Skip to main content

Privacy Policy

1. General Information

This privacy policy describes how we collect, use, and protect your personal data when using the Food Diary application.

2. Data We Collect

Account data:

  • Email
  • Name (if provided)

Nutrition data:

  • Meal records
  • Products and recipes
  • Calories and macronutrients
  • Food photos (if you upload them)

AI feature data:

  • Text descriptions of meals
  • Voice recordings (converted to text)
  • Food images

Technical and login activity data:

  • IP address and masked IP shown to administrators
  • User-Agent, browser, operating system, and device type
  • Login timestamp and authentication provider
  • Error and security logs

3. How We Use Data

We use data for:

  • Providing application functionality
  • Analyzing and improving the service
  • AI features (food recognition)
  • Security and abuse prevention
  • Reviewing successful login history and aggregated device/browser usage in the admin area

4. AI and Third-Party Services

Our application uses third-party AI services such as OpenAI.

When using AI features, your data (text, voice, images) is transmitted to these services. Data processing is carried out by the third-party provider in accordance with their privacy policy.

According to OpenAI documentation, data sent via the API is not used for model training by default. However, in certain cases, data may be used to improve services in accordance with the provider's terms.

5. Legal Basis for Processing

We process your data on the following grounds:

  • Performance of contract (providing the service) — Art. 6(1)(b) GDPR
  • Your consent (for AI features) — Art. 6(1)(a) GDPR
  • Legitimate interests (security, analytics) — Art. 6(1)(f) GDPR

6. Data Transfers Outside the EU

Your data may be transferred to countries outside the European Economic Area (e.g., USA). Such transfers are carried out using Standard Contractual Clauses or other safeguards provided by GDPR.

7. Data Retention

  • Account data — as long as the account exists
  • Nutrition data — until deleted by the user
  • Technical logs — limited time (up to 30 days)
  • Login activity records — limited time for security auditing and aggregated usage analytics (normally up to 180 days unless longer retention is required for security investigation or legal reasons)

We do not store raw data sent to AI (e.g., images) longer than necessary for processing.

8. Your Rights

You have the right to:

  • Request access to your data
  • Correct your data
  • Delete your data
  • Restrict processing
  • Data portability
  • Withdraw consent

9. Security

We take reasonable technical and organizational measures to protect your data.

10. Policy Changes

We may update this policy. In case of significant changes, we will notify you.