Privacy Policy
Effective date: February 9, 2026
Bas App ("Bas", "we", "our", or "us") is committed to protecting the privacy of our users. This privacy policy explains how we collect, use, and safeguard your information when you use the Bas mobile application — a visual communication tool for people with aphasia.
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Display name
- Authentication provider data (Google or Apple sign-in identifiers)
Photos and Images
When you use the camera features, we process:
- Photos of restaurant menus (to identify menu items)
- Photos of food items (to add to your food library)
Photos are processed temporarily for AI analysis and are not stored beyond what is necessary to provide the service.
Food Preferences
We store your food selections and preferences to provide a personalized experience, including:
- Food items you have saved
- Menu session history
- Ordering selections
2. How We Use Your Information
We use your information to:
- Provide and maintain the Bas app functionality
- Authenticate your account
- Process menu photos using AI to identify food items
- Generate visual representations of menu items
- Store your food preferences and selections
- Send transactional emails (sign-in links, verification)
3. Third-Party Services
We use the following third-party services to operate Bas:
- Groq — AI processing for menu and food image analysis
- fal.ai — AI image generation for food visualizations
- OpenRouter — AI model routing for image generation
- Cloudflare R2 — Secure cloud storage for food images
- Neon — PostgreSQL database hosting for account and app data
- Resend — Transactional email delivery (sign-in links, verification emails)
- Google Sign-In / Apple Sign-In — Authentication providers
Each of these services has its own privacy policy. We encourage you to review their policies. We only share the minimum data necessary for each service to function.
4. Data Storage and Security
Your data is stored securely using industry-standard practices:
- Account data is stored in an encrypted PostgreSQL database (Neon)
- Images are stored in Cloudflare R2 with restricted access
- Authentication tokens are stored securely on your device using the platform's secure storage (iOS Keychain)
- All data is transmitted over HTTPS
5. Data Retention
We retain your data for as long as your account is active. You may request deletion of your account and all associated data at any time. When you delete your account:
- Your account information is permanently deleted
- Your food items and preferences are permanently deleted
- Your stored images are permanently deleted from our servers
6. Your Rights
You have the right to:
- Access — Request a copy of the personal data we hold about you
- Correction — Request correction of inaccurate data
- Deletion — Request deletion of your account and data (available in the app's Settings)
- Portability — Request your data in a portable format
- Objection — Object to processing of your data
These rights apply to all users, including those protected under GDPR (EU), CCPA (California), and equivalent regulations.
7. Children's Privacy
Bas is not directed to children under 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.
8. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by updating the "Effective date" at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.
9. Contact Us
If you have questions about this privacy policy or your data, please contact us: