Privacy Policy

Effective date: March 14, 2026

So Smart Apps LLC ("we", "our", "us") respects the privacy of users and visitors to our website and software products ("Services"). This Privacy Policy outlines the types of information we may collect, how we use it, and the controls users have over it.

Information We Collect

Personal information you provide:

• Email addresses when you contact us via email or forms.
• Account information when you create an account within our apps (name, email, organization).
• Phone numbers when you opt in to receive SMS alerts from our Services.
• Any information you choose to provide when interacting with support or feedback channels.

Information collected through our mobile applications:

• Location data: Our apps may collect precise location data to provide location-based services such as mapping, navigation, and nearby store features. Location data is collected only while the app is in use or, with your permission, in the background.
• Camera: Our apps may access your device camera to capture photos for barcode scanning, expiration date recognition, product identification, and documentation purposes. Camera data is only accessed when you actively use camera features within the app.
• Pantry and grocery data: MyPantry collects information you enter about household inventory items, including product names, quantities, purchase dates, expiration dates, and prices. This data is stored in your account and used solely to provide the app's pantry management features.
• Grocery account data: If you connect a Kroger account, we receive an OAuth access token from Kroger to read your profile and add items to your Kroger cart on your behalf. We do not store your Kroger username or password. You may disconnect your Kroger account at any time from within the app.
• Health and wellness data: Apex Life and VitaSync may collect health-related information including vitals, sleep data, fitness activity, nutrition logs, and medication records. This data is collected from user input and, with your permission, from connected health platforms including Apple Health, Garmin Connect, and Strava. Health data is stored securely in your account and used solely to provide health tracking and AI coaching features.
• Financial data: If you choose to connect a financial account through Apex Life, we use Plaid Inc. to securely access your financial institution. Plaid retrieves account balances, transaction history, and account identifiers on your behalf. We do not store your bank login credentials. You may disconnect your financial accounts at any time. Plaid's use of your data is governed by the Plaid End User Privacy Policy.
• Calendar and productivity data: Apex Life may access your Google Calendar, Todoist, or Slack data with your permission to provide scheduling, task management, and productivity insights. This data is accessed via OAuth and used solely within the app's features.
• Music and activity data: If you connect Spotify to Apex Life, we access your listening activity to provide mood and wellness insights. We do not access your Spotify credentials directly; authentication is handled via Spotify's OAuth system.
• Smart home data: Apex Life may connect to SmartThings or Home Assistant to provide environmental context (temperature, lighting, air quality). This data is accessed with your permission and used solely for wellness insights.
• Device information: We may collect device identifiers, operating system version, and app version for crash reporting and performance monitoring.

So Smart Vault

So Smart Vault is an encrypted password and secrets manager with AI-powered credential extraction. The following applies specifically to So Smart Vault:

Encryption

So Smart Vault stores passwords, credentials, and secrets using a zero-knowledge encryption architecture. All vault data is encrypted on your device using AES-256-CBC encryption with HMAC-SHA256 integrity verification before being transmitted or stored. Your master password never leaves your device and is never transmitted to our servers. We cannot access, read, or decrypt your stored credentials under any circumstances. Encryption and decryption occur entirely on your device using PBKDF2 key derivation with 100,000 iterations.

Biometric Authentication

So Smart Vault supports fingerprint and Face ID authentication as a convenience feature to unlock your vault. Biometric data is processed entirely on your device by the operating system. We never receive, transmit, store, or access biometric data in any form.

AI-Powered Credential Extraction

If you use the Smart Import feature, screenshots or documents you upload are sent to the Anthropic Claude API for credential extraction. These images are processed in real-time and are not stored by Anthropic after processing. You can configure your own Claude API key or use our Cloud Function proxy. No raw credentials are sent to AI services — only images for text extraction. Anthropic does not use API data for model training.

Learning Data

If you enable learning mode, correction patterns (not raw credentials) are stored to improve future AI extractions. This data is encrypted and associated with your account.

Vault Data Storage

Encrypted vault data is stored in Firebase Firestore. We have zero knowledge of your vault contents — your master password is the sole decryption key and is never transmitted. Upon account deletion, all vault data is permanently removed from our servers within 30 days.

How We Use Your Information

• To provide core app functionality including location services, mapping, health tracking, password management, and coordination features.
• To respond to inquiries and provide support.
• To improve our Services and fix bugs via crash reporting.
• To authenticate users and manage accounts.
• To send SMS alerts and notifications related to your devices and services when you have opted in.
• To provide AI-powered health coaching and personalized wellness insights through Apex Life.
• To display financial account information and investment tracking within Apex Life.
• To generate daily wellness briefings based on your connected health, calendar, and activity data.
• To provide AI-powered credential extraction from screenshots and documents in So Smart Vault.

SMS/Text Messaging

Certain Services, including VoltSentry, may send SMS text messages to phone numbers you provide. By providing your phone number and enabling SMS alerts within our applications, you consent to receive automated text messages related to your account and devices, including battery status alerts, device notifications, and service updates.

