🛡️ Privacy Policy

Your privacy and security are our priority

Last Updated: October 29, 2025

⚠️ IMPORTANT: This application is NOT a substitute for professional medical advice. Analyses and recommendations are for educational and informational purposes only. Always consult with a qualified healthcare professional.

1. Introduction

FoodInsight ("we", "our", "the App") is a mobile application developed for iOS and Android that uses artificial intelligence to analyze food and provide educational nutritional information. This Privacy Policy exhaustively describes how we collect, use, store, share, and delete your personal information and health data.

Developer: Elvis Salabarria
Contact: privacy@foodinsight.app
Location: Available globally

2. Information We Collect

2.1. Account Information (Required)

  • Email address: To create and manage your account
  • Encrypted password: For secure authentication
  • Account creation date: For administrative purposes
  • Unique user ID: Automatically generated to identify your account

2.2. Health Profile Information (Optional but Recommended)

  • Name: For personalization
  • Age: For personalized nutritional calculations
  • Weight (kg): For caloric estimates
  • Height (cm): For BMI and nutritional requirements calculation
  • Body type: Ectomorph, Mesomorph, or Endomorph
  • Health goal: Lose weight, maintain, gain muscle, etc.
  • Physical activity level: Sedentary to very active
  • Health conditions: Allergies, diabetes, hypertension (if you choose to share)
  • Dietary preferences: Vegetarian, vegan, gluten-free, etc.

🏥 2.3. HEALTH DATA - Critical Information for Google Play

IMPORTANT: We collect and process the following health data as defined by Google Play and Apple HealthKit:

Recorded Nutritional Data:

  • Calories consumed: From food analyses you perform
  • Macronutrients: Proteins, fats, carbohydrates (in grams)
  • Micronutrients: Vitamins and minerals identified in foods
  • Sugars and sodium: Content in processed foods
  • Water consumed: If you manually log your liquid intake

Physical Activity Data (If integration enabled - Currently disabled):

  • Daily steps: From Apple Health/Google Fit (when enabled)
  • Calories burned: From wearable devices (when enabled)
  • Exercise minutes: From fitness apps (when enabled)
  • Heart rate: From Apple Watch/wearables (when enabled)
  • Sleep hours: From tracking devices (when enabled)

HOW Do We Access This Data?

  1. Nutritional data: CREATED by you when taking food photos and analyzed by our AI
  2. Health profile data: Manually ENTERED by you in profile settings
  3. Wearable data (future): Explicit HealthKit/Google Fit permission will be requested before access

HOW Do We Use This Health Data?

  • Calculate personalized caloric requirements
  • Generate nutritional recommendations adapted to your profile
  • Identify patterns in your eating habits
  • Create visualizations of your nutritional progress
  • Provide improvement suggestions based on your goals

With WHOM Do We Share Your Health Data?

IMPORTANT: Your health data is CONFIDENTIAL and treated specially:

  • NEVER sold to third parties
  • Supabase (storage): Only to securely save your data with encryption
  • Google Gemini AI: Only receives the food image for analysis, NOT your personal health data
  • NOBODY ELSE: Not shared with advertisers, marketers, or other companies

2.4. Food Images

  • Food photos: Images you take for analysis
  • Extracted text (OCR): Nutritional information detected on labels
  • Barcodes: To identify commercial products
  • Metadata: Date and time of analysis

Note: Images are processed locally or sent to Google Gemini AI only for analysis. They are NOT stored permanently on our servers unless you save the analysis to your history.

2.5. Automatically Generated Data

  • Usage data: Features used, time in app, analyses performed
  • Device information: Model, operating system, app version
  • Error logs: Technical information about crashes or issues
  • Language and theme preferences: To personalize your experience

3. Third-Party Services

CONNECTED HEALTH DATA REQUIREMENTS (HEALTH CONNECT)

FoodInsight strictly complies with Google Health Connect User Data Policy, including the Limited Use requirements.

