BiteCoach
Get the app

Privacy

Privacy Policy

Effective 20 June 2026

BiteCoach (“we”, “us”) builds an AI nutrition tracking app for mobile and web. This policy explains what we collect, how we use it, who we share it with, and the choices you have. Plain language first, formal details below.

1. Information we collect

Account information

When you create an account we collect your email address and a hashed password. We never store your password in plain text.

Profile and health information

During onboarding we ask for information needed to generate a useful plan: name, age, sex, height, weight, activity level, goal (e.g., lose / maintain / gain), dietary preferences (e.g., vegan, halal, keto), allergies, and cuisine preferences. You can edit or remove any of these at any time from your profile.

Food, meal, and weight logs

When you log meals or weigh-ins we store the entry, the timestamp, and any food details you provide. When you scan a meal we store the photo and the AI-generated nutritional estimate for your own meal history.

AI coach conversations

Chat messages with the in-app AI coach are stored against your account so the coach can reference recent context. You can clear your chat history from the app at any time.

Device and usage information

We log standard technical information needed to operate the service: IP address, device model and OS version, app version, crash reports, and basic event analytics (e.g., which screens you opened, when, and for how long). We use this for security, debugging, and product improvement — not for advertising.

2. How we use your information

  • To create and run your account
  • To generate personalised meal plans, nutritional analyses, workout recommendations, and coach responses
  • To show you your own history, progress, and trends
  • To send transactional emails (password reset, account changes, beta updates)
  • To diagnose problems, monitor performance, and prevent abuse of the service
  • To meet our legal obligations

We do not sell your data, and we do not use your data to train third-party advertising models.

3. Third-party processors

We use trusted vendors to deliver parts of the service. Each one only receives the data they need to do their job:

  • Google (Gemini API)— to analyse the food photos you submit and to generate meal-plan and coach responses. Photos and prompts you submit are sent to Google's API for processing. Google's API terms apply to that processing.
  • Neon (PostgreSQL hosting) — stores your account, profile, and logs.
  • Vercel — serves the web app and marketing site.
  • Railway — hosts our backend API.
  • Resend — sends transactional emails on our behalf.
  • Sentry — captures crash reports and error traces to help us fix bugs.
  • New Relic — collects performance and uptime metrics for the backend.

We do not share your personal information with any party other than the processors above unless required by law.

4. Data retention

We keep your account data for as long as your account is active. If you delete your account, we delete your personal information within 30 days, except where we are required to keep records for legal, accounting, or fraud-prevention purposes. Backup copies may persist for up to 90 days before being overwritten.

5. Security

We use HTTPS for all traffic, hash passwords with bcrypt, and store data in encrypted-at-rest databases. Access to production systems is restricted and logged. No service can guarantee perfect security, but we take reasonable steps to protect your information and we will tell you promptly if we discover a breach affecting your account.

6. Your rights

You can, at any time:

  • Access the personal information on your account
  • Correct anything that's wrong
  • Export your data (request a copy by email)
  • Delete your account and your data
  • Withdraw consent for non-essential processing
  • Lodge a complaint with your local data-protection authority

To exercise any of these rights, email us at devmusman07@gmail.com from the address associated with your account. We'll respond within 30 days.

7. EU / UK and California users

If you're in the European Economic Area or the UK, you have additional rights under the GDPR, including the right to data portability and the right to object to certain processing. If you're a California resident, you have rights under the CCPA, including the right to know what we collect and the right to deletion. Exercising these rights is free and we won't discriminate against you for doing so.

8. International data transfers

Our processors are based in multiple regions. Your data may be processed in the United States, the European Union, and other countries. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for international transfers.

9. Children

BiteCoach is not directed at children under 13 (or 16 in the EU). We do not knowingly collect personal information from children below those ages. If you believe a child has provided us their information, please contact us and we will delete it.

10. Changes to this policy

If we change this policy in a way that materially affects how we use your information, we'll notify you in-app or by email before the change takes effect, and we'll update the “Effective” date at the top of this page.

11. Contact us

Questions, complaints, or requests: devmusman07@gmail.com.