🔒 Privacy Policy

Effective Date: June 13, 2025
Last Updated: June 13, 2025

Introduction

Foodometer ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application ("App").

Data Controller Information

For the purposes of data protection law, the data controller for your personal information is:

Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Core App Functionality: Legitimate interest (Article 6(1)(f)) - providing nutrition tracking services you requested
• Optional Cloud Features: Consent (Article 6(1)(a)) - nutrition corrections and photo uploads require your explicit consent
• Analytics and Improvement: Legitimate interest (Article 6(1)(f)) - improving app performance and user experience
• Marketing Communications: Consent (Article 6(1)(a)) - only if you opt-in to receive updates

You have the right to object to processing based on legitimate interest and to withdraw consent at any time.

Information We Collect

Information You Provide Directly

• Profile Information: Name, age, weight, height, activity level, and nutrition goals
• Food Logging Data: Foods consumed, portions, meals, and nutrition information
• Weight Tracking Data: Weight measurements and progress over time
• Feedback and Feature Requests: User feedback, bug reports, and feature suggestions you submit

Information Automatically Collected

• Usage Analytics: App usage patterns, feature usage, and performance metrics (anonymized)
• Device Information: Device model, operating system version, and app version
• Crash Reports: Technical data to help us fix bugs and improve app stability

Android Permissions

Our app requests the following Android permissions to provide its features:

• INTERNET: Required for food database lookups, Garmin integration, and optional cloud features
• CAMERA: Optional permission for barcode scanning and nutrition label photo capture
• POST_NOTIFICATIONS: Optional permission for app notifications (Android 13+)
• FOREGROUND_SERVICE: Used for background sync operations when uploading corrections
• WAKE_LOCK: Ensures background processes complete successfully
• AD_ID: Used by Google AdMob for ad serving (can be reset in device settings)

Permission Control: You can review and modify these permissions at any time through your device's app settings.

Third-Party Services

• AdMob (Google): Anonymous advertising data for serving relevant ads
• Firebase: Anonymous usage analytics and crash reporting
• USDA FoodData Central: Food nutrition data (no personal data shared)
• Open Food Facts: Barcode food information (no personal data shared)

How We Use Your Information

Core App Functionality

• Provide nutrition tracking and food logging features
• Calculate and display nutrition analytics and progress
• Maintain your food favorites and preferences
• Enable barcode scanning for food identification

App Improvement

• Analyze usage patterns to improve user experience
• Process feature requests and feedback submissions
• Fix bugs and enhance app performance
• Develop new features based on user needs

Communication

• Respond to support requests and feedback
• Notify you of important app updates (if you provide email)
• Send feature request status updates (if you opt in)

Information Sharing and Disclosure

We Do NOT Share Personal Data

• We do not sell, rent, or trade your personal information
• We do not share your food logs or nutrition data with third parties
• We do not provide your personal information to advertisers

Limited Data Sharing

• Anonymous Analytics: Anonymous usage data with Firebase for app improvement
• Ad Services: Anonymous device identifiers with AdMob for ad serving
• Feature Requests: Anonymous feature suggestions may be shared publicly (without personal info)

Legal Requirements

We may disclose information if required by law or to protect our rights and users' safety.

Data Storage and Security

Local Storage (Default)

• Core Nutrition Data: Food logs, weight measurements, and nutrition tracking data remain on your device
• User Preferences: App settings, favorites, and personal configurations stored locally
• Garmin Activity Data: Exercise data from Garmin Connect stored locally on your device
• Offline Operation: Core app functionality works without internet connection

Optional Cloud Storage (Requires Explicit Consent)

• Nutrition Corrections: User-submitted food database corrections stored on Firebase Firestore
• Photo Uploads: Images attached to nutrition corrections stored on Firebase Storage (5MB limit)
• User Feedback: Feature requests and bug reports stored securely on Firebase
• Anonymous Analytics: Usage patterns and performance metrics (no personal nutrition data)

Important Note About Cloud Features

All cloud storage features are optional and require your explicit consent. You can use the core nutrition tracking functionality entirely offline. Cloud features are designed to improve the app for all users while maintaining your privacy.

