Privacy Policy

1. Information We Collect

1.1 Information You Provide to Us

• Account Information: Email address, password (hashed), display name, and profile photo (optional).
• Nutrition & Health Data: Food logs, macronutrient and micronutrient targets, nutrition goals, and dietary preferences.
• AI Analysis Data: When you use photo analysis or voice features, we temporarily process your images and audio descriptions through AI services for food identification and nutrition analysis.
• Customer Support: Content of messages you send to our support team.

1.2 Information Collected Automatically

• Device Information: Device model, iOS version, app version, language settings, and time zone.
• Usage Data: App interactions, screens viewed, crash logs, and error diagnostics via Firebase.
• Cookies & Similar Technologies (on our website): Session cookies for authentication only.

1.3 Information from Third Parties

• External APIs: When you search for foods or use AI analysis features, your queries are processed by third-party services (see Third-Party Services section below).
• Apple HealthKit (optional): With your explicit consent, we may import nutrition or activity data to enhance your tracking experience.
• Future Third-Party Logins: If enabled later, we will receive basic profile information such as name and email.

2. How We Use Your Information

• Provide & Maintain the Services: Create and manage your account, sync your food logs, and deliver personalized nutrition analytics.
• AI-Powered Features: Process food images and text descriptions to identify foods and provide nutrition information.
• Improve & Secure the App: Monitor app performance, fix bugs, prevent crashes, and develop new features using Firebase crash reporting.
• Communicate with You: Send essential updates, respond to inquiries, and deliver optional nutrition tips (opt-in).
• Legal & Compliance: Detect and prevent fraud, comply with legal obligations, and enforce our Terms of Service.

Our legal bases under the EU GDPR are Contract performance, Legitimate interests, Consent, and Legal obligations as applicable.

3. Third-Party Services

We use the following third-party services to provide our features. Each service has its own privacy policy:

4. Sharing & Disclosure

We share your information only in the following situations:

• Service Providers: Cloud hosting (Supabase/PostgreSQL on AWS), AI processing (OpenAI), food database queries (Edamam), crash reporting (Firebase), and email delivery. They access data solely to perform tasks on our behalf and are bound by confidentiality.
• Business Transfers: In connection with a merger, acquisition, or asset sale (you will be notified).
• Legal Requirements: If required by law or to protect rights, property, or safety.
• With Your Consent: We may share information you explicitly authorize (e.g., exporting data to third-party fitness apps).

We do not sell or rent your personal information.

5. Your Rights & Choices

Depending on your location, you may have rights to:

• • Access, correct, or delete personal data
• • Object to or restrict processing
• • Withdraw consent at any time
• • Data portability (receive a copy in machine-readable format)

To exercise these rights, email us at privacy@phoneeatsfirst.ai.

6. Data Retention

We retain your information only as long as necessary to fulfill the purposes described above or as required by law. If you delete your account, we erase personal data within 30 days, except backups held for disaster recovery (deleted within 90 days).

7. Data Security

We use industry-standard measures such as TLS encryption in transit, encryption at rest, secure authentication via Firebase, and regular security monitoring. No system is 100% secure, but we work diligently to protect your data.

8. Children's Privacy

The App is not directed to children under 13. We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete the information.

9. International Transfers

Your data may be processed outside your jurisdiction (e.g., servers in the United States via AWS). We rely on Standard Contractual Clauses or other appropriate safeguards for cross-border transfers when required.

10. Changes to This Policy

We may update this Privacy Policy occasionally. We will notify you via the App or email and revise the "Last updated" date. Continued use constitutes acceptance of the changes.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: