Privacy Policy

Last updated: 1 March 2026  ·  Effective: 1 March 2026

This Privacy Policy describes how aBetterFoodApp ("we", "us", or "our") collects, uses, and discloses your personal information when you use aBetterFoodApp (the "Service"). It also explains the rights you have under the EU General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA"), as applicable.

By creating an account or continuing to use the Service, you acknowledge that you have read and understood this Policy.

1. Data Controller

aBetterFoodApp
Contact: [email protected]

For GDPR purposes, we are the data controller of your personal data. If you are located in the EU/EEA and have concerns about our data practices you may also contact our Data Protection Officer at the address above.

2. Personal Data We Collect

We collect the minimum data necessary to provide the Service:

• Account data: email address, display name, and a securely hashed password.
• Profile & health data: body weight, height, sex, date of birth, training type, primary goal, and any other profile fields you choose to complete during onboarding or in Settings.
• Food & nutrition data: daily food entries, meal compositions, macro and calorie logs, and custom foods you create.
• Coach interactions: messages you send to the AI coach and the responses generated, stored to maintain context across sessions.
• Settings & preferences: locale, notification preferences, and app configuration choices.
• Billing data: subscription status and billing period. Payment card details are processed directly by Stripe and are never stored on our servers.
• Technical data: server-side session token (stored in a strictly necessary HTTP cookie), IP address in server logs retained for up to 30 days.

We do not use analytics or advertising trackers, and we do not collect any data beyond what is listed above.

3. How We Use Your Data

We process your personal data for the following purposes and on the following legal bases:

• Performance of contract (Art. 6(1)(b) GDPR): to create and maintain your account, provide nutrition tracking features, and fulfil your subscription.
• Legitimate interests (Art. 6(1)(f) GDPR): to maintain security, prevent fraud, debug technical issues, and improve the Service — where these interests are not overridden by your rights.
• Legal obligation (Art. 6(1)(c) GDPR): to retain billing records for the period required by applicable tax and accounting law.
• Consent (Art. 6(1)(a) GDPR): where you have given explicit consent, for example to receive optional product update emails.

4. Third-Party Service Providers

We share data with the following processors only to the extent necessary to operate the Service:

• Stripe, Inc. (United States) — payment processing. Your payment details are transmitted directly to Stripe under their own privacy policy. Stripe is certified under the EU–US Data Privacy Framework. See stripe.com/privacy.
• Resend — transactional email delivery (account confirmations, billing receipts). Only your email address and the content of the specific email is shared.
• Supabase — authentication and session management for your account credentials.

We do not sell, rent, or share your personal data with any other third parties, including advertisers.

5. International Data Transfers

Some of our service providers (including Stripe) are based in the United States. Where we transfer personal data outside the EEA, we ensure an adequate level of protection is in place through Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or equivalent mechanisms as required by applicable law.

6. Data Retention

We retain your personal data for as long as your account is active. If you request account deletion, we will delete or anonymise your personal data within 30 days, except where retention is required by law (for example, billing records which must be kept for 10 years under applicable tax law).

Server access logs are retained for up to 30 days and then deleted automatically.

7. Your Rights Under GDPR

If you are located in the EU/EEA, you have the following rights with respect to your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: ask us to correct inaccurate or incomplete data.
• Erasure ("right to be forgotten"): request deletion of your data, subject to legal retention obligations.
• Restriction: ask us to restrict processing in certain circumstances.
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority (e.g. the Belgian Data Protection Authority at dataprotectionauthority.be).

8. Your Rights Under the CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• Right to Know: request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it.
• Right to Delete: request deletion of personal information we have collected, subject to certain exceptions.
• Right to Opt-Out of Sale: we do not sell personal information. No opt-out is therefore necessary.
• Right to Non-Discrimination: we will not discriminate against you for exercising any of these rights.

To submit a CCPA request, contact us at [email protected]. We will respond within 45 days as required by law.

9. Cookies

We use only strictly necessary cookies — specifically, a session cookie that keeps you signed in. We do not use advertising, analytics, or tracking cookies. For full details, see our Cookie Policy.

10. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected data from a child, please contact us immediately at [email protected] and we will delete it.

11. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated via email or a notice within the Service at least 14 days before they take effect. The current version is always available at this URL with the effective date shown at the top.

12. Contact

For any privacy-related questions or requests:
[email protected]
aBetterFoodApp