Data Security
Data Security
Rubric protects your data through infrastructure-level controls — not application-level promises — so that entire categories of security failures are architecturally impossible.
Authentication
Rubric uses Sign in with Google and Sign in with Apple exclusively. There is no email and password option.
This is a deliberate choice. By delegating authentication to Google and Apple, Rubric eliminates an entire category of security risks: password breaches, credential stuffing, weak passwords, and password reset exploits. Rubric does not store passwords because there are no passwords to store.
Data isolation
Every database query is scoped to your user ID at the infrastructure level. The database itself enforces that queries only return your data, regardless of what the application requests. This means a bug in the application code cannot accidentally expose another user’s data — the database will not return it.
This applies to all user data: nutrition logs, health records, photos, coaching conversations, and profile information.
Photo privacy
Photos you take for food logging go through multiple privacy protections:
On-device processing. Before a photo leaves your device, all metadata is stripped — GPS coordinates, device identifiers, timestamps, and camera information. The server never receives your location data embedded in photos.
Temporary access only. Photo access links expire after 5 minutes. There are no permanent URLs to your food photos. Links cannot be bookmarked or shared.
Retention controls. By default, photos are deleted after your nutrition entry is closed. You can opt in to 30-day extended retention if you prefer to keep them longer. You can also delete all photos manually through your privacy settings at any time.
AI interaction privacy
Rubric retains AI processing logs for 7 days to support debugging and quality improvements, then automatically deletes them. Coach conversation threads are retained for 90 days, then archived.
Your Coach conversations are private. They are not used to train AI models and are not shared with third parties.
Error monitoring
Rubric uses error monitoring to detect and fix bugs. All personally identifiable information — email addresses, user IDs, health data, food logs — is scrubbed from error reports before they leave the system. Bug reports contain technical diagnostic information only.
Security at a glance
| Protection | What it means for you |
|---|---|
| Infrastructure-level data isolation | Another user’s bug cannot expose your data |
| No email/password authentication | No password to be stolen in a breach |
| On-device metadata stripping | Your location is never embedded in uploaded photos |
| 5-minute photo access links | Photo links cannot be bookmarked or shared |
| 7-day AI log retention | Your AI interactions do not accumulate indefinitely |
| Automatic PII scrubbing | Your health data never appears in bug reports |
| No social features | Your data is never visible to other users |
What Rubric does not do with your data
- Sell it to advertisers or data brokers.
- Share it with other users.
- Use it to train AI models.
- Store your passwords.
- Display ads or allow paid promotion in AI responses.
For the full privacy policy, see the Privacy Policy linked in the app settings. This article is a readable summary, not a legal document.
Related Articles
- Privacy & Your Data — the broader privacy overview
- How Rubric Keeps You Safe (Iron Dome) — AI safety validation specifically
- What the Coach Knows (and Doesn’t) — data access transparency for the Coach