Privacy Policy for Eatly

Last Updated: January 10, 2026
Effective Date: January 10, 2026

1. Introduction

Welcome to Eatly ("we," "our," or "us"). Eatly is an AI-powered calorie and nutrition tracking application developed by Nabcat Studio, an independent development studio, designed to help you achieve your health and fitness goals through intelligent food logging, personalized insights, and health data integration.

This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our mobile application and services. We are committed to transparency and giving you control over your data.

By using Eatly, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

We collect information that you provide directly, information collected automatically, and information from third-party sources.

2.1 Account Information

• Email address (for account creation and communication)
• Name (optional, for personalization)
• Authentication data (when using Google or Apple sign-in)

2.2 Profile and Health Information

• Personal details: Age, gender, height, weight, target weight
• Activity information: Activity level, exercise experience, fitness goals, weight loss/gain pace
• Nutrition goals: Daily calorie and macronutrient targets
• Health data: Step counts, exercise sessions, sleep patterns, heart rate, calories burned
• Weight history: Weight measurements and tracking over time

2.3 Food and Nutrition Data

• Food photos: Images you capture or upload for AI analysis
• Voice recordings: Audio when using voice input to log meals
• Food logs: Meal entries, portion sizes, nutritional information
• Meal timing: Breakfast, lunch, dinner, and snack timestamps

2.4 Camera, Photos, and Microphone

• Camera access: To photograph meals for nutritional analysis
• Photo library access: To select existing food images
• Microphone access: To log meals using voice input
• Purpose: All media is used solely for food recognition and logging

2.5 AI Chat Conversations

• Chat messages: Your questions and conversations with our AI assistant
• Chat context: Conversation history to provide personalized responses
• AI-generated insights: Recommendations and analysis provided by the AI

2.6 Usage and Analytics

• App interactions: Features used, screens viewed, time spent
• Device information: Device type, operating system, app version
• Performance data: Crash reports, error logs, app performance metrics
• Analytics: Aggregated usage patterns (via PostHog)

3. How We Use Your Information

We use the information we collect to:

3.1 Provide and Improve Our Services

• Food analysis: Process photos and voice input to identify meals and calculate nutrition
• Personalization: Deliver customized nutrition recommendations based on your profile and goals
• Progress tracking: Monitor your weight, calories, macros, exercise, and sleep patterns
• AI assistance: Provide conversational support and answer nutrition questions
• Insights generation: Create weekly and monthly summaries of your health progress

3.2 Health Data Integration

• Sync with Apple Health (iOS) or Google Health Connect (Android)
• Display your steps, exercise, sleep, and other health metrics
• Provide holistic health insights combining nutrition and activity data

3.3 Account and Service Management

• Create and maintain your account
• Authenticate your identity (via email, Google, or Apple sign-in)
• Process subscription payments and manage billing
• Send service-related notifications and updates
• Provide customer support

3.4 Analytics and Improvement

• Analyze app usage patterns to improve features
• Monitor app performance and fix bugs
• Understand which features are most valuable to users
• Develop new features based on user needs

3.5 Legal and Safety

• Comply with legal obligations
• Protect against fraud and abuse
• Enforce our Terms of Service
• Protect the rights and safety of our users

4. How We Share Your Information

We do not sell your personal information. We share information only in the following limited circumstances:

4.1 Service Providers

We work with trusted third-party service providers who help us operate our app:

• Supabase: Database hosting and authentication infrastructure
• OpenAI: AI-powered food recognition and conversational assistance
• RevenueCat: Subscription and payment processing
• PostHog: Analytics and product insights
• Apple/Google: Identity verification for sign-in services

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

4.2 Health Data Platforms

• Apple Health (iOS): We read and write health data only with your explicit permission
• Google Health Connect (Android): We access health metrics only when you grant permission

4.3 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or to:

• Comply with applicable laws and regulations
• Respond to valid legal processes
• Protect our rights, privacy, safety, or property
• Enforce our Terms of Service

4.4 Business Transfers

If Eatly is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change and your options.

4.5 With Your Consent

We may share information for other purposes with your explicit consent.