Message frequency: Varies based on device activity. Alert messages are sent only when battery voltage thresholds are crossed or device events occur (typically fewer than 10 messages per month).

Message and data rates may apply. Check with your carrier for details.

Opt out: You can stop receiving SMS messages at any time by replying STOP to any message, disabling SMS alerts in the app settings, or contacting us at [email protected].

Help: Reply HELP to any message for assistance, or contact us at [email protected].

We do not sell, rent, or share your phone number with third parties for marketing purposes. Phone numbers collected for SMS alerts are used solely for delivering service-related notifications.

Data Storage & Third-Party Services

Our apps use Google Firebase for authentication, data storage, and crash reporting. Firebase processes data in accordance with Google's privacy policies. Data is stored securely using industry-standard encryption in transit (TLS 1.2+) and at rest (AES-256).

MyPantry integrates with the Kroger API to allow users to sync their shopping lists with their Kroger account. When you connect your Kroger account, authentication is handled via Kroger's OAuth 2.0 system. We receive only the access and refresh tokens needed to interact with Kroger on your behalf. Kroger's use of your data is governed by Kroger's privacy policy.

Plaid: Apex Life uses Plaid Inc. to connect to your financial institutions. When you link a financial account, Plaid securely retrieves your account and transaction data using bank-level encryption. We do not have access to your bank login credentials. Plaid's handling of your data is subject to the Plaid End User Privacy Policy. You may revoke Plaid's access at any time through the app or by contacting us.

Health platforms: Apex Life and VitaSync may integrate with Apple Health (HealthKit), Garmin Connect, and Strava to import health and fitness data. Data from these platforms is accessed only with your explicit permission and is used solely to provide health tracking features within the app. We do not share your health data with third parties.

AI services: Apex Life uses Anthropic's Claude API to provide AI-powered health coaching. So Smart Vault uses Anthropic's Claude API (vision and text) for AI-powered credential extraction from screenshots and documents. Your health data or uploaded images may be sent to Anthropic's API for processing. Anthropic does not use API data for model training. No personally identifiable financial data is sent to AI services. See Anthropic's Privacy Policy at https://www.anthropic.com/privacy.

So Smart Vault encryption: So Smart Vault employs AES-256-CBC encryption with HMAC-SHA256 integrity verification and PBKDF2 key derivation with 100,000 iterations. All encryption and decryption occurs on your device. Encrypted data is stored in Firebase Firestore. We have zero knowledge of your vault contents — your master password is the sole decryption key and is never transmitted.

Other integrations: Apex Life may connect to Google Calendar, Spotify, Todoist, Slack, GitHub, SmartThings, Home Assistant, OpenWeatherMap, and Withings. Each integration uses OAuth or token-based authentication, and data is accessed only with your permission and used solely within the app's features. Each service's use of your data is governed by their respective privacy policies.

SMS messages are delivered through Twilio, a third-party communications platform. Twilio processes phone numbers and message content solely for the purpose of delivering messages on our behalf, subject to Twilio's privacy policy.

Analytics & Cookies

We may use third-party analytics providers to understand site and app performance. These services may set cookies and collect anonymous usage data. You may control cookies through your browser settings.

Sharing of Information

We do not sell personal information. We may share information with service providers who help operate the site or Services under contractual data protections. Specifically:

• We do not sell, rent, or share your personal data with third parties for marketing purposes.
• We share data with service providers (Firebase, Plaid, Twilio, Anthropic) only as necessary to operate our Services, under contractual data protections.
• We may disclose information if required by law or to protect the rights and safety of our users.

Data Retention

We retain your personal data only as long as necessary to provide our Services and fulfill the purposes described in this policy. You may request deletion of your account and associated data at any time by contacting us. Financial data accessed through Plaid is not stored permanently on our servers; it is fetched in real-time or cached temporarily for display purposes. So Smart Vault encrypted data is retained as long as your account is active. Upon account deletion, all vault data is permanently removed from our servers within 30 days.

Security

We employ reasonable administrative, technical, and physical safeguards to protect personal data, including encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, and regular security reviews. So Smart Vault additionally employs client-side AES-256-CBC encryption with HMAC-SHA256 integrity verification and PBKDF2 key derivation (100,000 iterations), ensuring that vault data cannot be read by anyone — including us. However, no system is 100% secure.

Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us at [email protected]. You may also:

• Revoke app permissions (location, camera, health data) through your device settings at any time.
• Disconnect third-party integrations (Plaid, Garmin, Spotify, etc.) from within the app at any time.
• Request a copy of your personal data.
• Opt out of AI coaching features while retaining access to other app features.
• Export or delete your So Smart Vault data at any time from within the app.

California residents: Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To exercise your CCPA rights, contact us at [email protected].

Children's Privacy

Our Services are intended for general audiences and designed for adult users. They are not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us so we can promptly delete it.

Changes to This Policy

We may update this policy from time to time, and the updated version will be posted here.

Contact Us

If you have questions about this Privacy Policy, contact us at:

So Smart Apps LLC
[email protected]
sosmartapps.app

← Back to home