**NutriChecker - Privacy Policy**
**Last Updated: 22.02.2026**
William Gilles Augustin Bernas ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, NutriChecker (the "Service"). Please read this policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.
This policy is designed to comply with the EU General Data Protection Regulation (GDPR).
**1. Data Controller**
The data controller responsible for your information is:
William Gilles Augustin Bernas
Berlin, Germany
nutrichecker.app@gmail.com (For privacy-related inquiries)
**2. Information We Collect**
We collect several different types of information for various purposes to provide and improve our Service to you:
* **Information You Provide Directly:**
* **Account Information:** When you register using Google Sign-In, we receive your Firebase User ID (UID), email address, and display name as provided by Google.
* **Legal Agreement & Consent:** We record your acceptance of our Terms of Service and this Privacy Policy during onboarding, including the specific version date and timestamp. We also record your **explicit consent** to process potentially sensitive food log data as described below. If you choose to use the optional AI Nutrition Report feature, we additionally record your separate explicit consent for that feature (`reportAnalysisConsented`) and the timestamp of your last generated report (`lastReportGeneratedAt`) to enforce the 14-day cooldown between reports.
* **Calorie Goal (Optional):** If you choose to set a daily calorie goal, we store this value based on your choice.
* **Uploaded Images:** The photographs of food you upload for analysis are processed by the Service but are **not stored** by us long-term after the analysis is complete and the results are generated. They are transmitted transiently to our AI provider.
* **Manually-Typed Food Names:** When you use the Manual Food Entry feature, the food name you type is sent to OpenAI's API to retrieve estimated nutritional data. This text is transmitted transiently and is **not stored** by us after the result is returned to your device.
* **Communications:** If you contact us directly (e.g., via email), we may keep a record of your communication.
* **Information Generated Through Your Use of the Service:**
* **Analysis Results (Food Log Data):** The estimated nutritional data (food name, calories, macros, weight, high-in nutrients, fun fact) generated by the AI analysis of your images is stored and linked to your user ID and the timestamp of the scan. **We acknowledge this data, when collected over time, may reveal information about your dietary habits and potentially allow inferences about your health status. This is considered sensitive data under GDPR.**
* **Access Tier Information:** We store your current access tier (currently "free" for all users). If paid subscription tiers are introduced in the future, we may additionally store subscription expiry dates, original transaction IDs, and verification details provided by Apple via our backend.
* **Usage Limits Data:** We store a daily count of your scans and the timestamp of your last scan to enforce fair-use limits.
* **Information Collected Automatically (including via Third Parties):**
* **Firebase Analytics:** We use Firebase Analytics to understand how users interact with our Service. This service, operated by Google, may automatically collect certain information such as device type, operating system, session duration, features used, crash reports, and potentially identifiers like the device's advertising ID (depending on platform settings and user consent). This data helps us improve app performance, identify bugs, and understand feature usage. Data collected by Firebase Analytics is subject to Google's Privacy Policy. For more information on how Google uses data when you use our partners' sites or apps, see www.google.com/policies/privacy/partners/.
* **Technical Data (Processed by Infrastructure):** Our backend infrastructure (Firebase) and third-party services (OpenAI, Apple) inevitably process technical data like IP addresses during the course of providing their services (e.g., for request routing, security, fraud prevention). We do not directly store or use this IP information for user tracking within NutriChecker itself.
**3. How We Use Your Information**
We use the collected information for the following purposes:
* **To Provide and Maintain the Service:** Authenticate you, process your images for analysis, store and display your tracked nutritional data and trends, manage your calorie goal, enforce usage limits, manage your subscription status, and provide customer support. (Legal Basis: Performance of Contract - Art. 6(1)(b) GDPR).
* **To Process Sensitive Food Log Data:** We process your **Analysis Results (Food Log Data)** specifically to enable the core food tracking and nutritional review features of the Service, **based solely on your explicit consent** obtained during onboarding (Legal Basis: Explicit Consent - Art. 9(2)(a) GDPR).
