Privacy Policy

Your privacy matters. This policy explains exactly what data we collect, why we need it, and how we protect it with complete transparency.

Effective Date: December 29, 2024 | Last Updated: December 29, 2024

1. Introduction

Daily Bite ("we," "our," or "us") operates a food analysis mobile application for iOS devices. This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you use our application and related services (collectively, the "Services").

By using Daily Bite, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms. If you do not agree with any part of this policy, you must immediately discontinue use of our Services.

This Privacy Policy is designed to comply with applicable privacy laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Apple's App Store Guidelines for iOS applications.

2. Important: Educational Purpose & Health Data Clarification

Daily Bite is an EDUCATIONAL and INFORMATIONAL tool, NOT a medical device or health diagnostic service.

What We Provide: Our AI-powered analysis provides educational estimates about food nutritional content, including calories, macronutrients, and potential health impacts. This information is generated for general educational purposes to help you learn about food and nutrition.

What We Do NOT Provide: Medical advice, diagnosis, treatment recommendations, or personalized health guidance. Our analysis should never be used as a substitute for professional medical advice, diagnosis, or treatment from qualified healthcare providers.

Health-Related Data Classification: While Daily Bite analyzes food and provides nutritional information (which some may consider health-related), we do NOT:

Collect, store, or process personally identifiable health information (PHI)
Request medical history, diagnoses, or health conditions
Track biometric data, vital signs, or medical metrics
Share food data with healthcare providers or insurance companies
Use food data for medical decision-making or clinical purposes

Food Data vs. Personal Health Data: The food images and nutritional analyses you create are considered food consumption data for educational purposes, not protected health information. However, if you choose to use this app to manage a medical condition, you do so at your own discretion and risk.

DISCLAIMER: Always consult a qualified healthcare professional, registered dietitian, or certified nutritionist before making health-related decisions based on food tracking data. AI-generated nutritional estimates may contain inaccuracies and should not be relied upon for medical purposes.

3. Information We Collect

Food Images & Analysis Data

When you use our food scanning feature, we collect and process:

Food photographs: Images you capture using your device camera are stored locally on your device and transmitted to our servers for AI analysis
AI-generated analysis: Meal names, detected food items, estimated calories, macronutrient breakdowns (protein, carbs, fat, fiber)
Health impact scores: Educational scores for factors like sugar content, sodium levels, glycemic impact, cardiovascular factors, gut health, and skin wellness
Meal metadata: Date and time of meal, meal identifiers (UUID), processing status
Image storage: Food images are stored on our secure cloud infrastructure and linked to your account for historical viewing

Note: We do NOT access your device's camera roll or photo library without explicit permission for each image you choose to analyze.

Account & Authentication Information

To create and maintain your account, we collect:

Email address: Used for account creation, authentication, and essential service communications
Unique user identifiers: System-generated UUIDs to link your data across our services
Authentication tokens: Secure tokens managed by our authentication provider (Supabase Auth) for session management
Subscription information: Subscription status, product IDs, entitlement information, and RevenueCat identifiers for managing Daily Bite Pro subscriptions

We do NOT collect: passwords in plain text (all authentication is handled securely through Supabase), phone numbers, physical addresses, credit card information (payments processed by Apple App Store), or social security numbers.

App Usage & Interaction Data

We automatically collect technical and usage information to improve app performance and user experience:

Feature usage: Which features you access, frequency of meal scans, navigation patterns within the app
Session data: Login times, session duration, date selection in calendar view
Performance metrics: API response times, image upload success rates, AI processing completion times
Error logs: Crash reports, error messages, failed API requests (for debugging purposes only)
Aggregated statistics: Total meal count, average meal scores, calorie totals per day

Device & Technical Information

We collect minimal device information necessary for app functionality:

Device identifiers: Device model, iOS version, app version number
Network information: IP address (used for server communication only, not stored long-term)
Camera permissions: We request and track camera access permission status

We do NOT collect: Precise geolocation data, contacts, photos outside of explicitly selected food images, microphone data, or any other device sensors.

4. Third-Party AI Processing & Service Providers

Daily Bite uses advanced artificial intelligence to analyze your food images. To provide our core functionality, your food images and related data are processed by third-party AI service providers. We are transparent about who processes your data and how:

🤖 AI Analysis Providers

Google Gemini AI (Google LLC): Primary AI model for food image recognition, calorie estimation, and nutritional analysis. Your food images are sent to Google's servers for processing.
Grok AI (xAI): Alternative AI model for food analysis and health impact assessment. Images may be processed by xAI's infrastructure.
Perplexity AI: Used to fetch peer-reviewed research sources and citations for nutritional health claims.

