Privacy Policy

Last Updated: March 20, 2026

This Privacy Policy describes how SnapNutrition LLC (“Company,” “we,” “us,” or “our”), collects, uses, processes, shares, and protects your information when you use the SnapNutrition mobile application, website, and related services (collectively, the “Service”). By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

Data Controller: SnapNutrition LLC, 5900 Balcones Drive, STE 100, Austin, TX 78731, USA. For data protection inquiries, contact us at support@snapnutrition.app.

1. Definitions

• Account means the unique profile created for you to access the Service.
• Application means the mobile application titled “SnapNutrition.”
• Device means any device used to access the Service.
• Health Data means information you provide relating to your physical characteristics, health, nutrition, or activity, including weight, height, food logs, dietary preferences, allergies, health goals, and any data read from or written to Apple HealthKit.
• Personal Data means information that identifies or can reasonably be linked to an individual.
• Usage Data means data collected automatically through use of the Service, including device information, activity logs, and analytics data.
• User Content means photos, images, text, food entries, chat messages, or other inputs you upload or submit through the Service.
• Website means snapnutrition.app.
• You means the individual using the Service.

2. Data We Collect

2.1 Personal Data You Provide

When you create an Account or use the Service, we may collect:

• Name
• Email address
• Date of birth (used to calculate age for metabolic rate estimates)
• Authentication credentials (managed by Firebase Authentication via Apple Sign-In, Google Sign-In, or email/password)

2.2 Health and Nutrition Data

To provide nutrition tracking and analysis features, we collect:

• Dietary preferences and restrictions
• Food allergies
• Health and nutrition goals
• Food logs and meal entries (including items photographed, scanned, or logged manually)
• Weight, height, and related body metrics
• Apple HealthKit data (if you grant permission), including nutritional and activity data you authorize us to read or write

You decide which health information to provide. Core features of the Service require basic nutrition data such as food entries.

2.3 User Content

User Content includes:

• Photos of food uploaded for AI-powered nutritional analysis
• Text descriptions of meals submitted for analysis
• Barcode scan data
• Messages and conversation history from the AI Coach feature

2.4 Usage Data

We automatically collect:

• Device type, model, operating system, and app version
• IP address (masked/truncated for analytics)
• Timestamps and activity logs
• Crash data and diagnostic information
• Feature usage analytics
• Performance data
• Firebase Installation ID and app-instance identifiers
• Firebase Cloud Messaging (FCM) device token for push notifications

If you enable push notifications, we store your FCM device token in your user profile to deliver meal reminders and service notifications. You can disable push notifications at any time through your device’s Settings.

This data helps us maintain, secure, and improve the Service.

2.5 Data Collected by Firebase SDKs

The Service uses Firebase services provided by Google. These services automatically collect certain data:

• Firebase Authentication: User ID, email address, IP address (retained temporarily), device and OS information, and Firebase user agent data.
• Firebase Crashlytics: Crash stack traces, Crashlytics Installation UUID, Firebase Installation ID, device model, OS version, CPU architecture, RAM and disk space, app state at time of crash, and app version. Crash data is retained for 90 days.
• Google Analytics for Firebase: App-instance identifier, Identifier for Vendors (IDFV), session data, screen views, app lifecycle events, device model, OS version, and network type.
• Firebase Firestore: Firebase user agent. All other Firestore data (your meal logs, profile, preferences) is data we define and control.
• Google Cloud Storage: Stores meal photos you upload for analysis.
• RevenueCat SDK: Anonymous app user ID, device platform and OS version, purchase transactions, subscription status, and product identifiers. Used for subscription management and entitlement verification.

We have disabled data sharing between Firebase Analytics and Google advertising products. Google acts as a data processor on our behalf for these services.

3. How We Use Your Data

3.1 To Provide and Operate the Service

• AI-powered food identification and nutritional analysis
• Conversational AI tool for nutrition-related questions
• Nutrition tracking and meal logging
• Barcode scanning and food database lookups
• Personalized insights and recommendations
• Push notifications for meal reminders and service updates
• Apple HealthKit data synchronization (with your permission)
• Account management and authentication

3.2 To Maintain and Improve the Service

• Crash detection and debugging
• Performance monitoring and optimization
• Usage analytics to improve features
• Service stability and security

3.3 Communications

We may contact you about:

• Service-related notifications and updates
• Customer support responses
• Changes to these terms or policies
• Optional promotional communications about new features or offers (you may opt out at any time)

