# Privacy Policy  
**Nutrition Tracker - MyFitMate**  
Effective Date: 15 June 2025  

## 1. Who We Are  
This Privacy Policy explains how **Yury Tomachinskiy** ("MyFitMate", "we", "our") collects, uses, discloses, and safeguards your personal data when you use the MyFitMate mobile application, website, or related services (collectively, the "Services").

**Controller:** Yury Tomachinskiy  
**Email:** contact@myfitmate.app  

## 2. Data We Collect  

| Category | Examples | GDPR Legal Basis |
|----------|-----------|------------------|
| **Account Data** | Email or Apple ID, username, optional avatar, password hash | Art 6 (1)(b) - contract |
| **Meal Data** | Photos you upload, food descriptions, portion estimates, AI-generated nutrient breakdown | Art 6 (1)(a) consent; Art 9 (2)(a) explicit consent (health data) |
| **Device & Usage** | App interactions, crash logs, device model/OS, language, time-zone | Art 6 (1)(f) legitimate interest (security, improvement) |
| **Purchase & Credits** | Apple transaction ID, product, amount, credit balance | Art 6 (1)(b) contract; Art 6 (1)(f) fraud prevention |
| **Support** | Emails, chat transcripts, metadata | Art 6 (1)(b) contract |
| **OpenFoodFacts** | Nutritional data lookup (e.g. barcode scan results) | Open Database License (ODbL) |

No government ID numbers or precise geolocation are collected.

## 3. How We Use Your Data  
* Provide, personalise, and maintain the Services  
* Process credit purchases and maintain your balance  
* Improve our AI models and food database  
* Send transactional notices (e.g. credit purchase receipts)  
* Respond to support requests and enforce the Terms of Use  
* Detect and prevent fraud or security incidents  
* Comply with legal obligations (tax, consumer protection)

We **do not** sell your data or show third-party advertising.

We also fetch nutritional data from publicly available sources such as OpenFoodFacts to enhance food recognition and calorie estimates. No personal data is shared with OpenFoodFacts.

## 4. Special-Category Data and Consent  
Meal photos may reveal health-related information. By uploading such photos you give **explicit consent** to our processing them. You may withdraw consent by deleting the photo or your account.

## 5. Automated Decision-Making and AI  
The App uses AI to estimate calories and nutrients. Outputs may be inaccurate and do not have legal or significant effects on you. You can always edit or delete AI-generated entries.

## 6. Data Sharing  
| Recipient | Purpose | Safeguard |
|-----------|---------|-----------|
| **Apple (App Store)** | Payment processing | Apple terms & privacy |
| **RevenueCat Inc.** | Receipt validation | Standard Contractual Clauses |
| **OpenAI LLC** | Image & text analysis (30-day retention max) | Standard Contractual Clauses |
| **Authorities** | Legal compliance | Only when required by law |

We do not integrate advertising or analytics SDKs from other parties.

## 7. International Transfers  
Primary data is stored in the European Economic Area. Transfers outside the UK/EEA (e.g. to the United States) rely on EU-US and UK-US Standard Contractual Clauses or an adequacy decision under GDPR Art 45.

## 8. Data Retention  
* Account & Meal Data: retained until you delete your account, then erased from backups within **30 days**  
* Purchase Records: retained **7 years** (tax law)  
* Logs: retained **24 months** then aggregated or deleted

## 9. Your Rights  
### UK/EU GDPR  
Access • Rectification • Deletion • Restriction • Portability • Objection • Withdraw consent  
### CCPA/CPRA (California)  
Know • Delete • Opt-out of sale/share (we do not sell) • Non-discrimination  
### PDPA (TH/MY) & LGPD (Brazil)  
Equivalent rights to access, correct, delete, and port data  
**How to exercise:** email contact@myfitmate.app with your request; we will verify identity

## 10. Security Measures  
TLS 1.3 encryption in transit, AES-256 at rest, role-based access, periodic audits, bug-bounty programme. No method is 100% secure, but we work hard to protect your information.

## 11. Children  
We do not knowingly collect data from anyone under 18. If we learn that a minor has provided personal data, we will delete it and close the account.

## 12. Changes to This Policy  
We may update this Policy. We will give at least 30 days' notice of material changes by email or in-app message. Continued use after the effective date means you accept the revised Policy.

## 13. Contact  
For any privacy questions or requests:  
**Email:** contact@myfitmate.app  
You may also lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority.

## 14. Third-Party Attributions  
Some nutrition data is sourced from **OpenFoodFacts** and is available under the [Open Database License (ODbL)](https://opendatacommons.org/licenses/odbl/1.0/).  
Learn more at [https://world.openfoodfacts.org](https://world.openfoodfacts.org)