Security Measures

• Data Transmission: HTTPS/TLS encryption for standard network communications where technically feasible
• Cloud Storage: Standard security practices provided by Google Firebase infrastructure
• Access Controls: Limited personnel access to user-submitted data with authentication requirements
• App Updates: Regular security patches delivered through standard app store mechanisms

Security Limitations: While we implement appropriate technical and organizational measures, no system can guarantee complete security. We encourage users to protect their devices with screen locks and keep the app updated.

Your Rights and Choices

Your Data Protection Rights (GDPR)

If you are located in the European Union, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data (see deletion procedures below)
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing at any time

Exercising Your Rights: Contact [email protected] with your request. We will respond within 30 days.

Data Access and Deletion Procedures

• View Your Data: Access all your local nutrition data within the app
• Local Data Deletion: Remove all local data (food logs, preferences, Garmin data) by uninstalling the app
• Cloud Data Deletion: Request deletion of nutrition corrections and photos by contacting [email protected]
• Complete Data Removal: For full deletion of all data (local + cloud), uninstall the app AND request cloud data deletion
• Data Export: Export functionality may be available in future app versions

Advertising Choices

• Premium Upgrade: Remove ads entirely with $0.99 premium upgrade
• Ad Preferences: Ads are served by Google AdMob based on anonymous data
• Opt-Out: Premium users see no ads; free users can upgrade anytime

Communication Preferences

• Email: Providing email for feedback is optional
• Notifications: Control app notifications in device settings

Children's Privacy (COPPA Compliance)

Our app is not intended for children under 13. We do not knowingly collect personal information from children under 13.

If Child Data is Discovered

• Immediate Action: If we discover we have collected personal information from a child under 13, we will delete it within 24 hours
• Parental Notification: If contact information is available, we will notify the parent or guardian about the deletion
• Reporting: Parents can report suspected child accounts by contacting [email protected]
• Account Termination: Any accounts identified as belonging to children under 13 will be immediately terminated

Important: If you believe we have collected information from a child under 13, please contact [email protected] immediately with details about the suspected child account.

Third-Party Services

Google AdMob

• Advertisement Serving: Displays targeted advertisements within the app
• Device Identifiers: Uses Google Advertising ID and device information for ad targeting
• Data Scope: Does not access personal food logs or nutrition data
• User Control: You can reset your advertising ID in device settings
• Privacy Policy: https://policies.google.com/privacy

Additional Mobile SDKs

Our app may include additional standard mobile development libraries and SDKs that provide core functionality. These components follow industry-standard privacy practices and do not access personal nutrition data.

Firebase Services (Google)

• Firebase Analytics: Anonymous usage patterns and feature adoption metrics
• Firebase Crashlytics: Crash reports and technical diagnostics for app stability
• Firebase Firestore: Storage for user-submitted nutrition corrections (with explicit consent)
• Firebase Storage: Photo uploads for nutrition corrections (with explicit consent, 5MB limit)
• Firebase Performance: Anonymous app performance monitoring and optimization
• Data Processing: All Firebase data is processed on Google's infrastructure in accordance with Google's privacy practices
• Privacy Policy: https://policies.google.com/privacy

USDA FoodData Central

• Public nutrition database
• No personal data shared
• Used for food nutrition information

Open Food Facts

• Public food database
• No personal data shared
• Used for barcode food identification

Nutrition Correction System

Foodometer includes an optional feature that allows users to submit corrections to our food database when they notice inaccurate nutrition information. This community-driven approach helps improve data quality for all users.

How Corrections Work

• Voluntary Submissions: Users can optionally submit corrections when they find nutrition data errors
• Rate Limiting: To prevent abuse, submissions are limited to 5 per minute, 20 per hour, and 100 per day per user
• Optional Photos: Users may attach photos of nutrition labels to support their corrections
• Review Process: All corrections undergo review by authorized personnel before being applied to the database
• Anonymous Submission: No personal nutrition data or food logs are included in correction submissions

Data Collected for Corrections

• Food Identification: Food name, brand, and database ID being corrected
• Nutrition Values: Corrected nutrition information (calories, macronutrients, etc.)
• Supporting Photos: Optional images of nutrition labels or packaging (if provided)
• Correction Metadata: Timestamp, correction reason, and validation status
• User Identifier: Anonymous user ID for rate limiting purposes only

