Legal

Privacy Policy

Effective date: March 27, 2026

1. Who We Are

BiteCal ("we," "our," or "us") operates the BiteCal mobile application, public website, and supporting share pages at bitecal.app. This Privacy Policy explains what data we collect, how we use it, and the choices you have.

2. Data We Collect

  • Account information: email address, password hash (bcrypt), display name.
  • Health & nutrition data: food entries (text and photo), calorie and macro totals, body weight logs, water intake, and AI-parsed nutritional estimates.
  • Device & usage data: app version, OS type, locale, and aggregate analytics events (via PostHog, an EU-hosted analytics provider).
  • Optional third-party health data: if you connect Apple Health or Google Health Connect, we receive step count, active calories, and exercise sessions with your explicit consent.

3. How We Use Your Data

  • Providing and personalising the BiteCal service (calorie targets, meal plans, AI logging).
  • Improving AI parsing accuracy through aggregated, anonymised correction patterns.
  • Sending transactional notifications (reminders, weekly summaries) you opt into.
  • Producing aggregate, anonymised product analytics to improve app quality.

We do not sell your personal data to third parties.

4. Data Retention

We retain your data for as long as your account is active. You may request deletion at any time via the in-app Settings → Account → Delete account flow. All data is permanently removed within 30 days of a confirmed deletion request.

Public deletion instructions are also available on our Delete Account page.

5. Data Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access to production databases is restricted to authorised personnel via short-lived credentials. We perform regular security reviews and dependency audits.

6. Your Rights (GDPR / CCPA)

Depending on your location, you may have the right to: access a copy of your data, correct inaccurate data, request erasure ("right to be forgotten"), restrict or object to processing, and data portability. To exercise any right, email us at privacy@bitecal.app.

7. Children's Privacy (COPPA)

BiteCal is not directed to children under 13. We do not knowingly collect personal data from children under 13. Accounts created by users who disclose being under 13 during onboarding are blocked immediately.

8. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via in-app notice or email at least 14 days before they take effect.

9. Contact

Questions about this policy? Contact our privacy team at privacy@bitecal.app.