Privacy Policy

1. Information we collect

1.1 Information you provide directly

When you create an account and use Foodify, you provide the following information:

• Identity: first name, email address, and the unique user ID assigned by Apple Sign-In or Google Sign-In.
• Profile & biometrics: age, gender, height, weight, training type, activity level, exercise frequency, session duration, goal (lose / maintain / gain / build muscle), target weight, goal timeline.
• Food preferences: dietary style (standard, vegetarian, vegan, pescetarian, halal), diet style (balanced, Mediterranean, high-protein, low-carb, keto), allergies (from a pre-defined list plus custom entries), preferred cuisines, proteins, carbs, breakfast style, cooking time, spiciness level, weekly repeat tolerance.
• Lifestyle questionnaire (optional): up to 50 answers about food habits, hydration, sleep, exercise, stress and emotional eating.
• Body measurements (optional): weight history, neck, chest, waist, hip, arm, thigh circumferences and the date of each entry.
• Food log entries: the food name, meal type, calories, macros, micronutrients, weight in grams, the source (camera / barcode / manual / AI), and the photo of the meal (if taken).
• Water intake: number of glasses consumed per day.
• Chat content: messages you send to Foodify Chat, including any photos attached.
• App settings: notification preferences, image-sharing preference, preferred unit system (metric/imperial), language, theme.

1.2 Information collected automatically

• Device & app data: iOS version, app version, device model, locale, timezone, and a Firebase-issued installation identifier. Used for crash diagnostics and feature compatibility.
• Usage events: via Firebase Analytics — high-level events such as sign-ups, food logs, achievements unlocked and notifications opened. We record only event names and minimal parameters (e.g. meal type, calories) — never the full content of your messages or images.
• Push tokens: the Apple Push Notification service (APNs) token and Firebase Cloud Messaging (FCM) token for delivering notifications. Used only to send notifications to your device.
• Streak & achievement metadata: dates of weight entries, body measurements, and food entries, used to compute streaks and unlock achievement badges.
• Subscription status: if you purchase Foodify Pro, we receive your subscription state (for example active, in trial, or expired), the plan you bought, and an anonymized transaction identifier — used only to unlock and manage paid features. Apple processes your payment; we never receive your card number or full payment details.

1.3 Information we do not collect

• We do not collect your precise location, contacts, calendar, or microphone audio.
• We do not use advertising identifiers (IDFA).
• We do not serve third-party advertising of any kind.
• We do not track you across other apps or websites.

2. How we use information

We use the information described above strictly to operate, secure, and improve the Service for you:

• Provide the core experience: compute your BMR, TDEE, daily calorie target, macro distribution, and personalized meal plan from your biometrics, training profile and food preferences.
• Power AI features: when you use AI features, your relevant context (profile, recent foods, today's intake, questionnaire answers) is sent to our AI services so they can generate summaries, meal plans, chat replies, and image-based food recognition.
• Display history: show your saved meals, weekly analyses, weight charts, body-composition trends and achievement progress.
• Send notifications you've enabled: meal reminders, water reminders, weekly reports, achievements, daily tips, weigh-in and body-measurement reminders.
• Maintain security: protect the Service against fraud, abuse, and excessive use via Apple App Check / AppAttest and per-user rate limits.
• Diagnose problems: monitor crashes and performance via Firebase telemetry.
• Improve the product: understand which features are used so we can prioritize fixes and enhancements. We use aggregated event counts, not identifiable user behavior.
• Comply with law: respond to lawful requests and enforce our Terms of Use.

3. Apple Health data

If you grant permission, Foodify reads the following data from Apple HealthKit:

• Step count
• Active energy burned
• Basal (resting) energy burned

This data is used solely to:

• display your daily activity in the Summary screen,
• compute your net calorie figure (eaten − burned),
• feed activity context into the AI when generating your weekly report.

Per Apple's HealthKit guidelines:

• HealthKit access is read-only and requires explicit per-data-type consent.
• We do not share HealthKit data with third parties.
• We do not use HealthKit data for advertising, marketing, or analytics outside the Foodify Service.
• HealthKit data is processed in-memory while computing your summary; we do not persist raw HealthKit values to our servers.
• You can revoke HealthKit access at any time in iOS Settings → Privacy & Security → Health → Foodify.

4. Camera and photo permissions

Foodify requests access to your camera and photo library so that you can capture or select images of meals for nutrition analysis.

• Camera images are processed first by an on-device Core ML model. The original image and recognition results are then stored in Firebase Storage tied to your user ID, with owner-only access rules.
• For multi-food analysis, the captured image is uploaded to our backend and forwarded to our AI service (Google Gemini). Only the image and a minimal prompt are sent. Identifiers, names and other profile fields are not included.
• You can delete any saved photo at any time from the Saved tab; deletion removes the file from Firebase Storage and the corresponding metadata from Firestore.
• You may revoke camera and photo access at any time in iOS Settings → Privacy & Security → Camera / Photos → Foodify.

