Privacy Policy

Last Updated: January 3, 2026
Effective Date: January 3, 2026

DietFlow ("DietFlow," "we," "us," or "our") is committed to protecting the privacy and security of the information we collect from users of our mobile application and related services (collectively, the "Services"). This Privacy Policy describes how we collect, use, disclose, and otherwise process personal information in connection with our Services, as well as your rights and choices regarding such information.

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.

I. Information We Collect

We collect information in the following ways:

A. Information You Provide

Account Information. When you create an account, we collect your email address, password, and optionally your name and profile photo.

Profile Information. To personalize your experience, you may provide date of birth, gender, height, and weight goals.

Health and Biometric Data. You may choose to log or provide:

Current weight and goal weight
Body measurements and body fat percentage
Fasting schedules, start times, and end times
Fasting goals and streak data
Mood entries and wellness indicators
Medical conditions relevant to nutrition (e.g., diabetes, PCOS, eating disorder history)

Nutrition Data. Information related to your dietary tracking, including:

Food logs and meal entries
Calorie and macronutrient intake
Water consumption
Food photographs submitted for AI analysis

Voice Input. If you use voice features, we may collect audio recordings for processing food logs or other inputs. Voice data is processed to extract text. Anonymized voice data or transcripts may be used to improve AI accuracy (see Section IV).

Communications. Information you provide when contacting customer support or responding to surveys.

B. Information from Connected Services

Apple HealthKit (iOS). With your explicit permission, we may read and write health data from Apple Health, including:

Vital Metrics:

Resting heart rate
Active heart rate (during exercise)
Heart rate variability (HRV)
Blood pressure
Respiratory rate
Blood oxygen saturation (SpO2)

Body Measurements:

Weight
Height
Body mass index (BMI)
Body fat percentage
Lean body mass
Waist circumference

Activity Data:

Steps
Distance walked/run
Active energy burned
Basal energy burned
Exercise minutes
Stand hours
Flights climbed
Cycling distance
Swimming distance

Sleep Data:

Sleep duration
Sleep stages (awake, REM, core, deep)
Time in bed
Sleep regularity

Nutrition (if logged in Apple Health):

Dietary calories
Water intake
Caffeine intake
Macronutrients

Other Health Metrics:

Mindful minutes
VO2 max (cardio fitness)
Walking steadiness
Blood glucose (if available)

Google Fit / Health Connect (Android). With your explicit permission, we may read and write health data including:

Weight and body measurements
Steps, distance, and calories
Heart rate and heart points
Sleep duration and stages
Activity sessions and workouts
Blood glucose and blood pressure (if available)

Other Integrations. We may support additional health platforms in the future, such as Fitbit, Oura, Garmin, or similar services. Data from these integrations will be subject to the same protections described in this policy.

We only access data types for which you have granted permission and which are necessary to provide the features you use.

C. Information Collected Automatically

Device Information. Device type, operating system, unique device identifiers, app version, time zone, and language settings.

Usage Information. Features accessed, screens visited, actions taken, session duration, and interaction patterns.

Log Data. IP address, access times, crash reports, and error logs.

II. How We Use Your Information

We use the information we collect for the following purposes:

Provide and Improve Services. To operate, maintain, and enhance the functionality of our Services, including tracking your nutrition, fasting, and health progress.

Personalization. To customize your experience, provide relevant recommendations, and adjust calorie and nutrition targets based on your goals and activity.

AI-Powered Features. To analyze food photographs and provide nutritional estimates using artificial intelligence services. See Section IV for details.

Communications. To send service-related notifications, respond to inquiries, and provide customer support.

Analytics and Research. To understand usage patterns, improve our Services, and conduct internal research using aggregated or de-identified data.

Safety and Security. To detect, prevent, and address fraud, abuse, security incidents, and technical issues.

Legal Compliance. To comply with applicable laws, regulations, legal processes, or governmental requests.

III. How We Share Your Information

We do not sell your personal information.

We may share information in the following circumstances:

A. Service Providers

We engage third-party companies to perform services on our behalf, including:

Category	Purpose
Cloud Infrastructure	Data storage and processing
Authentication Services	Account security and login
Payment Processing	Subscription management
Email Services	Transactional communications
Error Monitoring	Crash reporting and debugging
AI Services	Food photo analysis

Service providers are contractually obligated to use personal information only as necessary to provide services to us and in accordance with this Privacy Policy.

B. Legal Requirements

We may disclose information if required to do so by law or in response to valid legal process, including:

Court orders, subpoenas, or legal proceedings
Requests from law enforcement or government authorities
Protection of our rights, property, or safety, or that of our users or others

C. Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such transaction and any choices you may have regarding your information.

D. With Your Consent

We may share information for other purposes with your explicit consent.