* **To Generate the AI Nutrition Report (Optional):** If you separately and explicitly consent within the app, we process a summary of your last 14 days of food log data (food names and nutritional values; no images) by sending it to OpenAI's API in order to generate personalised dietary insights. This processing is strictly opt-in, requires explicit consent each time the feature is enabled, and the resulting report is not stored on our servers. (Legal Basis: Explicit Consent - Art. 9(2)(a) GDPR).
* **To Improve the Service:** Analyze usage patterns via Firebase Analytics to understand user needs, diagnose technical issues, improve app features, and enhance usability. (Legal Basis: Legitimate Interest - Art. 6(1)(f) GDPR; Consent may be required for certain analytics tracking depending on local regulations).
* **To Manage Access and, if applicable, Subscriptions:** Track your usage tier and fair-use limits, and — if paid subscriptions are introduced — facilitate purchases via Apple's App Store and verify subscription status. (Legal Basis: Performance of Contract - Art. 6(1)(b) GDPR).
* **To Comply with Legal Obligations:** Fulfill legal requirements, such as accounting or responding to valid legal requests. (Legal Basis: Legal Obligation - Art. 6(1)(c) GDPR).
* **To Communicate with You:** Respond to your inquiries or provide important service-related notices. (Legal Basis: Performance of Contract - Art. 6(1)(b) GDPR; Legitimate Interest - Art. 6(1)(f) GDPR).
**4. Legal Basis for Processing (GDPR)**
Our legal basis for collecting and using the personal information described in this Privacy Policy depends on the information we collect and the specific context in which we collect it:
* **Performance of a Contract (Art. 6(1)(b) GDPR):** For processing necessary to provide the core NutriChecker service (authentication, non-sensitive data storage, subscriptions, support).
* **Explicit Consent (Art. 9(2)(a) GDPR):** Specifically for processing your **Analysis Results (Food Log Data)**, which may be considered sensitive health-related data. This consent is obtained during onboarding.
* **Consent (Art. 6(1)(a) GDPR):** For your general agreement to our Terms and Privacy Policy, and for processing optional data like a calorie goal.
* **Legitimate Interests (Art. 6(1)(f) GDPR):** For purposes like service improvement via analytics, security, and fraud prevention, where not overridden by your rights.
* **Legal Obligation (Art. 6(1)(c) GDPR):** For compliance with applicable laws.
**5. Data Sharing and Third Parties**
We do not sell your personal information. We share your information only with the following third-party service providers essential for operating the Service:
* **OpenAI:** We send data to OpenAI's API for three purposes: (1) the images you upload, transmitted transiently for nutritional image analysis; (2) food names you type in the Manual Food Entry feature, transmitted transiently to retrieve estimated nutritional data; and (3) when you explicitly consent, a text-only summary of your food log data (food names and nutritional values from the last 14 days; no images) for AI Nutrition Report generation. OpenAI acts as a data processor on our behalf for these tasks. None of this data is stored by us after the result is returned to your device, and it is not stored by OpenAI beyond the immediate processing of your request, subject to OpenAI's data retention policies. Review OpenAI's API data usage policies for details.
* **Google (Firebase / Google Cloud):** We use Firebase services for authentication (Firebase Auth), database storage (Firestore), backend logic (Cloud Functions), analytics (Firebase Analytics), and potentially hosting. Google acts as a data processor for these services. Review Google's Privacy Policy and Firebase privacy information.
* **Apple (App Store / StoreKit):** We use Apple's services for distributing the app, processing subscription payments, and verifying transaction status via their App Store Server API. Review Apple's Privacy Policy.
We may also disclose your information if required by law or in response to valid requests by public authorities (e.g., a court or a government agency).
**6. International Data Transfers**
Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. Specifically, data processing by OpenAI, Google (Firebase), and Apple likely occurs on servers located in the United States.
