Privacy Policy

Last Updated: May 13, 2026

1. Information We Collect

We collect information to provide a personalized wellness experience that adapts to your environment. This includes:

  • User Content: Meal logs, ingredient preferences, and wellness check-in responses.
  • Biometric Data: Height, weight, age, and activity levels used for TDEE and calorie optimization.
  • Device Information: Unique Device IDs (UUID), device model, OS version, and language settings to manage your account without a traditional login.
  • Location Data: Used strictly to determine real-time local weather conditions (temperature, humidity) for adaptive meal suggestions.
  • Usage Data: Interaction data via Firebase and PostHog. This includes Session Replay (visual recordings of app interactions) used exclusively for debugging and experience improvement.
  • Push Notifications: Firebase Cloud Messaging (FCM) tokens for meal reminders and wellness alerts.

2. AI Technology and Data Processing

To provide our AI-powered nutrition services, we utilize state-of-the-art AI technology:

  • Provider: Google Gemini (via Google Cloud Vertex AI).
  • Data Shared: Your anonymized preferences and biometric profile are securely transmitted to generate personalized meal plans.
  • Purpose: To generate weather-adaptive recipes, condition-specific hydration plans, and nutritional insights.
  • Retention: AI processing is transient. Final results and logs are stored in our secure database for your history.

3. Data Storage and Security

Your information is stored using Supabase (backed by AWS/Google Cloud infrastructure). We implement appropriate technical and organizational measures to protect your data against unauthorized access or loss.

4. Data Sharing and Third Parties

We do not sell your personal data. We share information with the following service providers only as necessary to provide core functionality:

  • Infrastructure: Supabase and Google Cloud (Database and Hosting).
  • AI Processing: Google Gemini (Recipe and plan generation).
  • Analytics: Firebase and PostHog (Performance and usage monitoring).
  • Subscription Management: RevenueCat (To manage your Pro status and entitlements).

5. Your Privacy Rights

In accordance with applicable data protection laws (including GDPR and Moroccan Law No. 09-08), you have the right to access, rectify, and oppose the processing of your personal data:

  • Request Access: See what data we have associated with your Device ID.
  • Request Deletion: Use the "Delete Account" feature in the app settings to immediately and permanently remove your history and profile.
  • Opt-out: You can manage analytics tracking and notification preferences within the app settings.

6. Subscriptions and Payments

Payments for Pro subscriptions are processed directly through the Apple App Store or Google Play Store. We do not store or have access to your credit card details. We use RevenueCat to sync your purchase status across devices using your anonymized Device ID.

7. Data Security

We prioritize the security of your data. All communication between the app and our servers is encrypted using Industry-standard SSL/TLS encryption. Data at rest is stored in encrypted databases managed by Supabase.

8. Children's Privacy

Eat AI is not intended for use by children under the age of 13. If we learn we have collected data from a child under 13, we will delete it promptly.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own (where our providers like Google and Supabase operate). We ensure these transfers comply with standard data protection clauses.

If you have any questions about this policy, please reach out to our team at support@biovalley.ma.