Privacy Policy
Last updated: March 9, 2026
1. Introduction
AI Food Coach ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (iOS and Android) and Apple Watch companion app.
Data Controller:
Michal Novotník
V. Clementisa 1212/16
050 01 Revúca
Slovak Republic
IČO: 44617925
Email: support@aifoodcoach.app
2. Information We Collect
2.1 Anonymous Device Registration
- Device Token: Anonymized bearer token generated at first launch (no email, no name, no personal data)
- Device Info: Platform identifier (e.g., "ios" or "android") for rate limiting and analytics
2.2 Food Photos
- Food photos are sent to our server for AI recognition only
- Photos are forwarded to OpenAI for processing and are not stored on our servers
- Photos are stored locally on your device for meal history display
2.3 Health Data
2.3.1 Apple HealthKit (iOS)
- Read: Basal Energy Burned (BMR), Active Energy Burned, Steps, Workouts, Weight (90-day history)
- Write: Dietary Energy, Carbohydrates, Protein, Fat, Fiber, Sugar, Sodium, Cholesterol, Saturated Fat, Weight entries
- HealthKit data is used exclusively to display health metrics in the app and sync nutrition data
- HealthKit data is never sent to any server or shared with third parties
- You explicitly grant permissions for each data type through the iOS Health permissions dialog
2.3.2 Google Health Connect (Android)
- Read: Total Calories Burned, Active Calories Burned, Steps, Exercise Sessions, Weight (limited to 30 days before permission grant)
- Write: Nutrition Records (calories, carbohydrates, protein, fat, fiber, sugar, sodium, cholesterol, saturated fat), Weight entries, Meal type (breakfast, lunch, dinner, snack)
- Health Connect data is used exclusively to display health metrics in the app and sync nutrition data
- Health Connect data is never sent to any server or shared with third parties
- You explicitly grant permissions for each data type through the Health Connect permissions dialog
- Health Connect requires Android 9+ and the Health Connect app installed
2.4 Information Automatically Collected
- Usage Data: AI scan counts, timestamps (for enforcing daily limits)
- Technical Data: App version (for debugging)
2.5 Information NOT Collected
We DO NOT collect:
- Personal identifiable information (name, email, phone number)
- Location data
- Browsing history or app usage outside AI Food Coach
- Text you enter manually (stored locally on device only)
- Voice recordings from Apple Watch (Apple processes dictation on-device; only the text result is sent for AI recognition)
2.6 Data Storage Location
Your data is processed and stored in the following locations:
- Local device: All meal logs, goals, settings, and food photos (SQLite database)
- Backend servers: EUROPEAN UNION — Slovakia (anonymous device tokens, usage counts)
- OpenAI API: United States (food photo processing, with Standard Contractual Clauses)
- Apple services: Worldwide (App Store, HealthKit, subscription management) — iOS only
- Google services: Worldwide (Google Play, Health Connect, subscription management) — Android only
3. How We Use Your Information
We use collected information for:
- Processing AI food recognition requests through OpenAI API
- Validating subscriptions and enforcing daily usage limits
- Improving app performance and fixing bugs
- Complying with legal obligations
3.1 Legal Basis for Processing
| Data Type | Legal Basis | Purpose |
|---|---|---|
| Food photos | Contractual necessity (Art. 6(1)(b)) | AI food recognition |
| Bearer token | Contractual necessity | Authentication |
| Usage counts | Legitimate interest (Art. 6(1)(f)) | Rate limiting, fraud prevention |
| Subscription status | Contractual necessity | Feature access management |
| Device information | Legitimate interest | Anti-abuse protection |
4. Data Sharing and Third Parties
4.1 OpenAI
When you use AI photo recognition, your food photo is sent to OpenAI for processing. OpenAI's data handling is governed by their Privacy Policy. Photos are processed in real-time and not stored by our servers.
4.2 Apple
On iOS, subscription purchases are processed through Apple's App Store. Apple handles payment information according to their privacy policy.
4.3 Google
On Android, subscription purchases are processed through Google Play. Google handles payment information according to their privacy policy.