We take steps to ensure that your data is treated securely and in accordance with this Privacy Policy. We rely on appropriate safeguards for such transfers, such as Standard Contractual Clauses (SCCs) adopted by the European Commission, or adequacy decisions/frameworks like the EU-US Data Privacy Framework where applicable service providers are certified, to ensure your data receives adequate protection when transferred outside the European Economic Area (EEA). By using the Service and agreeing to this Privacy Policy, you acknowledge these potential transfers.
**7. Data Security**
We use administrative, technical, and physical security measures to help protect your personal information. We utilize Firebase's security features, including security rules for database access control. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties.
**8. Data Retention**
We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy, primarily for the duration your account is active.
* **Account Information, Settings, Consent Records:** Retained as long as your account is active.
* **Tracked Food Data:** Retained until you manually delete specific entries via the app or until your entire account is deleted.
* **Usage Limit Data:** Retained for a limited operational period (e.g., potentially 30-90 days) to ensure fair use and then may be deleted or anonymized.
* **Subscription Data:** Retained as necessary to manage your subscription status and potentially for compliance with financial regulations.
Upon account deletion initiated through the app, we will take steps to delete your personal information from our active databases within a reasonable timeframe, subject to necessary retention for legal or backup purposes.
**9. Your Data Protection Rights under GDPR**
If you are a resident of the European Economic Area (EEA), you have certain data protection rights:
* **The right to access:** You have the right to request copies of your personal data. (See "How to Exercise Your Rights" below).
* **The right to rectification:** You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete. (You can edit your goal in Settings; other corrections via contact email).
* **The right to erasure (Right to be Forgotten):** You have the right to request that we erase your personal data, under certain conditions. (See "How to Exercise Your Rights" below).
* **The right to restrict processing:** You have the right to request that we restrict the processing of your personal data, under certain conditions.
* **The right to object to processing:** You have the right to object to our processing of your personal data based on legitimate interests.
* **The right to data portability:** You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions. (See "How to Exercise Your Rights" below).
* **The right to withdraw consent:** Where we rely on your consent (standard or explicit) to process data, you have the right to withdraw that consent at any time (e.g., by deleting your account, which ceases further processing based on consent). Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
* **The right to lodge a complaint:** You have the right to lodge a complaint with a Data Protection Authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement.
**How to Exercise Your Rights:**
* **Access & Review:** You can review your tracked food items and calorie goal within the app (Dashboard, Detailed Log, Settings).
* **Rectification:** You can update your calorie goal in the app's Settings. For other corrections, please contact us at nutrichecker.app@gmail.com. We plan to add editing features for tracked items in the future.
* **Erasure (Deletion):** You can delete individual tracked food items within the app. You can initiate the deletion of your entire account and associated data through the **Account Settings section within the NutriChecker app**.
* **Portability (Export):** You can request an export of your tracked food data in a common machine-readable format through the **Account Settings section within the NutriChecker app**.
* **Other Rights:** To exercise any other rights not covered by in-app functions, or if you encounter issues using the in-app tools, please contact us at nutrichecker.app@gmail.com.
We will respond to your requests within one month, in accordance with GDPR requirements. We may need to verify your identity before fulfilling certain requests.
**10. Children's Privacy**
Our Service is not intended for anyone under the age of 16. We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
**11. Firebase Analytics**
As mentioned, we use Firebase Analytics. This helps us understand usage patterns but does not involve us sharing your core nutritional tracking data with Google for advertising purposes beyond what is described in Google's own policies for Firebase. Depending on your device settings, Firebase may collect identifiers like the Advertising ID. You can often limit ad tracking or reset your advertising ID in your device's settings.
**12. Changes to This Privacy Policy**
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy within the app and updating the "Last Updated" date at the top. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted. Significant changes may also be communicated via in-app notification or email.
**13. Contact Us**
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
By email: nutrichecker.app@gmail.com