5. AI processing & consent

Foodify uses Google Gemini via our secure backend proxy to power several features. Cloud AI is integral to features such as multi-food photo analysis, Foodify Chat, meal-plan generation and your daily and weekly summaries. By accepting our Terms of Use during onboarding, you consent to the AI processing described in this section. Single-food photo recognition runs on your device and does not require cloud AI (see Section 4).

5.1 When we send data to the AI

When you use these AI features, we send the following types of content to the AI service:

• Foodify Chat: your chat message and a structured context block (goal, daily calorie target, today's intake, remaining calories, activity from HealthKit, recent foods, allergies, lifestyle questionnaire summary). Photos attached to a chat message are sent as inline image data.
• Multi-food image analysis: the meal photo plus a fixed task prompt.
• Daily summary: your day's saved foods, water intake, activity, and target totals.
• Weekly report: your week's saved foods, water, weight changes, body-measurement changes and the daily summaries already generated.
• Meal-plan generation: your biometric profile, goal, dietary preferences, allergies, recent food signals (likes / dislikes / things you've eaten or rejected), questionnaire context, and locale.
• Nutrition review: the foods you tagged for review plus your profile context.

5.2 What is not sent

• Your name, email, phone number, or any direct identifier.
• Your Firebase user ID is not included in the prompt body. It is used at the proxy layer for authentication and rate-limiting only.
• Raw HealthKit data — only the daily summary numbers we already compute.
• Your friends, contacts, or any data we don't collect in the first place.

5.3 What happens to the data at Google

AI requests are made to Google's Gemini API via our backend. According to Google's Gemini API terms, content submitted via the paid API is not used to train Google's models. We also do not retain prompts on our backend beyond the in-flight request; the AI's response is stored on your account where applicable (e.g. saved meal plan, weekly report).

5.4 Foodify Chat scope

Foodify Chat is instructed to refuse off-topic prompts (politics, finance, medical diagnosis, legal advice, etc.) and to never provide medical advice. Replies are best-effort estimates and may be inaccurate; see our Terms — Not Medical Advice.

5.5 Controlling AI processing

Cloud AI is integral to the features listed above, and by accepting our Terms of Use you consent to this processing. If you prefer not to use cloud AI, you can still log foods manually and rely on on-device single-food recognition, which does not send data to the AI service. The optional Allow Model Image Sharing setting (Section 5.6) is separate and off by default. To stop all processing entirely, you can delete your account at any time (Section 9). Previously generated content (saved meal plans, summaries, reports) remains on your account until you delete it.

5.6 Optional image sharing for model improvement

A separate toggle, Allow Model Image Sharing, controls whether we may use de-identified copies of your food photos to improve our recognition models. It is off by default. Toggling it on grants only that improvement use; toggling it off prevents future sharing.

6. Push notifications

Foodify schedules local and remote notifications for: meal reminders, water reminders, daily tips, streak risk warnings, weekly reports, achievement unlocks, personal-record celebrations, body-measurement and weigh-in reminders, late-night eating warnings, weight milestones and onboarding nudges.

• You can opt out of any category in Profile → Notification Preferences. Settings sync across your devices through Firestore.
• You can disable all notifications at the iOS level via Settings → Notifications → Foodify.
• Notification content does not include your identifiable medical information; reminders use generic copy ("Time for lunch", "Your weekly report is ready").
• We rate-limit notifications (no more than a small number per day per category) to avoid noise.

7. Third-party services we use

Foodify is built on a minimal set of trusted infrastructure providers. Each provider only receives the data necessary for its function:

• Google Firebase (Authentication, Firestore, Storage, App Check, Cloud Functions, Analytics, FCM) — primary backend. Firebase processes your account identifiers, profile, food logs, photos, and analytics events. Governed by Firebase's Privacy and Security policy.
• Apple Sign in with Apple — identity provider. Apple may share your name and email (or a private relay email) with us on first sign-in.
• Google Sign-In — identity provider. Google shares basic profile data on sign-in.
• Apple HealthKit — read-only on-device API. No data flows to Apple servers because of Foodify.
• Google Gemini API (via our backend proxy) — AI processing. See section 5.
• USDA FoodData Central — public nutrition database. We send only a search query or food ID. No user identifier is shared.
• Open Food Facts — public product database. We send only a product barcode. No user identifier is shared.
• Apple App Store — processes all subscription payments as merchant of record. We receive only your subscription status, never your payment-card details.
• Subscription-management service — used to validate purchases and manage your access to paid features. Receives your subscription and transaction identifiers, not your payment details.

8. Data retention

• Account data and food history: retained while your account exists.
• AI-generated summaries, reports, and meal plans: retained while your account exists, or until you delete them in-app.
• Analytics & diagnostic events: retained per Firebase Analytics' default retention (up to 14 months).
• Rate-limit counters: short-lived (windowed in seconds to minutes); auto-expire.
• Push tokens: retained while the app is installed and signed in; removed on sign-out or uninstall.
• Backups: Firebase performs internal backups; deleted data is purged from backups within standard retention cycles.

