Privacy Policy

Your photo (optional). If you upload one, it is used for exactly one purpose: generating your AI body previews. See "Your photo's full lifecycle" below for what happens to it, who processes it, and when it is deleted.

Your answers. Age, height, weight, training habits, diet and goal inputs — used to compute your projections, calories/macros and plan.

Your email, if you provide it — used to send your results link and, unless you unsubscribe, occasional follow-up emails about your preview, your offer, and fitness tips (this is the marketing use we disclose). Every such email has a one-click unsubscribe, honored immediately.

Payment data. Handled entirely by Stripe. We never see or store your card number.

Usage data. Approximate country (from IP, for currency/language), basic analytics, and session replays/heatmaps via Microsoft Clarity to understand how the site is used. We also measure ad conversions (e.g. Google Ads).

Who touches it: your photo is encrypted in transit, sent to our AI provider (OpenAI) solely to render your previews, and stored with our storage provider (Backblaze) until deleted per the schedule below. No other party receives it.

What we don't do: we do not use your photo to identify you, we do not extract biometric identifiers (no faceprints, no face recognition), we do not use it to train AI models, and we never sell, publish, or share it beyond the two processors above.

When it's deleted — automatically:

• If you purchase: your original photo is deleted from our storage as soon as your final images finish generating. We keep only the generated results so your permanent link works.

• If you don't purchase: we keep your photo for up to 30 days — that's what lets us generate your full results instantly if you decide to unlock later — and then it is deleted automatically.

• On request: everything — photo, generated images, and all session data — deleted within 30 days via support@bodytimeline.com.

Our AI provider: OpenAI processes API inputs to generate your images and may retain them briefly under its own data policy (typically up to 30 days, for abuse monitoring) before deletion; OpenAI does not use API inputs to train its models. "Deleted" above refers to our storage; OpenAI's short retention window follows its policy.

Screen analytics: our session-replay tool (Microsoft Clarity) is configured to mask all photo and result images — replays show the page layout, not your body.

Only the service providers needed to run the product: OpenAI (image generation), Stripe (payments), Supabase (database), Backblaze (file storage), Vercel (hosting/analytics), Resend (email), Microsoft Clarity (session analytics), and Google (ads measurement). We don't sell your data, ever.

You can unsubscribe from emails with one click in any marketing email. You can request a copy or complete deletion of your data — including your photo and generated images — by emailing support@bodytimeline.com. We honor deletion requests within 30 days. If you're in the EU/UK (GDPR) or California (CCPA), these rights are yours by law; we apply them to everyone regardless of location.

Source photos follow the automatic deletion schedule above. Generated images and your plan are kept so your permanent results link keeps working. Emails are kept until you unsubscribe or request deletion. One email to support deletes everything sooner.

We use a small set of cookies and browser storage: essential (your session, language, and which version of the site you see), analytics (Vercel Analytics and Microsoft Clarity, to understand usage — with images masked as described above), and advertising measurement (Google Ads conversion cookies, so we know an ad led to a signup — not for building profiles of you). You can block cookies in your browser; essential features may still use local storage to function.

BodyTimeline is for adults. You must be 18 or older to use it. We don't knowingly collect data from minors; if you believe a minor has used the service, contact us and we'll delete the data.

If we change this policy, we'll update it here with a new date above. Material changes to how we handle photos or email will be communicated before they apply to data we already hold.

BodyTimeline is operated by Neptie Inc. (United States), the data controller for the processing described in this policy. Questions, access or deletion requests: support@bodytimeline.com.