E. Aggregated or De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

IV. AI and Machine Learning

DietFlow uses artificial intelligence to analyze food photographs and provide nutritional estimates.

A. Third-Party AI Services

We utilize third-party AI service providers to process food photographs and provide nutritional analysis. We may change providers from time to time to improve service quality.

B. Data Sent to AI Services

When you use AI-powered features, we may transmit the following data to AI service providers:

Food Photo Analysis:

The food photograph
Contextual health information (such as weight, BMI, or dietary goals) to improve nutritional recommendations

Personalized Advice:

Fasting status and patterns
Mood and wellness data
Nutritional history

What is NOT sent:

Personal identifiers (name, email, or account information)
Location data
Raw HealthKit or Google Fit data

All data sent to AI services is anonymized and cannot be linked to your identity by the AI provider. Health context is transmitted as numerical values without identifying information.

C. AI Model Training

Third-Party Providers. We cannot guarantee that third-party AI service providers will not use submitted data to train or improve their models. However, all data we transmit is anonymized.

DietFlow Models. We may use anonymized food photograph data to develop and improve our own nutritional analysis capabilities. Personal identifiers are never included in training data.

D. Data Not Used for AI

The following data is never sent to external AI services or used for model training:

Personal identifiers (name, email, user ID)
Body progress photographs (if applicable)
Raw HealthKit or Google Fit API data
Payment or subscription information

V. Apple HealthKit and Google Fit Data

Data obtained from Apple HealthKit and Google Fit/Health Connect receives special protection under this policy and applicable platform requirements.

A. Permitted Uses

We use HealthKit and Google Fit data solely to:

Display your health metrics within the app
Sync data across platforms
Provide insights based on your health information

B. Prohibited Uses

HealthKit and Google Fit data is:

Never used for advertising or marketing purposes
Never sold to third parties
Never shared with third parties for advertising purposes
Never used to build user profiles for purposes unrelated to health functionality

C. User Control

You control which data types DietFlow may access. You may revoke access at any time through your device settings:

iOS: Settings > Health > Data Access & Devices > DietFlow
Android: Settings > Apps > DietFlow > Permissions

VI. Data Retention

We retain personal information for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.

Data Type	Retention Period
Account Information	Duration of account activity
Health and Nutrition Data	Duration of account activity
Food Photographs	Duration of account activity (user-deletable)
Usage Analytics	Up to 12 months, then anonymized
Crash Reports	Up to 90 days

Account Deletion. Upon account deletion:

Personal data is deleted from active systems within 30 days
Data may persist in encrypted backups for disaster recovery
Anonymized, aggregated data may be retained

Legal Obligations. We may retain information longer if required for legal compliance, dispute resolution, or enforcement of our agreements.

VII. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

A. Access and Portability

You may request a copy of your personal information. Data export is available within the app at Settings > Privacy > Export Data. We provide data in machine-readable formats (JSON, CSV).

B. Correction

You may correct inaccurate personal information directly within the app or by contacting us.

C. Deletion

You may request deletion of your account and associated data. Account deletion is available within the app at Settings > Account > Delete Account.

D. Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.

E. Object to Processing

You may object to certain processing activities, including marketing communications.

F. Restriction

You may request restriction of processing in certain circumstances as provided by applicable law.

G. California Residents

Under the California Consumer Privacy Act (CCPA), California residents have additional rights:

Right to know what personal information is collected and how it is used
Right to delete personal information
Right to opt-out of the sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising privacy rights

H. European Residents

Under the General Data Protection Regulation (GDPR), EEA, UK, and Swiss residents have rights including access, rectification, erasure, data portability, restriction, and objection. You may also lodge a complaint with your local supervisory authority.

I. Exercising Your Rights

To exercise your rights:

In-App: Settings > Privacy
Email: [email protected]

We will respond to requests within the timeframes required by applicable law (generally 30-45 days).

VIII. Data Security

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction.

Security Measures Include:

Encryption of data in transit (TLS/HTTPS)
Encryption of data at rest
Access controls and authentication
Regular security assessments

Breach Notification. In the event of a data breach affecting your personal information, we will notify you in accordance with applicable law, including within 72 hours where required by GDPR.

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

IX. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer personal information internationally, we implement appropriate safeguards in accordance with applicable law, including standard contractual clauses where required.

X. Children's Privacy

DietFlow is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

If you believe a child under 16 has provided us with personal information, please contact us at [email protected].

XI. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we update the Privacy Policy, we will revise the "Last Updated" date at the top of this policy and post the new Privacy Policy. We recommend that you review the Privacy Policy each time you use the Services to stay informed of our privacy practices.

Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy.

XII. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Email: [email protected]

In-App: Settings > Help > Contact Support

For data protection inquiries in the European Union, you may also contact your local supervisory authority.