3.4 Legal and Compliance

We may use your data to:

• Detect or prevent fraud or abuse
• Comply with legal obligations
• Protect our rights and the safety of users

4. Legal Bases for Processing (EEA, UK, and Swiss Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your Personal Data based on the following legal grounds:

• Contract Performance (Article 6(1)(b) GDPR): Processing your account data, meal logs, food photos, and nutrition data is necessary to provide the Service you requested.
• Consent (Article 6(1)(a) GDPR): We rely on your consent for processing Health Data (including dietary preferences, allergies, and health goals) under Article 9(2)(a) GDPR, as this data may constitute special category data concerning health. We also rely on consent for analytics data collection and Apple HealthKit data access. You may withdraw consent at any time (see Section 8).
• Legitimate Interests (Article 6(1)(f) GDPR): We rely on legitimate interests for crash reporting and service security, where these interests are not overridden by your rights.
• Legal Obligations (Article 6(1)(c) GDPR): Where required to comply with applicable law.

4.1 Health Data and Special Categories

Dietary preferences, food allergies, health goals, and Apple HealthKit data may qualify as special category data concerning health under Article 9 GDPR. We process this data only with your explicit consent, which you provide when you enter this information into the Application or authorize HealthKit access. You may withdraw this consent and delete this data at any time.

4.2 AI Processing Transparency

The Service uses automated processing (AI-powered nutritional analysis and a conversational AI tool branded “AI Coach”) to estimate the nutritional content of your meals and respond to nutrition-related questions. The AI Coach is not an actual coach, dietitian, or healthcare provider. This processing is informational only and does not produce decisions with legal or similarly significant effects on you. You can review and manually correct any AI-generated estimates within the Application.

5. How We Share Your Data

5.1 Service Providers

We share data with third-party service providers who process data on our behalf:

• Google (Firebase): Cloud hosting, authentication, database (Firestore), crash reporting (Crashlytics), analytics, and cloud storage. Google processes this data as a data processor under the Firebase Data Processing and Security Terms.
• Google (Gemini AI): Food photos, text descriptions, and AI Coach chat messages are sent to Google’s Gemini API for nutritional analysis and conversational responses. For the AI Coach feature, your profile context—including dietary preferences, allergies, health goals, nutrition targets, and recent meal history—is also sent alongside your messages to provide personalized responses. Google processes this data under the paid API tier, which means your data is not used by Google to train or improve its AI models. Data may be retained by Google for up to 55 days for abuse monitoring purposes.
• RevenueCat: Subscription management and in-app purchase processing. RevenueCat receives your anonymous app user ID, device identifiers, purchase history, subscription status, and platform information. RevenueCat processes this data as a data processor on our behalf under its Data Processing Agreement.
• Open Food Facts: Barcode scans may query the Open Food Facts API, an open-source food database. Only barcode numbers are sent; no personal data is transmitted.

5.2 Legal Compliance

We may disclose data to law enforcement or regulators when required by law or to protect the rights and safety of users.

5.3 Business Transfers

If we engage in a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.

5.4 No Sale of Personal Data

We do not sell your Personal Data. We do not share your Personal Data with third parties for cross-context behavioral advertising purposes.

5.5 Aggregated and De-Identified Data

We may create aggregated or de-identified data from your information so that it can no longer reasonably identify you. We may use and share such data for analytics, research, service improvement, and business purposes. This data is not subject to the restrictions on Personal Data in this Privacy Policy.

6. Apple HealthKit Data

If you choose to connect the Service with Apple HealthKit, the following additional protections apply:

• We only read and write the specific HealthKit data types you authorize.
• HealthKit data is used to sync your nutrition and weight with Apple Health. This data is also stored securely in your Account to power features like progress tracking and personalized recommendations. HealthKit data is never sent to Google’s Gemini AI or any other third-party service.
• HealthKit data is never used for advertising, marketing, or data mining, other than to improve your health management within the Application.
• HealthKit data is never sold or shared with third parties for advertising or marketing purposes.
• HealthKit data is never stored in iCloud by us.
• You can revoke HealthKit access at any time through your device’s Settings > Health > Data Access & Devices.

Note: Meal data you log in the app (such as food photos, text descriptions, and nutrition entries) is separate from HealthKit data and is processed by AI services as described in Section 5. HealthKit data and app-collected meal data follow different data flows and different retention policies.

7. International Data Transfers

Your information is processed on servers located in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States.