These AI providers process your food images according to their own privacy policies and data retention practices. We recommend reviewing their policies: Google Privacy Policy, xAI Privacy Policy, Perplexity Privacy.

☁️ Infrastructure & Data Storage

Supabase (PostgreSQL Database): User accounts, meal records, and analysis results are stored in Supabase's secure PostgreSQL database
Cloud Storage: Food images are stored on cloud infrastructure for retrieval and historical viewing

💳 Payment Processing

Apple App Store (Apple Inc.): All subscription purchases are processed through Apple's payment system. We do not handle credit card data.
RevenueCat: Subscription management and entitlement verification service. RevenueCat receives subscription status information from Apple.

Important: When you use Daily Bite, you acknowledge that your food images will be transmitted to and processed by third-party AI services (Google, xAI, Perplexity) for analysis. These services may be located outside your country of residence. We select reputable providers with strong privacy practices, but we cannot control their data handling once transmitted.

5. How We Use Your Information

We use the information we collect for the following specific purposes:

Core Service Delivery: Process food images through AI models to generate nutritional analysis, calorie estimates, and educational health impact assessments
Account Management: Create and maintain your user account, authenticate your identity, and manage your meal history
Subscription Management: Verify Daily Bite Pro subscription status, manage entitlements, and sync with RevenueCat and Apple App Store
Product Improvement: Analyze usage patterns, error rates, and feature engagement to improve AI accuracy, app performance, and user experience
Technical Support: Diagnose and resolve technical issues, respond to user inquiries, and provide customer support
Security & Fraud Prevention: Detect and prevent unauthorized access, abuse, fraud, and security threats
Legal Compliance: Comply with applicable laws, regulations, legal processes, and enforceable governmental requests
Essential Communications: Send transactional emails (account verification, password resets, subscription notifications) - we do NOT send marketing emails unless you explicitly opt-in

We do NOT use your food data for advertising purposes, do NOT sell your personal information to third parties, and do NOT share your meal history with anyone without your explicit consent (except as required for core service functionality with our AI providers).

6. Data Sharing & Disclosure

We do NOT sell your personal information to third parties for marketing purposes. Period.

We share your data only in the following limited circumstances necessary to operate our Services:

✅ Essential Service Providers (Required for Functionality)

As detailed in Section 4, we share data with service providers who perform essential functions:

AI Analysis: Google Gemini, Grok (xAI), Perplexity AI receive your food images for processing
Cloud Infrastructure: Supabase (database and authentication), cloud storage providers (image hosting)
Payment Processing: Apple App Store, RevenueCat (subscription management)

These providers are contractually obligated to protect your data and use it only for providing services to Daily Bite.

⚖️ Legal Requirements & Protection

We may disclose your information if required by law, court order, subpoena, or government request, or when necessary to: (1) comply with legal obligations, (2) protect our rights and property, (3) prevent fraud or abuse, (4) protect the safety of users or the public.

🏢 Business Transfers

In the event of a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction involving Daily Bite, your information may be transferred as part of the business assets. You will be notified via email and/or prominent notice in the app of any such change in ownership or control.

🚫 With Your Explicit Consent Only

We will not share your personal information with any other third parties unless you provide explicit consent at the time of sharing.

What We Do NOT Do: We do not share, sell, rent, or trade your food images, meal history, or personal information with advertisers, data brokers, marketing companies, or any third parties for their commercial purposes.

7. Data Security

We take data security seriously and implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

Encryption in Transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption protocols
Encryption at Rest: Food images and analysis data stored in our databases are encrypted using industry-standard encryption algorithms
Secure Authentication: User authentication is managed by Supabase Auth with secure token-based session management, bcrypt password hashing, and JWT tokens
Access Controls: Strict role-based access controls limit who can access user data within our infrastructure
Infrastructure Security: We use reputable cloud providers (Supabase, Google Cloud, etc.) with robust security practices and compliance certifications
Monitoring & Logging: We monitor systems for suspicious activity and maintain security logs for incident response

Important: While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your account credentials. If you believe your account has been compromised, contact us immediately at privacy@dailybite.app.