  • Purpose of processing: We access Connected Health data (Weight, Hydration, Active Calories, and Steps) only to provide a personalized nutrition coaching experience. Our AI uses this data to dynamically adjust recipe and macro recommendations based on the user's real energy expenditure.
  • No sale of data: Under no circumstances do we sell, rent, or commercialize your Connected Health data with third parties, advertising agencies, or data brokers.
  • Limited transfer: We only transfer data to third parties (such as AI APIs) when it is strictly necessary to provide the app's nutrition functionality and always under user consent.
  • Security and control: We apply robust security measures to protect your information. Users can revoke Health Connect access at any time from the app settings.

Supabase (Backend and Database):

  • What we share: Account data, profile, analysis history
  • Why: Secure storage and cloud synchronization
  • Server location: United States (AWS)
  • Encryption: AES-256
  • Data processing agreement: Yes (DPA compliant)

Google Gemini AI (Image Analysis):

  • What we share: Only food images you take
  • Why: Analyze nutritional content with AI
  • Health data shared: NONE
  • Google retention: Temporary processing, no storage
  • Privacy: Subject to Google AI privacy policy

Google ML Kit (OCR and Barcodes):

  • What we share: Images for text recognition
  • Processing: Local on device (not sent to servers)
  • Data shared with Google: NONE (on-device processing)

4. ⏰ DATA RETENTION - How Long We Keep Your Data

Specific Retention Periods:

Data TypeRetention PeriodReason
Account data (email, password)Until you delete your accountRequired for service
Health profile (age, weight, height)Until you delete account or modify themAnalysis personalization
Food analysis historyUntil you delete account or 2 years of inactivityProvide history and trends
Food imagesUntil you delete analysis (individual) or accountStored only if you save the analysis
Usage and analytics data90 daysImprove the app
Error logs30 daysDebugging and technical support
Wearable data (future)Until you revoke permissions or delete accountApple Health/Google Fit integration
Deleted account (backup)30 days after deletionAllow accidental recovery

Inactive Account:

If you don't use the app for 2 consecutive years, we will send a notice to your email. If you don't respond within 30 days, your data will be automatically deleted according to our deletion process described below.

5. 🗑️ DATA DELETION - How to Delete Your Information

You can also use our public deletion request page: /delete-account/en.

Data Deletion Options:

A) Delete Individual Analyses:

  1. Open the FoodInsight app
  2. Go to "History"
  3. Swipe left on any analysis
  4. Tap "Delete"
  5. Effect: Analysis permanently deleted within 24 hours

B) Modify Profile Data:

  1. Go to "Profile" in the app
  2. Tap "Edit Profile"
  3. Modify or delete any field
  4. Tap "Save"
  5. Effect: Previous data overwritten immediately

C) Delete Your Entire Account and Data:

  1. Open the FoodInsight app
  2. Go to "Profile"
  3. Tap "Settings"
  4. Scroll to bottom
  5. Tap "Delete Account"
  6. Confirm the action
  7. Effect: ALL your data marked for immediate deletion

D) Request via Email (Alternative):

Send an email to privacy@foodinsight.app with:

  • Subject: "GDPR Data Deletion Request"
  • Your registered email address
  • We'll verify your identity and process within 30 days

Technical Deletion Process:

  1. Day 0: You request account deletion
  2. Immediate: Account marked as "deleted" and you can no longer access
  3. 24 hours: All profile data deleted from primary database
  4. 7 days: Your analyses and images deleted from storage
  5. 30 days: All backups completely purged
  6. Post-30 days: No trace of your personal information remains

Exceptions: We may retain aggregated and anonymized data (without personal identifiers) for statistical analysis and service improvement.

6. 🔒 Data Security

We implement multiple layers of security:

Technical Security:

  • Encryption in transit: TLS 1.3 for all communications
  • Encryption at rest: AES-256 for stored data
  • Row Level Security (RLS): Each user can only see their own data
  • JWT Authentication: Secure session tokens with expiration
  • Password hashing: bcrypt with unique salt per user
  • HTTPS mandatory: We don't allow insecure connections

Organizational Security:

  • Limited access only to authorized personnel
  • Regular security audits
  • Incident response policies
  • SOC 2 standards compliance

7. Your Rights (GDPR, CCPA, PIPEDA)

Under international privacy laws, you have the right to:

✅ Right of Access:

Request a copy of all your personal data in readable format (JSON or PDF).