9. Data deletion & your rights

You have the right to access, correct, port, and delete your personal data.

9.1 Self-serve deletion

You can delete your Foodify account at any time from inside the app: Profile → Settings → Delete Account. When you confirm:

• All of your data — profile, saved foods, water entries, weight history, body measurements, achievements, weekly analyses, meal-plan history, preference signals and questionnaire answers — is permanently deleted.
• All Firebase Storage objects with your owner-metadata (food images, multi-food images) are deleted.
• Your Apple Sign-In token is revoked (if applicable).
• Your Firebase Auth refresh tokens are revoked and your Firebase Auth user is deleted.
• Server-side rate-limit counters tied to your user ID are removed.

9.2 Other rights you can exercise

You may also email us at support@foodifyai.app to exercise any of the following rights, in line with applicable law:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct any data you believe is inaccurate.
• Erasure ("right to be forgotten") — beyond the in-app deletion above.
• Portability — receive your data in a machine-readable format.
• Restriction — limit how we process your data.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — for any processing based on consent (e.g. model-image sharing, push notifications, HealthKit access).

We respond to verifiable requests within 30 days. We may need to verify your identity before acting on a request.

9.3 Complaint to a supervisory authority

If you are in the EU/UK, you have the right to lodge a complaint with your local data-protection authority. We would, however, appreciate the chance to address your concern first — please contact us.

10. Security

We take reasonable technical and organizational measures to protect your information:

• Encryption in transit: all communication between the app, our backend, and Firebase uses HTTPS/TLS.
• Encryption at rest: Firebase Firestore and Cloud Storage encrypt data at rest with AES-256.
• Owner-only access rules: our database and storage rules ensure that only you can read or write your own data.
• Apple App Check + AppAttest: validates that requests originate from a genuine, unmodified copy of the Foodify app.
• Rate limiting: per-user transactional rate limits prevent abuse of AI and nutrition-lookup endpoints.
• Apple ID token revocation on account deletion prevents reuse of stale sessions.
• Secrets management: all third-party API keys are stored securely server-side and are never bundled into the app.

No system is 100% secure. If we become aware of a personal-data breach affecting you, we will notify you and the relevant supervisory authority where required by law.

11. International transfers

Foodify is operated globally. Our backend runs in Google Cloud Functions, us-central1 (Iowa, USA). Firebase Firestore, Storage and Analytics also process data in Google data centers. If you are located in the EU/UK or another jurisdiction with data-export requirements, your data may be transferred to and processed in the United States. We rely on Google's Standard Contractual Clauses and EU–US Data Privacy Framework participation as the legal basis for transfer.

12. Children's privacy

Foodify is not intended for children under the age of digital consent in their jurisdiction (16 in much of the EU; 13 in the United States under COPPA). The minimum age to use Foodify is 16. We do not knowingly collect personal information from children below this age. If we learn that we have collected personal information from a child below the applicable age, we will delete that information promptly. If you believe a child has provided us with personal information, please contact support@foodifyai.app.

Foodify is also not designed to support or diagnose eating disorders. If you are a minor concerned about your eating, please speak with a trusted adult or a qualified healthcare professional.

13. Legal basis (GDPR / UK)

If you are in the European Economic Area or the United Kingdom, our legal bases for processing your personal data are:

• Contract (GDPR Art. 6(1)(b)) — to provide the Service you've signed up for: account creation, food logging, meal plans, history.
• Consent (GDPR Art. 6(1)(a)) — for optional image sharing for model improvement, push notifications, and HealthKit access. You can withdraw these consents at any time.
• Special categories — health data (GDPR Art. 9(2)(a)) — your weight, body measurements, dietary preferences and nutrition logs are health data, which our AI also processes to deliver the Service. We process this data on the basis of your explicit consent, given when you accept these Terms during onboarding.
• Legitimate interests (GDPR Art. 6(1)(f)) — for app security, abuse prevention, and product-improvement analytics; balanced against your interests and rights.
• Legal obligation (GDPR Art. 6(1)(c)) — to comply with lawful requests from authorities.

14. California (CCPA/CPRA) rights

If you are a California resident, you have the rights to:

• know what personal information we collect and how it is used;
• request access to and a copy of your personal information;
• request deletion of your personal information;
• correct inaccurate personal information;
• opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising.

Foodify does not sell or share personal information for cross-context behavioral advertising. We have no advertising business. To exercise other rights, email support@foodifyai.app.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective" and "Last updated" dates at the top, and where appropriate, we will notify you in-app or by email. The most current version is always available at this URL.

16. Contact

Foodify is committed to keeping your data yours. Read our Terms of Use for the full legal agreement.