Privacy Policy Last updated: August 27, 2025 This Privacy Policy explains how Foodiary (“Company”, “we”, “us” or “our”) collects, uses, and protects your personal data when you use our application (“Foodiary” or the “Service”). We are committed to protecting your privacy and ensuring that your personal information is handled in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. 1. About Foodiary Foodiary is an AI-assisted calorie tracker and assistant. The app provides personalized calorie and macronutrient recommendations based on your goals. ⚠️ Important Disclaimer: All recommendations generated by Foodiary are for informational purposes only. They are not medical, nutritional, or professional advice and should not be relied upon as such. Always consult a qualified healthcare professional before making significant dietary or health-related decisions. The Company disclaims all responsibility for decisions made based on Foodiary’s AI-generated suggestions. 2. Data We Collect When you use Foodiary, we may collect the following types of personal data: a) Personal Identification Data Email address First name and last name b) Usage Data Collected automatically when you use the Service, such as: IP address Device type and operating system Browser or app version Time and date of use, pages/screens viewed, and usage duration Diagnostic and performance data c) Optional Health & Lifestyle Data If you choose to log your weight, fitness goals, food entries, or activity, this may be considered special category health data under GDPR. We only process this data with your explicit consent and solely for the purpose of providing personalized recommendations. 3. How We Use Your Data We use your personal data for the following purposes: To provide and maintain the Service (including personalized AI recommendations). To manage your account as a registered user. To communicate with you about updates, changes, or important information. To improve our Service through analytics and usage tracking. To comply with legal obligations and enforce our terms and policies. We do not sell your personal data. 4. Legal Bases for Processing (GDPR) We process your personal data under one or more of the following legal bases: Consent – when you provide explicit consent (e.g., logging health data). Contract – when processing is necessary to provide you with the Service. Legal obligation – when we must comply with laws or regulations. Legitimate interest – for improving services, ensuring security, and preventing misuse, provided your rights are not overridden. 5. Sharing Your Data We may share your personal data in the following situations: With Service Providers who help us deliver the Service (e.g., cloud hosting, analytics). For business transfers in case of a merger, acquisition, or sale of assets. With legal authorities if required by law. With your consent – we may disclose your data for other purposes only if you agree. 6. International Data Transfers If your personal data is transferred outside your country (for example, to servers or partners in other regions), we ensure appropriate safeguards are in place, such as: Standard Contractual Clauses (SCCs) approved by the European Commission. Transfers to countries with an adequacy decision. 7. Data Retention We retain personal data only as long as necessary for the purposes described in this Privacy Policy: Type of Data Retention Period Account information (email, name) Until account deletion Health & lifestyle data Until you delete it or withdraw consent Usage data (logs, analytics) Up to 12 months, then anonymized Legal/transactional records As long as required by applicable law 8. Your Privacy Rights (GDPR) As a user in the EU/EEA (and similar jurisdictions), you have the following rights: Access – Request a copy of the personal data we hold about you. Rectification – Correct inaccurate or incomplete data. Erasure (“Right to be forgotten”) – Request deletion of your data. Restriction – Limit how we process your data. Data portability – Receive your data in a machine-readable format. Objection – Object to certain processing activities. Withdraw consent – Where processing is based on consent, you can withdraw it anytime. Lodge a complaint – You may file a complaint with your local data protection authority. To exercise any of these rights, contact us at appfoodiary@gmail.com . 9. Security of Your Data We implement appropriate technical and organizational measures to protect your data, including: Encryption in transit and at rest Restricted access to personal data Regular security monitoring and audits Please note that no system is 100% secure, but we strive to protect your data to the best of our ability. 10. Children’s Privacy Foodiary is not intended for children under 16 years of age. We do not knowingly collect personal data from users under 16. If you believe your child has provided us with personal data, please contact us so we can remove it. 11. Links to Third-Party Services Our Service may contain links to external websites or services. We are not responsible for the privacy practices of third parties and encourage you to review their Privacy Policies. 12. Changes to This Privacy Policy We may update this Privacy Policy from time to time. If we make material changes, we will notify you via: In-app notification, and/or Email (if applicable). The “Last updated” date at the top will always show the latest version. 13. Contact Us If you have questions or requests regarding this Privacy Policy, please contact us: 📧 Email: appfoodiary@gmail.com