← Chiseled

Chiseled Privacy Policy

North Tumbleweed LLC · Effective May 1, 2026 · Last updated June 12, 2026

The short version. Chiseled is a face-analysis app. Here's the truth about how your data flows:

1. Who we are

Chiseled is published by North Tumbleweed LLC (“we,” “us,” “our”), a U.S. limited liability company. This policy describes how the Chiseled iOS app handles your data. It does not cover other apps we publish, which have their own policies.

By installing or using Chiseled, you agree to this policy. If you don't, please don't use the app.

2. What we collect

2.1 Selfies you take or upload

When you take a scan, the photo is sent over an encrypted connection (HTTPS/TLS) to our analysis backend, hosted on Railway. The backend feeds the photo to Google Gemini for facial-feature analysis, receives the resulting scores, and returns them to your device.

The photo is held in server memory only for the duration of the analysis call (typically 2-5 seconds), then discarded. We do not write the photo to any disk, database, log, or storage system on our servers. We do not retain it. We cannot retrieve it after the request ends, because there is nothing to retrieve.

The processed photo (the one that powers your before-and-after and history views) is stored locally on your device using Apple's SwiftData framework, and — if your device has iCloud signed in — synced to your own private CloudKit container under your Apple ID. That iCloud container is Apple's infrastructure, encrypted at rest, accessible only by you. We do not have access to it; we cannot read, copy, or recover photos stored there. It does not sync to our servers.

2.2 Scan results (scores, categories, tips)

Each scan returns a numerical score (0–100) on overall, potential, and four category metrics, plus a small set of recommended actions. These results are stored on your device (SwiftData) and — when iCloud is signed in — synced to your own private iCloud container under your Apple ID. That container is Apple's infrastructure, accessible only by you. They do not leave your device or your iCloud unless you choose to share a result via the share-card feature, which you initiate manually.

2.3 Streak, profile, and plan data

Things like your selected coach, focus type (masculine or feminine), streak count, completed actions, and lifestyle preferences are all stored locally on your device — and, when iCloud is signed in, in your own private iCloud container under your Apple ID. They are read by the AI coach during a conversation so it can build a relevant plan, but the storage of record is your device + your iCloud (which we do not have access to).

2.4 Coach conversation context

When you chat with your coach (Leo, Ash, Rook, or Iris), your message and a small snapshot of your recent state (your latest score, your streak, your active commitment) are sent to our backend, which forwards them to Anthropic's Claude API. The reply is streamed back to your device.

Conversation history is stored on your device. We do not retain a copy on our servers.

For longer-running conversations, our backend may persist a short anonymised summary (3–5 sentences) of the previous day's conversation in a Supabase database. This is keyed by an anonymous user identifier (not your name or email) and is used to give the coach continuity. The summary contains paraphrased context, not raw messages.

2.5 Subscription records

When you subscribe to Chiseled Pro, Apple's StoreKit handles the transaction. We receive an anonymous transaction identifier and an entitlement signal (“active” / “not active”). We use RevenueCat to verify entitlements and manage the subscription lifecycle. RevenueCat receives anonymous identifiers from us. Neither Apple nor RevenueCat receives your name or email from Chiseled, because we don't ask for them.

2.6 What we do not collect

We do not require you to create an account. We do not ask you to sign in. You are anonymous to us by default.

We never sell your photos, never authorise them for AI model training, and never retain them on our servers beyond the time needed to compute your read.

3. Third parties

Chiseled relies on a small number of third-party services to function. Here is the complete list.

ServiceWhat it receivesTheir role
Google (Gemini API) Your selfie, transmitted to score it. Discarded after scoring per Google's API terms. Performs the AI vision analysis.
Anthropic (Claude API) Your coach messages and a small context snapshot. Numeric scores only — never the photo. Generates coach replies.
Railway All API traffic transits Railway, which hosts our backend. The photo is held in server memory only for the duration of the analysis call, then discarded. Backend infrastructure.
Supabase The advice library (read-only public content) and anonymised daily conversation summaries. Database.
Apple (StoreKit + CloudKit) Your subscription transaction (StoreKit). Your private iCloud container (CloudKit) where your scores + history are stored under your Apple ID — encrypted at rest, accessible only by you. We do not have access to your iCloud container. Processes payment + provides the iCloud sync infrastructure your device uses.
RevenueCat Anonymous purchase tokens and entitlement state. Receives the anonymous AppsFlyer install ID so subscription analytics can be joined against install source — no name, email, or photo. Subscription management + attribution join.
AppsFlyer Anonymous install-attribution events (install, paywall_shown, scan_completed, purchase, etc.), keyed by an anonymous AppsFlyer install ID. Does NOT receive photos, scores, or any content from inside the app. Marketing attribution.

