ST
SpekTree

Privacy Policy

Last updated: March 19, 2026

At SpekTree, we understand that the health data you entrust to us is deeply personal. This policy explains what information we collect, how we use it, and how we protect it.

Information We Collect

We collect information you provide directly when using SpekTree:

  • Account Information: Email address, name, and password when you create an account.
  • Child Profile Data: Name or nickname, date of birth, weight, height, dietary preferences, and known allergies.
  • Nutrition Data: Food logs, meal photos, nutrient intake, and dietary patterns.
  • Health Data: Symptom logs, supplement records, blood work values, and behavioral observations.
  • Usage Data: How you interact with the app, features used, and session duration.

How We Use Your Information

Your data is used exclusively to provide and improve SpekTree's services:

  • Core Service: Tracking nutrition, generating nutrient gap analyses, and providing AI-powered insights.
  • Personalization: Tailoring recommendations based on your child's accepted foods and dietary needs.
  • Reports: Generating doctor-ready PDF reports at your request.
  • Improvement: Aggregated, de-identified data may be used to improve our algorithms and nutritional database.

We never sell your personal data. We never share identifiable health data with advertisers.

Data Storage & Security

Your data is stored securely using industry-standard practices:

  • Database: All user data is stored in Supabase (PostgreSQL) with row-level security policies ensuring you can only access your own data.
  • Encryption: Data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Authentication: Managed by Supabase Auth with secure session handling.
  • Backups: Automated daily backups with point-in-time recovery.

Third-Party Services

SpekTree integrates with the following third-party services:

  • Stripe: Payment processing for subscriptions. We never store your credit card details — Stripe handles all payment data securely under PCI-DSS compliance.
  • USDA FoodData Central: Nutritional data for food items. No personal data is shared with the USDA.
  • Anthropic (Claude API): AI-powered features such as photo food recognition and insight generation. Queries are sent with minimal context and no personally identifiable information.
  • Supabase: Database hosting, authentication, and file storage.

Children's Privacy

SpekTree takes children's privacy seriously and is designed with COPPA considerations in mind:

  • SpekTree accounts are created and managed by parents or legal guardians, not children directly.
  • Child profile data (nutrition logs, symptoms, supplements) is entered and controlled by the parent/guardian.
  • We do not knowingly collect personal information directly from children under 13.
  • Parents can review, modify, or delete all child profile data at any time from their account settings.
  • If we learn that a child under 13 has created an account without parental consent, we will promptly delete the account and associated data.

Data Retention & Your Rights

Retention: We retain your data for as long as your account is active. If you delete your account, all personal data is permanently removed within 30 days.

Your rights include:

  • Access: Request a copy of all data we hold about you.
  • Correction: Update or correct any inaccurate information.
  • Deletion: Request permanent deletion of your account and all associated data.
  • Export: Download your data in a portable format (JSON/CSV) from your account settings.
  • Restriction: Request that we limit processing of your data in certain circumstances.

Contact Us

If you have questions about this privacy policy or wish to exercise your data rights, please contact us:

  • Email: privacy@spektree.com
  • Website: spektree.com/contact

We aim to respond to all privacy-related requests within 30 days.