Privacy Protection for Corrections

• No Personal Food Logs: Your personal food consumption history is never included in corrections
• Anonymous Processing: Corrections are processed without linking to your personal nutrition data
• Secure Storage: All correction data is stored securely on Firebase Firestore
• Limited Access: Only authorized team members can access submitted corrections for review
• Database Improvement Only: Correction data is used solely to improve nutrition database accuracy

Garmin Connect Integration

Foodometer offers optional integration with Garmin Connect to enhance your nutrition tracking experience. This integration is entirely optional and requires your explicit authorization.

Data We Access from Garmin

• Activity Data: Exercise sessions, workout duration, calories burned, activity types (running, cycling, etc.)
• Heart Rate Data: Average heart rate during activities to assess workout intensity
• Weight Measurements: Weight data from compatible Garmin scales for unified progress tracking
• Distance Data: Distance covered during activities for comprehensive fitness insights

How We Use Garmin Data

• Net Calorie Calculation: Combine nutrition intake with exercise expenditure for accurate daily balance
• Activity-Based Recommendations: Provide personalized nutrition guidance based on workout intensity and duration
• Progress Tracking: Sync weight data from Garmin scales with your nutrition logs for comprehensive health monitoring
• Analytics Enhancement: Display exercise insights alongside nutrition data in your dashboard

Garmin Data Privacy

• Secure OAuth Authentication: Industry-standard authorization process - we only access data you explicitly approve
• Local Storage: Garmin activity data is stored locally on your device alongside your nutrition data
• No Third-Party Sharing: We do not share your Garmin data with any third parties
• Disconnect Anytime: You can revoke Garmin access at any time through app settings
• Optional Feature: Garmin integration is completely optional - the app works fully without it

Data Retention

• Garmin activity data is stored locally until you disconnect the integration or uninstall the app
• Disconnecting Garmin removes access to new data but preserves historical data already synced
• Complete data removal requires app uninstallation or manual deletion through app settings

Garmin Connect Integration (Technical Details)

Foodometer offers optional integration with Garmin Connect to enhance your nutrition tracking with exercise data. This integration uses Garmin's official OAuth 1.0a authentication protocol and requires your explicit authorization.

Authentication Process (OAuth 1.0a)

• Secure Authorization: Industry-standard OAuth 1.0a protocol used by all Garmin Connect Developer Program APIs
• User-Controlled Access: You explicitly authorize data access through Garmin's secure authentication system
• No Password Storage: We never store your Garmin credentials - authentication handled entirely by Garmin's secure servers
• Revocable Access: You can revoke access at any time through your Garmin Connect account settings or our app settings
• Business Program Compliance: We participate in Garmin's official business developer program with approved access

Specific Data We Access

• Activity Summary Data: Exercise type, duration, calories burned, distance covered
• Heart Rate Data: Average heart rate during activities for workout intensity assessment
• Weight Measurements: Weight data from compatible Garmin scales for unified tracking
• Activity Files: Detailed workout data in .FIT, .GPX, or .TCX formats when available
• Sync Timestamps: When data was recorded and synced for accurate timeline integration

Data Usage and Storage

• Local Storage Only: All Garmin data stored exclusively on your device - never uploaded to our servers
• Net Calorie Calculation: Combine nutrition intake with Garmin exercise expenditure for accurate daily balance
• No Third-Party Sharing: Garmin data never shared with advertisers, analytics services, or other third parties
• Data Retention: Garmin data retained locally until you disconnect integration or uninstall app
• Disconnection Effects: Disconnecting stops new data access but preserves historical data already synced

User Rights and Control

• Complete Control: Garmin integration is entirely optional - core app functions work without it
• Granular Access: Garmin's OAuth system allows you to control which data types we can access
• Easy Disconnection: Revoke access through: (1) App settings → Garmin Integration → Disconnect, or (2) Garmin Connect account settings
• Data Deletion: Remove all Garmin data by disconnecting integration and clearing app data

Photo Upload Feature

Foodometer includes an optional photo upload feature that allows users to attach images to nutrition correction submissions to help improve food database accuracy.