How to exercise: Email privacy@foodinsight.app - Response within 30 days

✅ Right of Rectification:

Correct inaccurate or incomplete data in your profile.

How to exercise: Edit your profile directly in the app

✅ Right to Deletion ("Right to be Forgotten"):

Request complete deletion of your data.

How to exercise: Use "Delete Account" in app or email privacy@foodinsight.app

✅ Right to Data Portability:

Obtain your data in structured format to transfer to another service.

How to exercise: Email privacy@foodinsight.app - Receive JSON file

✅ Right to Object:

Object to processing of your data for certain purposes.

How to exercise: Email privacy@foodinsight.app

✅ Right to Restriction:

Restrict processing of your data in certain circumstances.

How to exercise: Email privacy@foodinsight.app

✅ Right to Withdraw Consent:

Withdraw your consent at any time without affecting basic services.

How to exercise: In Settings > Permissions or email privacy@foodinsight.app

8. International Data Transfers

Your data may be processed in:

  • United States: Supabase/AWS servers
  • Protection: Standard Contractual Clauses (SCC)
  • Compliance: GDPR Privacy Shield framework

9. Children's Privacy

FoodInsight is NOT directed to children under 13 years old (or 16 in the EU).

  • We do not knowingly collect data from minors
  • If we discover a minor's data, we delete it immediately
  • Parents: If you believe your child provided data, contact us

10. Specific Health Data Policy

🏥 Special Policy for Health Data

We recognize that health data is especially sensitive. Therefore:

Collection:

  • We only collect health data that YOU voluntarily enter
  • We request explicit consent before accessing HealthKit/Google Fit
  • You can use the app without providing health data (it will work with generic analyses)

Use:

  • ONLY to personalize your nutritional analyses
  • NEVER sold to third parties
  • NEVER used for advertising
  • NEVER shared with insurers or employers

Storage:

  • Encrypted with AES-256
  • Separated in tables with ultra-restricted access
  • Encrypted backups with different keys
  • Access logs monitored 24/7

Health Data Deletion:

  • When deleting account: All health data deleted within 24 hours
  • When modifying profile: Previous data immediately overwritten
  • Verifiable and auditable process

11. App Permissions

PermissionPurposeRequired
📷 CameraTake food photos and scan barcodesYes (for main functionality)
🖼️ Photo GallerySelect existing food imagesNo (alternative to camera)
🔔 NotificationsSend meal remindersNo (optional)
🏥 Health Data (future)Integrate with Apple Health/Google FitNo (completely optional)
📶 InternetAI analysis and cloud syncYes (for main functionality)

You can revoke permissions anytime from your device settings (Settings > FoodInsight > Permissions).

12. Regulatory Compliance

This Policy complies with:

  • GDPR (General Data Protection Regulation - EU)
  • CCPA (California Consumer Privacy Act)
  • PIPEDA (Canada)
  • Google Play Developer Policy
  • Apple App Store Review Guidelines
  • HIPAA considerations (health data)

13. Security Breaches

In case of a security breach affecting your data:

  1. We will notify you within 72 hours
  2. Describe what data was affected
  3. Explain measures taken
  4. Provide recommendations to protect yourself
  5. Report to authorities as required by law

14. Contact and Privacy Requests

📧 Data Protection Officer Contact

Email: privacy@foodinsight.app

Support Email: support@foodinsight.app

Website: https://foodinsight.app

For Privacy Requests:

  • Data access: Response within 30 days
  • Data deletion: Processing within 30 days
  • Data portability: Delivery within 30 days
  • Rectification: Immediate from app or 7 days via email

Data Protection Authority:

If you're not satisfied with our response, you may file a complaint with your local data protection authority.

15. Changes to This Policy

We may update this Privacy Policy occasionally. We'll notify you of significant changes by:

  • In-app notification
  • Email to your registered address
  • Updating the "Last Updated" date above

Your continued use after changes constitutes acceptance of the new policy.

This privacy policy is effective as of October 29, 2025.
Version: 2.0 - Updated to comply with Google Play and Apple App Store

🇪🇸 Leer en Español

© 2025 FoodInsight - Developed by Elvis Salabarria
All rights reserved.