Privacy Policy

01 Information We Collect

We collect information to provide and improve the SnapMeal service. The types of data we collect include:

Data Category	Examples	Why We Collect It
Account Data	Email, name, profile photo, password (hashed)	To create and manage your account
Health & Body Data	Height, weight, age, sex, body fat %, BMI, health goals	To personalize meal plans and nutrition recommendations
Food & Nutrition Data	Meal photos, food diary entries, calorie logs, macro history	To provide AI scanning, tracking and insights
Usage Data	App screens visited, feature interactions, session duration	To improve app performance and UX
Device Data	Device model, OS version, app version, IP address	For crash reporting and security
Health Integrations	Steps, activity data from Apple Health / Google Health Connect	To enrich analytics and daily goal tracking

Health and nutrition data is classified as sensitive personal data under GDPR. We apply the highest level of protection to this category.

02 How We Use Your Data

We use your data solely to operate and improve SnapMeal:

AI Food Recognition: Meal photos are sent to our AI model (OpenAI Vision API) to identify food items, estimate portions, and calculate nutrition info. Photos are not stored permanently after analysis.
Personalized Meal Plans: Your health profile (goals, dietary restrictions, allergies, body data) is used to generate a tailored 7-day meal plan.
Progress Tracking: Your food diary and body measurements are stored to display weekly trends and analytics.
App Notifications: We may send push notifications for meal reminders, hydration alerts, and plan updates (you can disable these in app settings).
Service Improvement: Aggregated, anonymized usage data helps us improve features, fix bugs, and understand what users value most.
Customer Support: If you contact us, we use your data to resolve your issue.

⚠️ We never use your health or nutrition data to serve targeted advertising. We do not sell your personal data to any third party.

03 Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your data under the following legal bases:

Contract Performance (Art. 6(1)(b) GDPR): Processing your account data and health profile is necessary to deliver the SnapMeal service you signed up for.
Explicit Consent (Art. 6(1)(a) & Art. 9(2)(a) GDPR): Because health/nutrition data is "special category" data, we require your explicit consent when you first set up your profile. You may withdraw this consent at any time.
Legitimate Interest (Art. 6(1)(f) GDPR): We process usage and device data to improve the app's security, performance, and user experience, where this does not override your fundamental rights.
Legal Obligation (Art. 6(1)(c) GDPR): We may process data to comply with applicable law, court orders, or regulatory requirements.

04 Data Sharing & Third Parties

We share data only as required to operate the service:

Firebase (Google): Our backend infrastructure — authentication, database, cloud functions, and crash analytics.
OpenAI: Meal photos and food descriptions are sent to the OpenAI API for AI analysis. OpenAI does not use your data to train models (API usage policy).
Open Food Facts: Barcode lookups query the Open Food Facts database (open-source, no personal data shared).
RevenueCat: Subscription and in-app purchase management (iOS & Android). Payment info is handled by Apple/Google.
Apple Health / Google Health Connect: Data sync is strictly opt-in and bidirectional only with your explicit permission.

All third-party processors are bound by data processing agreements that comply with GDPR Article 28.

Government Requests: If we receive a valid legal request for user data, we will notify the affected user unless legally prohibited from doing so.

05 Data Retention

We retain your data only as long as necessary:

Active account: All data is retained while your account is active.
Deleted account: Upon deletion request, all personal data is permanently deleted within 30 days. Backups are purged within 90 days.
Food diary entries: Retained for 2 years by default. You can delete individual entries anytime.
Meal photos: Deleted immediately after AI analysis. Not stored on our servers.
Analytics data: Anonymized and retained for up to 24 months for product improvement.

06 Your Rights

Under GDPR (and applicable local laws), you have the following rights regarding your personal data:

👁️

Right of Access

Request a copy of all personal data we hold about you.

✏️

Right to Rectification

Correct inaccurate or incomplete personal data.

🗑️

Right to Erasure

Request deletion of your data ("right to be forgotten").

⏸️

Right to Restriction

Request that we temporarily stop processing your data.

📦

Right to Portability

Receive your data in a machine-readable format (JSON/CSV).

🚫

Right to Object

Object to processing based on legitimate interest.

🔙

Withdraw Consent

Withdraw consent for health data processing at any time.

⚖️

Lodge a Complaint

File a complaint with your national data protection authority.

To exercise any of these rights, submit a request here or email us at privacy@snapmeal.app.

07 GDPR & International Data Transfers

SnapMeal is operated from Ukraine and serves users globally. Our primary data infrastructure is hosted on Google Firebase servers located in the European Union (Belgium — europe-west1).

When data is transferred outside the EEA (e.g., to OpenAI's US servers for AI processing), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46(2)(c) GDPR.

Our Data Protection Officer can be contacted at: dpo@snapmeal.app

08 Children's Privacy

SnapMeal is not intended for children under 13 years of age (or under 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us immediately at privacy@snapmeal.app and we will delete the account.

09 Cookies & Tracking

The SnapMeal mobile app does not use browser cookies. The SnapMeal website (this page) may use:

Essential cookies: Required for site functionality (e.g., security, session handling).
Analytics cookies: We use Firebase Analytics to understand how visitors use our site. This is based on aggregated, anonymized data.

You can opt out of analytics cookies by enabling "Do Not Track" in your browser or using a browser extension like uBlock Origin.

10 Security

We implement industry-standard security measures to protect your data:

All data is transmitted over TLS 1.3 encrypted connections.
Passwords are never stored in plaintext — Firebase Authentication handles credentials using bcrypt hashing.
Health data is stored in Firestore with field-level security rules — only you can access your own data.
Meal photos are processed in isolated functions and immediately discarded after analysis.
We conduct regular security reviews and dependency audits.

Despite these measures, no internet transmission is 100% secure. If you discover a security vulnerability, please disclose it responsibly to security@snapmeal.app.

11 Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last Updated" date at the top of this page.
Send a push notification and/or email to all registered users.
Where required by law, request renewed consent.

We encourage you to review this policy periodically. Continued use of SnapMeal after changes are posted constitutes acceptance of the updated policy.

12 Contact Us

🛡️ Privacy Questions?

If you have any questions about this Privacy Policy, your data rights, or want to submit a data request, our privacy team is here to help.

privacy@snapmeal.app

SnapMeal · Kyiv, Ukraine · Submit Data Deletion Request →

📋 Table of Contents