Privacy Policy

• Account info: Email address and basic profile (name, profile picture) collected when you sign in with Google via Clerk.
• Fitness profile: Age, gender, height, weight, activity level, and fitness goal — entered voluntarily by you to personalize macro recommendations.
• Scan history: Barcodes you scan and the AI verdicts returned, stored so you can review your past scans. We do not upload photos of products — scanning is barcode-only.
• Payment info: In-app purchases are processed by Apple. We never see, store, or transmit your credit card details.

• To personalize macro recommendations based on your fitness goals.
• To track your scan history and subscription status.
• To process payments and manage your subscription.
• To send transactional emails (e.g., subscription confirmations).
• We do not sell your data to third parties.

• Clerk — authentication and account management
• Google — identity provider for "Sign in with Google" (only your email and basic profile are shared with us)
• Supabase — database storage (hosted in the US)
• Apple — in-app purchase and subscription processing on iOS
• Chomp — our primary branded-food barcode lookup service. When you scan a product, we send only the barcode number to Chomp and receive back the product's name, ingredients, and nutrient data. No user information is sent.
• OpenFoodFacts — public barcode database used as a fallback when Chomp does not return a result. We send only the barcode number; no user information.
• USDA FoodData Central — U.S. government food database used as a secondary fallback. We send only the barcode number or product search term; no user information.
• Anthropic — AI analysis. We send only the text nutrition data returned from Chomp, OpenFoodFacts, or USDA (product name, ingredients, nutrient quantities) plus your fitness profile. We never send images, your name, or your email. Per Anthropic's API terms, requests are retained by Anthropic for up to 30 days for abuse monitoring and are not used to train their models.
• Sentry — error and performance monitoring. We send crash stack traces, performance traces, and (on errors) session replays. Replays have all text input masked and all media blocked before they leave your device. IP addresses are stripped server-side. Replays are linked to your user ID so we can debug your specific reports, but contain no email, name, or payment information.
• Resend — transactional email (subscription receipts, account notifications)
• Vercel — application hosting and edge delivery

Active accounts: We retain your account information, fitness profile, and scan history for as long as your account exists. Subscription records are retained for the lifetime of your subscription plus 7 years for tax and accounting compliance, in line with payment processor requirements.

Deleting your account: You can permanently delete your account at any time directly inside the app: go to Profile → Delete Account. This action immediately:

• Deletes your account, fitness profile, scan history, and authentication records
• Removes your data from our active systems

Your subscription is billed by Apple and is not canceled by deleting your account. To stop billing, cancel it separately in iOS Settings → Subscriptions.

Backup copies in our database providers are purged within 30 days. Anonymized, aggregated statistics that cannot identify you may be retained indefinitely. You may also email us at the address below to request deletion.

• Contact Info: Email address, name (linked to identity, used for app functionality only — not tracking)
• Health & Fitness: User-provided fitness profile (linked to identity, used for app functionality only)
• User Content: Scan history (linked to identity, used for app functionality only)
• Identifiers: User ID (linked to identity, used for app functionality only)
• Purchases: Subscription status (linked to identity, used for app functionality only)
• Diagnostics: Crash data, performance data, and masked session replays (linked to identity, used for app functionality only — see "Sentry" above for masking details)

We do not collect: location, browsing history, search history, contacts, photos, audio, sensitive info, or financial info (beyond what Apple processes directly).

• Access the personal data we hold about you
• Request correction of inaccurate data
• Delete your account and data (in-app, see above)
• Export your data
• Opt out of marketing communications (we currently send only transactional emails — receipts and account notifications — but if we add marketing emails in the future, every message will include an unsubscribe link)

California residents have additional rights under the CCPA, including the right to know what personal information we collect and to request deletion. We do not sell personal information.

EU/UK residents have rights under the GDPR/UK GDPR including access, rectification, erasure, restriction, portability, and objection. Our lawful basis for processing is the performance of our contract with you (providing the MacroCheck service) and your consent (for optional analytics if introduced in the future).