For users in the EEA, UK, or Switzerland, we rely on the following transfer mechanisms:

• The EU-U.S. Data Privacy Framework, as applicable.
• Standard Contractual Clauses (SCCs) approved by the European Commission, incorporated into our agreements with Google and other service providers.

Google’s Firebase and Cloud services include the Cloud Data Processing Addendum, which incorporates Standard Contractual Clauses for international data transfers.

8. Your Privacy Rights

8.1 All Users

Regardless of your location, you may:

• Access your Personal Data through your Account settings
• Correct inaccurate information
• Delete your Account and associated data (in-app or by contacting us)
• Opt out of promotional communications

8.2 EEA, UK, and Swiss Users (GDPR)

You have the right to:

• Access your Personal Data and obtain a copy
• Rectify inaccurate or incomplete data
• Erase your Personal Data (“right to be forgotten”)
• Restrict processing of your data
• Data portability in a machine-readable format
• Object to processing based on legitimate interests
• Withdraw consent at any time, without affecting the lawfulness of prior processing
• Lodge a complaint with your local data protection supervisory authority

We will respond to rights requests within one month. To exercise your rights or contact our data protection point of contact, email us at support@snapnutrition.app. As a U.S.-based company, we do not currently maintain a designated EU representative. If you are in the EEA and have concerns, please contact us directly at the email above.

8.3 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

Categories of Personal Information Collected: Identifiers (name, email, device IDs); Internet or electronic network activity information (usage data, analytics); Commercial information (purchase and subscription history); Visual information (food photos); Inferences (AI-generated nutritional estimates); and Sensitive Personal Information (health data including allergies, dietary restrictions, and health goals).

Your Rights:

• Right to Know: You may request the categories and specific pieces of Personal Information we have collected about you.
• Right to Delete: You may request deletion of your Personal Information.
• Right to Correct: You may request correction of inaccurate Personal Information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your Personal Information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit the use of your Sensitive Personal Information (health data) to what is necessary to provide the Service.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your rights, contact us at support@snapnutrition.app. We will verify your identity and respond within 45 days. You may designate an authorized agent to submit requests on your behalf.

We honor Global Privacy Control (GPC) signals as valid opt-out requests.

9. Data Retention

We retain your data for the following periods:

• Account and profile data: Until you delete your Account.
• Meal logs and food data: Until you delete them or delete your Account.
• Health Data (allergies, goals, preferences): Until you delete them or delete your Account.
• Food photos: Until you delete the associated meal or delete your Account. Photos sent to the Gemini API may be retained by Google for up to 55 days for abuse monitoring.
• Crash data (Crashlytics): 90 days.
• Analytics data: Individual event data is retained for 14 months; aggregate reports are retained indefinitely.
• Usage Data: Retained for as long as necessary for security and service improvement, then deleted or anonymized.

Upon Account deletion, we delete or anonymize your Personal Data within 30 days, except where retention is required by law.

10. Data Security

We implement industry-standard administrative, technical, and physical safeguards to protect your data, including encryption in transit (TLS) and at rest, Firebase security rules, and authenticated API access. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. Children’s Privacy

The Service is rated 17+ on the Apple App Store and is not directed to children or minors under the age of 17. We do not knowingly collect, use, or disclose Personal Data from individuals under 17. By creating an Account, you represent that you are at least 17 years old.

The Application includes age verification during onboarding and will not allow users under 17 to create an Account.

If we learn that we have inadvertently collected Personal Data from an individual under 17, we will take immediate steps to delete such information from our systems.

If you believe someone under 17 has provided us with Personal Data, please contact us at support@snapnutrition.app.

12. Third-Party Links and Services

The Service may contain links to third-party websites or services. We do not control and are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. Data Sources and Attribution

The Service uses nutritional data from the following sources:

• AI Analysis: Google Gemini AI provides estimated nutritional content from food photos and text descriptions.
• USDA SR Legacy Database: A bundled offline food database provided by the U.S. Department of Agriculture.
• Open Food Facts: An open-source food product database. Product data from Open Food Facts is available under the Open Database License (ODbL). For more information, visit openfoodfacts.org.

Nutritional data from all sources may contain errors or inaccuracies. See our Terms of Service for important disclaimers.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our Website and through the Application. The “Last Updated” date at the top of this policy indicates when it was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your Personal Data, please contact us:

• Email: support@snapnutrition.app
• Website: https://snapnutrition.app