Privacy Policy

Last updated: June 2025

mealT ("we", "our", "us") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data.

1. Information We Collect

Information you provide

• Phone number — used to create and verify your account via one-time passcode (OTP). We do not use your phone number for marketing.
• Profile information — name, date of birth, height, weight, and fitness goals that you voluntarily enter to personalise calorie targets.
• Meal logs — foods, photos, and nutritional data you record in the app.
• Messages — feedback or contact messages you send us through the app or website.

Information collected automatically

• Device identifiers — Firebase Cloud Messaging token for push notifications.
• Usage data — crash reports and analytics via Firebase Crashlytics and Google Analytics, used to fix bugs and improve the app. No personally identifiable information is included in these reports.
• Health data — if you grant permission, we read steps, weight, and other metrics from Apple Health / Google Fit. This data is stored on your device and our servers only to power your in-app trends; it is never sold or shared.

2. How We Use Your Information

• Provide and improve the mealT service.
• Send streak reminders and weekly summaries via push notification (you can disable these in device settings).
• Respond to your support or feedback messages.
• Detect and prevent abuse or fraud.

We do not sell your personal data to third parties. We do not use your meal logs or health data for advertising.

3. Data Sharing

We share your data only with the following service providers, solely to operate mealT:

• Heroku (Salesforce) — cloud infrastructure and database hosting.
• Twilio — OTP SMS delivery. Your phone number is transmitted to Twilio only to send the verification code.
• Cloudinary — meal photo storage and CDN.
• Anthropic — AI analysis of meal photos. Photos are processed transiently and are not used to train AI models.
• Google Firebase — push notifications and crash reporting.

4. Data Retention

We retain your account data for as long as your account is active. If you delete your account, your personal data is removed within 30 days. Meal logs and health metrics are deleted immediately on account deletion. Anonymised aggregate statistics may be retained indefinitely.

5. Your Rights

Depending on where you live, you may have the right to:

• Access a copy of the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your data (account deletion is available in-app under Settings → Delete Account).
• Object to or restrict certain processing.
• Data portability.

To exercise any of these rights, contact us.

6. Security

All data is transmitted over HTTPS. Passwords and tokens are hashed. OTP codes are hashed with PBKDF2 before storage. We use industry-standard practices to protect your data, but no system is completely secure.

7. Children

mealT is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

8. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via a push notification or in-app notice. The "Last updated" date at the top of this page reflects the most recent revision.

9. Contact Us

Questions about this policy? Send us a message or reach out at the contact form on our homepage.