5. Data Storage, Retention, and Backup

5.1 Where We Store Your Data

• Primary storage: Secure cloud servers provided by Supabase (SOC 2 compliant)
• Location: Data may be stored and processed in the United States and other countries
• Encryption: All data is encrypted in transit (TLS/SSL) and at rest

5.2 Data Retention Periods

Photos and Voice Recordings:

• Food photos: Deleted within 24 hours after processing
• Voice recordings: Processed immediately for meal logging, then deleted
• Nutritional data: Retained after photos/audio are deleted

Account and Profile Data:

• Stored until you delete your account
• Profile information, nutrition goals, and preferences retained for personalization

Food Logs and Health Data:

• Stored until you delete your account or manually delete specific entries
• Weight history, meal logs, exercise, and sleep data retained indefinitely while account is active

Chat Conversations:

• Conversation context stored to provide personalized AI responses
• You can clear chat history at any time

Analytics Data:

• Aggregated, anonymized usage data retained indefinitely for service improvement

5.3 Cloud Backup System

• Automatic backup: Your data is automatically backed up to secure cloud storage
• Purpose: Prevent data loss and enable multi-device access
• Sync: Data syncs across your devices when you sign in
• Control: You can disable cloud backup or delete cloud data at any time

5.4 Data Deletion

When you delete your account:

• All personal data, food logs, health data, and chat history are permanently deleted within 30 days
• Aggregated, anonymized analytics data may be retained
• Backups are purged from all systems
• Subscription information is retained only as required for tax and legal compliance

6. Data Security

We take the security of your information seriously and implement industry-standard measures to protect it.

6.1 Technical Security Measures

• Encryption in transit: All data transmitted between your device and our servers uses TLS/SSL encryption
• Encryption at rest: Data stored in our databases is encrypted using industry-standard encryption
• Secure infrastructure: SOC 2 compliant cloud hosting with regular security audits
• Access controls: Strict authentication and authorization for all system access
• Secure authentication: Password hashing and secure OAuth 2.0 for third-party sign-in

6.2 Media Security

• Photos and voice: Transmitted over encrypted HTTPS connections
• Temporary storage: Secure, encrypted file systems for processing
• Automatic deletion: Photos and voice recordings deleted within 24 hours
• No permanent storage: Original media files are never permanently retained

6.3 Account Security

• Strong passwords: We encourage use of strong, unique passwords
• Secure sign-in: Support for Apple and Google sign-in with industry-standard OAuth
• Session management: Secure session tokens with automatic expiration
• Account recovery: Secure password reset process via email

6.4 Limitations

While we implement strong security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but continuously work to protect your information.

7. Your Rights and Choices

You have significant control over your personal information.

7.1 Access Your Data

• View all personal information we have stored about you
• Review your food logs, health data, weight history, and chat conversations
• Request a copy of your data in a portable format

7.2 Modify Your Data

• Edit your profile information, nutrition goals, and preferences
• Update or delete individual food entries, weight measurements, and health data
• Correct inaccurate information at any time

7.3 Delete Your Data

• Individual entries: Delete specific food logs, weight entries, or chat messages
• Account deletion: Permanently delete your entire account and all associated data
• Right to be forgotten: Request complete removal of your personal information
• Deletion process: Account deletion is available in-app under Profile > Delete Personal Data

7.4 Control Permissions

Camera and Photos:

• Camera access is entirely optional
• Only used when you choose to take or select food photos
• Revocable at any time through device settings
• App remains functional with manual food entry if camera is denied

Microphone:

• Microphone access is optional
• Only used for voice-based meal logging
• Can be revoked at any time through device settings
• App works fully without voice features

Health Data (HealthKit/Health Connect):

• Health data access requires explicit permission
• You control which health metrics we can read or write
• Revocable at any time through device health settings
• App functions normally without health integration

Notifications:

• Optional push notifications for reminders and insights
• Configurable in app settings or device settings
• Can be disabled at any time

7.5 Data Portability

• Export your food logs, weight history, and health data
• Data provided in standard, machine-readable formats
• Request data export by contacting support

7.6 Marketing Communications

• No selling of data: We never sell your personal information to third parties
• Opt-out: Unsubscribe from promotional emails via link in email or app settings
• Essential communications: Account, security, and service updates cannot be disabled while account is active

7.7 Cloud Backup Control

• Enable or disable automatic cloud backup in app settings
• Choose between local-only storage or cloud sync
• Delete cloud backups while keeping local data

8. Children's Privacy

Eatly is not intended for use by children under the age of 13, and we do not knowingly collect personal information from children under 13.