8. Your Privacy Rights

Depending on your location, you have specific rights regarding your personal data. We respect these rights and provide mechanisms to exercise them:

🔍 Right to Access

Request a copy of all personal data we hold about you, including your meal history, food images, and analysis results. We will provide this in a machine-readable format (JSON or CSV).

✏️ Right to Correction

Request correction of inaccurate or incomplete personal information, including your email address or account details.

🗑️ Right to Deletion ("Right to be Forgotten")

Request permanent deletion of your account and all associated data (meals, images, analysis). We will delete your data within 30 days unless legally required to retain it.

📦 Right to Data Portability

Receive your data in a structured, commonly used, machine-readable format to transfer to another service.

🚫 Right to Object

Object to processing of your personal data for certain purposes, such as analytics or profiling (note: core food analysis cannot be opted out of).

⏸️ Right to Restrict Processing

Request that we limit how we use your data while you're disputing its accuracy or challenging our legal basis for processing.

📧 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@dailybite.app with your request. Include:

Your full name and email address associated with your account
Specific right you wish to exercise
Any relevant details to help us process your request

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests.

Special Rights for California Residents (CCPA): If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to opt-out of sales (we don't sell your data), and the right to non-discrimination for exercising your rights.

Special Rights for EU/EEA Residents (GDPR): If you are in the European Economic Area, you have rights under GDPR including the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

9. Data Retention

We retain your personal data only as long as necessary to provide our Services and comply with legal obligations:

Active Accounts: Food images, meal data, and analysis results are retained for as long as your account remains active
Account Deletion: When you delete your account, we permanently delete all associated data within 30 days, unless required by law to retain it longer
Inactive Accounts: Accounts inactive for 3+ years may be deleted after providing notice to your email address
Legal Compliance: We may retain certain data longer if required by law, for tax/accounting purposes, or to resolve disputes
Aggregated Data: We may retain anonymized, aggregated analytics data indefinitely for product improvement (this data cannot identify you)

10. Children's Privacy

Daily Bite is not intended for children under 13 years of age (or 16 in the European Economic Area).

We do not knowingly collect, use, or disclose personal information from children under these age limits. Our Services are designed for adults and individuals aged 13+ (16+ in EEA) who can understand nutritional information in an educational context.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@dailybite.app. If we become aware that we have collected personal information from a child under the applicable age limit without verification of parental consent, we will take steps to delete that information as quickly as possible.

11. International Data Transfers

Daily Bite operates globally, and your personal information may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction.

Where Your Data May Be Processed

United States: Our servers, Supabase infrastructure, and AI providers (Google, xAI) operate data centers in the U.S.
European Union: Some cloud infrastructure may be located in EU data centers
Global AI Services: Third-party AI providers (Google Gemini, Grok, Perplexity) process data in their global infrastructure, which may span multiple countries

Data Protection Safeguards: When we transfer personal data from the EEA, UK, or Switzerland to other countries, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Reliance on adequacy decisions by the European Commission
Compliance with applicable data protection frameworks (EU-U.S. Data Privacy Framework, where applicable)
Robust security measures and encryption for data in transit and at rest

By using Daily Bite, you acknowledge and consent to the transfer of your personal data to countries outside your residence for processing as described in this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service offerings. When we make changes, we will update the "Last Updated" date at the top of this policy.

How We Notify You of Changes

Minor Changes: For minor, non-material changes (e.g., clarifications, formatting), we will update the policy and the effective date
Material Changes: For significant changes that affect your rights or how we process your data, we will:
- Send an email notification to your registered email address at least 30 days before changes take effect
- Display a prominent notice in the app when you next log in
- Require your acknowledgment of the updated policy before continuing to use certain features

Your continued use of Daily Bite after policy changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you must discontinue using our Services and may request deletion of your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, we're here to help. Please contact us through any of the following channels:

📧 Privacy Inquiries

Email: privacy@dailybite.app

For privacy-specific questions, data requests, or exercising your rights

💬 General Support

Email: support@dailybite.app

For general questions, technical support, or account assistance

🌐 Website

www.dailybite.app

⏰ Response Times

Privacy Rights Requests: We will respond within 30 days (or as required by applicable law)
General Inquiries: We typically respond within 2-5 business days
Urgent Security Issues: We prioritize security-related concerns and respond within 24 hours

Data Protection Officer: For users in the European Economic Area, you may contact our Data Protection Officer at dpo@dailybite.app

Important: When contacting us about privacy matters, please include your registered email address to help us verify your identity and process your request efficiently. Do not include sensitive personal information (like passwords) in unencrypted emails.