4.4 Open Food Facts
Barcode scanning queries the Open Food Facts database (open-source). When looking up a product, only the barcode number is sent.
When you confirm or edit a barcode product, the app may submit product information to Open Food Facts through our server to help improve the community database. Submitted data includes: product name, brand, nutrition values per 100g, package weight, and product photos (front and nutrition label). No personal data, meal logs, or health information is included in these submissions.
4.5 International Data Transfers
- OpenAI (USA): Food photo processing via API. Protected by Standard Contractual Clauses (SCCs).
- Apple (Worldwide): Subscription processing via App Store infrastructure.
- Google (Worldwide): Subscription processing via Google Play infrastructure.
4.6 No Data Selling
We DO NOT sell, rent, or trade your personal information to third parties.
5. Data Security
We implement security measures including:
- HTTPS encryption for all network communications
- SQLite database stored in the app sandbox (encrypted at rest by the operating system)
- Bearer token authentication for all API requests
- No server-side storage of food photos or meal data
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Food photos (AI processing) | Not stored (processed in real-time only) |
| Bearer authentication token | Until account deletion or 180 days of inactivity |
| Usage statistics | 30 days |
| Subscription records | Duration of subscription + 7 years (tax law) |
| System logs | 30 days maximum |
| Inactive accounts | Automatically deleted after 180 days of inactivity |
7. Your Rights (GDPR)
Under GDPR, you have the right to:
- Access: Request a copy of your server-side data
- Rectification: Correct inaccurate data
- Erasure: Delete your data ("right to be forgotten")
- Portability: Receive your data in a portable format
- Objection: Object to data processing
Important: AI Food Coach uses anonymous device tokens — we do not collect your name, email, or other personal identifiers. To exercise your rights, contact us at support@aifoodcoach.app. Since our server stores only anonymized data (device token, scan counts, subscription status), the scope of personal data we hold is minimal.
To delete your data:
- Local data: Uninstalling the app removes all locally stored data (meals, goals, settings, photos)
- HealthKit / Health Connect: Revoke permissions or delete entries in your device's Health settings
- Server-side data: Send a deletion request to support@aifoodcoach.app — we will delete your anonymous device record within 30 days
7.1 Automated Decision-Making
We use automated systems for:
- Rate limiting: Enforcing daily AI scan limits (3/day for free users)
- Fraud detection: Blocking suspicious activity to protect our service
These do not involve profiling or decisions that significantly affect you beyond service access.
8. Children's Privacy
AI Food Coach is not intended for children under 13. We do not knowingly collect data from children under 13.
9. Health Data Privacy
9.1 Apple Health (iOS)
AI Food Coach integrates with Apple HealthKit to provide a comprehensive health tracking experience.
- HealthKit data is accessed only with your explicit permission
- HealthKit data is never shared with third parties, including our servers
- HealthKit data is not used for advertising or any purpose other than displaying health metrics in the app
- HealthKit data is not sold to data brokers or any other entity
- HealthKit data is not transferred or sold to advertising platforms, data brokers, or information resellers
- HealthKit data is not used to serve advertisements, including personalized or interest-based advertising
- HealthKit data is not shared with third parties without your explicit consent
- You can revoke HealthKit permissions at any time in Settings → Health → Data Access
9.2 Google Health Connect (Android)
On Android, AI Food Coach integrates with Google Health Connect.
- Health Connect data is accessed only with your explicit permission
- Health Connect data is never shared with third parties, including our servers
- Health Connect data is not used for advertising
- Health Connect data is not sold to data brokers or any other entity
- Health Connect data is not transferred or sold to advertising platforms, data brokers, or information resellers
- Health Connect data is not used to serve advertisements, including personalized or interest-based advertising
- Health Connect data is not shared with third parties without your explicit consent
- You can revoke Health Connect permissions at any time in Android Settings → Health Connect → AI Food Coach
- Health Connect may limit historical data access to 30 days before the permission was granted
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via the App or website. Continued use after changes constitutes acceptance.
11. Contact Us
For privacy-related questions or to exercise your rights:
Email: support@aifoodcoach.app
12. EU Representative
For EU-specific inquiries, our representative can be reached at the above contact information.