by the operating system.
No system is perfectly secure; if you become aware of a vulnerability, please report it to security@prodiy.ai and we will respond promptly.
9. Changes to this policy
We may update this policy as the App grows โ for example when we add new AI providers, expand to additional platforms, or change retention periods. We will post the new policy at this URL with a new "Last updated" date. For material changes that affect what data we collect or how we use it, we will also surface an in-app notice the next time you open the App and, where required by law, request fresh consent.
10. Contact
| General privacy questions | privacy@prodiy.ai |
| Security reports | security@prodiy.ai |
| Operator | ProDIY (operated as an individual sole proprietor, based in the United States) |
We respond to inquiries via email. If postal correspondence is required for a legal matter, contact privacy@prodiy.ai first and we will arrange a delivery method.
11. Third-party services we use
For transparency, here are the third-party services the App relies on:
- Google Gemini API โ generates diagnoses from your photos / notes. Privacy: policies.google.com/privacy. Terms: ai.google.dev/gemini-api/terms.
- Anthropic Claude API โ composes the personalized parts list and step-by-step guidance from the Gemini diagnosis. Receives the diagnosis text and our retrieval context; does not receive the original photo. Privacy: anthropic.com/legal/privacy. Terms: anthropic.com/legal/commercial-terms.
- Supabase โ managed Postgres database (US, west region), authentication service (Supabase Auth), and storage. Hosts your account, consent events, feedback, and recommendation history described in ยง3.3. Privacy: supabase.com/privacy.
- Fly.io โ hosts the App's backend application servers (the API at
api.prodiy.ai) in thesjcregion. Privacy: fly.io/legal/privacy-policy. - Apple โ App Store, iOS, Sign in with Apple โ distribution, platform services, and federated identity (when you choose Sign in with Apple, Apple authenticates you and returns an opaque identifier to us; we never see your Apple ID password). Privacy: apple.com/legal/privacy.
- Sentry โ anonymized crash and error telemetry. Configured to scrub user content (photos, notes, account email, IP) from breadcrumbs. Privacy: sentry.io/privacy.
- Amazon Associates โ when you tap a "Shop" link beside a recommended part, the App opens an Amazon search URL in your browser or the Amazon app. Amazon, not ProDIY, handles the shopping session and any purchase. If you complete a qualifying purchase, ProDIY may receive a referral commission from Amazon at no extra cost to you. Privacy: amazon.com/privacy.
We do not embed advertising SDKs, social-login SDKs other than Sign in with Apple, or analytics SDKs beyond the above.
12. Affiliate links
ProDIY participates in the Amazon Associates Program. As an Amazon Associate, ProDIY earns from qualifying purchases. Affiliate links are limited to the parts and tools the AI recommends; they do not change what you see, what's suggested, or the price you pay. You can search Amazon directly without using the in-app link if you prefer โ the link is a convenience, not a requirement.
We do not share your photos, notes, diagnosis content, or any other in-app data with Amazon. Tapping the link sends only the search query that was already visible on screen.