Photo Upload Details

• Optional Feature: Photo uploads are completely optional and only used with nutrition corrections
• File Size Limit: Maximum 5MB per image to ensure reasonable storage usage
• Storage Location: Photos are uploaded to Firebase Storage (Google's cloud infrastructure)
• Access Control: Only authorized personnel can access uploaded photos for correction review
• Review Purpose: Photos are reviewed solely to verify nutrition correction accuracy

Photo Privacy Protection

• No Metadata Extraction: We do not extract location data or other metadata from uploaded photos
• Secure Transmission: All photos are encrypted in transit using HTTPS/TLS
• Content Guidelines: Photos should only contain food items and nutrition labels
• Deletion Rights: You can request deletion of your uploaded photos by contacting [email protected]
• Data Retention: Photos may be retained to support ongoing database improvements but can be deleted upon request

Admin Review Process

To maintain food database accuracy, nutrition corrections submitted by users undergo a review process.

Review Details

• Anonymous Review: Reviewers see only the correction data and associated photos, not your personal nutrition logs
• Authorized Personnel: Only designated team members have access to submitted corrections
• Purpose Limitation: Reviews are conducted solely to verify nutrition accuracy and improve the database
• No Personal Data Access: Reviewers cannot access your food logs, weight data, or other personal nutrition information
• Secure Environment: All review activities are conducted in secure, access-controlled systems

Future Features

Planned Integrations

• Data Export: CSV/JSON export of your nutrition data (in development)
• Cloud Backup: Optional backup to Google Drive (planned - would require explicit consent)

We will update this policy before implementing any new data collection or sharing practices.

International Data Transfers

Our app is designed primarily for users in the United States. Data processing occurs in the following locations:

• Local Data: Stored on your device regardless of location
• Cloud Data: Processed by Google Firebase in the United States
• GDPR/UK Transfers: Data transfers from the EU and UK to the US are covered by Google's Standard Contractual Clauses, adequacy decisions, and UK data bridge arrangements where applicable
• Data Protection: International transfers maintain the same privacy protections described in this policy

By using our app from outside the United States, you acknowledge that your data may be processed in countries with different privacy laws than your own. EU and UK residents are protected by appropriate safeguards for international transfers.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes through:

• In-app notifications
• Updated "Last Modified" date at the top of this policy
• Email notification (if you've provided an email address)

Your continued use of the app after changes constitutes acceptance of the updated policy.

Data Retention

Local Data

• Nutrition Logs: Stored on your device until you delete them or uninstall the app
• Garmin Activity Data: Stored locally until you disconnect Garmin integration or uninstall the app
• User Preferences: Stored locally until app uninstallation

Cloud Data

• Nutrition Corrections: Retained for up to 3 years to maintain database accuracy and ensure user safety, or until deletion requested
• Uploaded Photos: Retained until you request deletion (contact [email protected])
• User Feedback: Anonymous feedback may be retained for up to 5 years for product improvement purposes
• Deletion Timeline: Cloud data permanently deleted within 30 days of a valid deletion request

Analytics and Technical Data

• Usage Analytics: Anonymous usage patterns retained for up to 2 years (Firebase Analytics)
• Crash Reports: Technical crash data retained for up to 1 year for debugging purposes
• Performance Metrics: Anonymous performance data retained for up to 1 year

Your California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

CCPA Rights

• Right to Know: Request information about personal information collected, used, disclosed, or sold
• Right to Delete: Request deletion of personal information we have collected
• Right to Opt-Out: We do not sell personal information, so no opt-out is necessary
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

GDPR Rights (EU Residents)

• Right to Data Portability: Request your data in a machine-readable format
• Right to Restrict Processing: Request limitations on how we process your data
• Right to Object: Object to processing based on legitimate interests
• Right to Lodge Complaints: You have the right to file complaints with your local data protection supervisory authority if you believe we have not complied with data protection laws. A list of EU data protection authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Exercising Rights: Contact [email protected] to exercise any of these rights. We will verify your identity before processing requests.

Conclusion

Your privacy is important to us. We've designed Foodometer to keep your personal nutrition data private and secure while providing you with the best possible experience.

By using Foodometer, you agree to the collection and use of information in accordance with this Privacy Policy.