Security Policy

Protecting your data matters. This page summarizes how BodyFatEstimator.ai approaches security, data handling, and third-party infrastructure used to deliver the Service.

Overview

BodyFatEstimator.ai is built with a minimal-data philosophy. We aim to process only what’s needed to generate your body fat estimate and avoid retaining sensitive data (like uploaded photos) beyond what’s required to provide the Service.

Infrastructure & Providers

We rely on reputable providers for hosting, delivery, AI processing, analytics, and payments:

  • Vercel, Inc. — application hosting and deployment
  • Replicate, Inc. — AI model inference and image processing
  • Cloudflare, Inc. — security and content delivery
  • Namecheap, Inc. — domain services and DNS
  • Google LLC — web analytics and tagging
  • Amplitude, Inc. — product analytics
  • Stripe, Inc. — payment processing

For more detail on vendors and processing roles, see our Sub-processors page and Privacy Policy.

Data Handling & Photos

Uploaded photos are processed only to generate your body fat estimate. We do not sell photos or use them for advertising. We do not use uploaded photos to train our own models.

  • Photos are processed for estimation purposes through third-party infrastructure.
  • We do not intentionally maintain long-term photo archives inside the product.
  • Temporary copies may exist in provider systems for reliability, security, and abuse prevention.
  • Analytics currently use Google Analytics and Amplitude (including session replay) to understand usage and improve reliability.

Transport Security

Traffic to and from BodyFatEstimator.ai is encrypted using HTTPS (TLS). This helps protect data in transit between your browser and our infrastructure providers.

Access Controls

We limit access to systems and data to what’s necessary to operate and maintain the Service. Administrative access is restricted and used for support, reliability, and security purposes.

Payment Security

Payments are processed by Stripe. We do not store or have access to your full payment card details. Any payment details you provide are handled directly by Stripe’s systems.

Responsible Disclosure

If you believe you’ve found a security vulnerability, please report it privately and give us a reasonable amount of time to investigate and remediate before public disclosure. Please do not access or modify data that does not belong to you.

User Responsibilities

You are responsible for maintaining the security of your own devices, browser, and email account. If you believe your access has been compromised or you notice suspicious behavior, contact us immediately.

Security Contact

Security questions or vulnerability reports can be sent to matt@leandme.com.

Last updated: 16/2/2026