• We do not knowingly collect, use, or disclose personal information from children under 13
• If we become aware that we have collected information from a child under 13, we will delete it immediately
• If you believe we have inadvertently collected information from a child under 13, please contact us at support@eatlyapp.xyz

Parents and guardians should monitor their children's online activities and help enforce this Privacy Policy.

9. International Data Transfers

Eatly operates globally, and your information may be transferred to, stored, and processed in countries other than your country of residence.

9.1 Data Transfer Safeguards

• Adequate protection: We ensure that international data transfers comply with applicable data protection laws
• Standard contractual clauses: We use approved mechanisms for transferring data internationally
• Security measures: Data is protected with the same security standards regardless of location

9.2 Specific Jurisdictions

European Union (EU) and European Economic Area (EEA):

• We comply with the General Data Protection Regulation (GDPR)
• You have additional rights under GDPR, including the right to lodge a complaint with your supervisory authority

California (CCPA):

• California residents have specific rights under the California Consumer Privacy Act
• See Section 7 for your rights regarding access, deletion, and opt-out

Other Jurisdictions:

• We comply with applicable privacy laws in all jurisdictions where we operate

10. Third-Party Links and Services

Our app may contain links to third-party websites, services, or integrations. This Privacy Policy does not apply to those third parties.

10.1 Third-Party Integrations

• Apple Health / Google Health Connect: Governed by Apple's or Google's privacy policies
• Payment processors: Subscription payments are processed by Apple App Store or Google Play Store
• Social media: If you share content to social platforms, their privacy policies apply

10.2 Our Responsibility

• We are not responsible for the privacy practices of third parties
• We encourage you to review the privacy policies of any third-party services you use
• We carefully vet all third-party service providers we integrate with

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

11.1 Right to Know

• What personal information we collect about you
• How we use and share that information
• Categories of third parties with whom we share information

11.2 Right to Delete

• Request deletion of your personal information (subject to legal exceptions)

11.3 Right to Opt-Out

• We do not sell your personal information, so there is no need to opt-out of sales

11.4 Right to Non-Discrimination

• We will not discriminate against you for exercising your CCPA rights

11.5 How to Exercise Rights

• Email: support@eatlyapp.xyz
• We will respond to verified requests within 45 days

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

12.1 Notification of Changes

• Material changes: We will notify you via email or prominent in-app notice at least 30 days before changes take effect
• Minor changes: We will update the "Last Updated" date at the top of this policy
• Review: We encourage you to review this Privacy Policy periodically

12.2 Acceptance

• Continued use of Eatly after changes become effective constitutes acceptance of the updated policy
• If you do not agree to changes, you may delete your account before they take effect

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@eatlyapp.xyz
Subject Line: Privacy Policy Inquiry
App Name: Eatly: AI Calorie Tracker
Developer: Nabcat Studio

Response Time: We aim to respond to all privacy inquiries within 5 business days.

13.1 Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at: privacy@nabcat.com

13.2 Supervisory Authority

If you are located in the EU/EEA and have concerns about our privacy practices, you have the right to lodge a complaint with your local data protection authority.

14. App Store Requirements

14.1 Camera and Photo Library

• Purpose: Capture or select food photos for AI-powered nutritional analysis
• Usage: Only when you explicitly take a photo or select from library
• Storage: Photos processed and deleted within 24 hours; nutritional data retained
• Sharing: Shared only with OpenAI for analysis; not shared with third parties for marketing
• User control: Revocable permissions; app functions without camera access

14.2 Microphone

• Purpose: Voice-based meal logging for convenience
• Usage: Only when you choose to use voice input feature
• Storage: Audio processed immediately and deleted; no permanent storage
• Sharing: Processed by OpenAI for transcription; not shared with third parties
• User control: Optional feature; fully functional app without microphone

14.3 Health Data (HealthKit / Health Connect)

• Purpose: Display fitness metrics alongside nutrition data for holistic health tracking
• Data types: Steps, exercise sessions, sleep, heart rate, calories burned, weight
• Usage: Read health data for display; write weight data when you choose to sync
• Sharing: Health data never shared with third parties; stays on device and in secure cloud backup
• User control: Granular permissions; choose which metrics to share

14.4 Location Data

• Collection: We do not collect or use location data

14.5 Data Collection Summary

Last Updated: January 10, 2026
Effective Date: January 10, 2026

This Privacy Policy is designed to be transparent, comprehensive, and compliant with App Store, Google Play, GDPR, CCPA, and other applicable privacy regulations.