Each of these has their own privacy policy:

We do not sell your data to any of them or to anyone else. Data shared with these services is the minimum needed to provide the feature you used.

4. How long we keep your data

DataRetention
Your selfies (server-side)Discarded immediately after scoring. Held in server memory only during the request. We retain nothing.
Your selfies (your device + your iCloud)Stored on your device + your own private iCloud container until you delete them via Settings → Delete my data, or sign out of iCloud. We do not have access to the iCloud copies.
Your scan results (scores, history)Stored on your device + your own private iCloud container. Removed when you tap Delete my data, or by deleting the iCloud copy via Settings → Apple ID → iCloud → Manage Account Storage → Chiseled.
Your coach conversation historyStored on your device + your own private iCloud container. Removed when you tap Delete my data.
Anonymised daily conversation summaries (Supabase)Retained while the service needs them to give your coach continuity; deleted upon verified request.
Subscription records (Apple + RevenueCat)Per Apple's and RevenueCat's retention policies — typically as long as needed for billing, refunds, and legal obligations.

5. Your rights and choices

5.1 Most data is on your device + your own iCloud

Because the bulk of Chiseled's data lives on your device — and, optionally, in your own private iCloud container under your Apple ID — you control it directly. You can:

5.2 Server-side data

For the small amount of server-side data we hold (anonymised daily conversation summaries and anonymous subscription tokens), you can request:

To make a request, email support@northtumbleweed.com. Because Chiseled is anonymous and we don't have your name or email on file, please contact us from the device with the app installed so we can locate your records via your subscription receipt or anonymised identifiers. We will respond within 30 days.

5.3 Subscription data

To cancel your subscription, go to Settings → Apple ID → Subscriptions on your iOS device. We cannot cancel your subscription on your behalf — Apple owns that interface.

To request deletion of subscription records held by RevenueCat, contact us and we will forward the request.

6. Children's privacy

Chiseled is not directed at children under 13. We recommend the app for users 17 and older given the body-image content and self-improvement framing. We do not knowingly collect any data from anyone under 13. If you believe we have inadvertently collected data from a child under 13, contact support@northtumbleweed.com and we will delete it promptly.

We comply with the Children's Online Privacy Protection Act (COPPA) by not collecting any personally identifying information from any user, regardless of age.

7. GDPR (EEA, UK, Switzerland)

If you are in the EEA, the United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and related laws.

We process minimal personal data, and most of it stays on your device. The data we do touch on the server side is processed under contractual necessity, legitimate interest, or explicit consent (for camera and photo-library access).

You have the right to access, rectify, erase, restrict, port, or object to the processing of your data. To exercise any of these rights, email support@northtumbleweed.com. Because we don't hold your name or email by default, please contact us from the device with the app installed so we can locate your records via your subscription receipt or anonymised identifiers. We will respond within 30 days.

If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

8. CCPA (California)

California residents have the right to know what categories of personal information we collect, to access copies, to request deletion, and to opt out of any sale. We do not sell personal information. To exercise these rights, email support@northtumbleweed.com from the device with the app installed. We will verify your request via your subscription receipt or anonymised identifiers and respond within 45 days.

9. Security

We protect data in transit and at rest using industry-standard practices:

No security system is perfect. If you become aware of a vulnerability, please email support@northtumbleweed.com.

10. Changes to this policy

We may update this Privacy Policy as the app evolves. When we do, we will update the “Effective” and “Last updated” dates at the top. For material changes (anything that affects how we collect or use your data), we will display an in-app notice before the change takes effect, and where reasonable provide at least 30 days' notice.

11. Contact

For privacy questions or data requests: support@northtumbleweed.com.

North Tumbleweed LLC
Made in Brooklyn.