Privacy Policy

Munchit ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use the Munchit mobile app and website (collectively, the "Service"). By using the Service you agree to the practices described here.

1. Information We Collect

We collect the following categories of information when you use Munchit:

• Account data — your name and email address, provided when you sign in with Apple or Google.
• Profile and biometrics — name, gender, height, weight, activity level, daily calorie goal, and daily water goal. BMI is computed from your height and weight on our servers.
• Meal logs — the text or voice descriptions you enter when logging a meal (e.g., "I had a bowl of oatmeal with berries"), optional meal photos, AI-generated nutritional estimates (calories, protein, carbs, fat), and timestamps.
• Water and hydration logs — volume logged and timestamps.
• Weight logs — date, weight value, and any linked progress photo.
• Progress photos — images you upload to track your physical progress. These are stored in a private, per-user bucket and are never publicly accessible.
• Health data (iOS only) — active energy burned, resting/basal energy burned, and step count for the current day, read from Apple HealthKit only when you grant permission. See Section 5 for full details.
• Social and friends data — friend connections you initiate, leaderboard entries (streak, calorie progress, water intake, burn ring), and reactions you send or receive.
• Referral data — your referral code and the number of sign-ups attributed to it.
• Streak data — your count of consecutive days logging three or more meals.
• Subscription and trial status — your trial start date and current subscription state, managed via RevenueCat.
• Notification preferences — which meal reminder types you have enabled. These are stored on-device only.
• Crash and diagnostic data — error reports and stack traces collected via Sentry to help us identify and fix bugs.
• Usage data — features used, device type, operating system version, and approximate location derived from IP address.
• Communications — messages you send us via email or support channels.

We do not collect payment card details directly. In-app purchases and subscriptions are processed by Apple's App Store and managed by RevenueCat, each subject to their own privacy policies.

2. How We Use Your Information

• To provide, personalise, and improve the calorie and nutrition tracking service.
• To process meal descriptions and photos and estimate nutritional content using AI.
• To generate personalised AI insights covering nutrition, weight trends, hydration, and activity.
• To display your progress data on the social leaderboard for friends you have connected with.
• To manage your free trial and subscription access.
• To send meal reminders, streak alerts, and trial notifications (you can adjust or disable these in Settings).
• To diagnose technical issues and monitor service health.
• To comply with legal obligations.

3. AI Processing of Meal Data

Munchit's core feature sends your food descriptions and optional meal photos to a large language model (LLM) to estimate calories and macronutrients. Here is what you should know:

• Both text/voice descriptions and meal photos you submit are transmitted to our AI provider to generate nutritional estimates.
• Water-related inputs detected by the AI are routed to hydration logging and stored separately from meal logs.
• We do not use your meal data to train AI models without your explicit consent.
• AI-generated estimates are approximations and should not be treated as medical or dietary advice.
• You may delete individual meal entries or your entire meal history at any time from within the app.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share data with the following categories of recipients:

• our backend infrastructure provider, handling the database, authentication, file storage, and server-side functions.
• our AI/LLM API provider for meal parsing and nutritional insight generation.
• subscription and in-app purchase management provider.
• crash reporting and error monitoring provider.
• authentication provider that is subject to Apple's and Google's own privacy policies.
• Legal requirements — if required by law, court order, or to protect our rights or the safety of users.
• Business transfers — in the event of a merger or acquisition, your data may be transferred with reasonable notice provided.

All service providers are contractually required to protect your data and use it only as directed by us.

5. Apple HealthKit and Health Data (iOS Only)

On iOS, Munchit can optionally connect to Apple HealthKit to read activity data. This section describes exactly how that works:

• Permission is optional. You will be prompted in-app; you can decline or revoke access at any time via iOS Settings → Health → Data Access & Devices.
• We read today's totals only: active energy burned (kcal), resting/basal energy burned (kcal), and step count.
• Raw HealthKit values are never uploaded to our servers. They are used on-device to enrich the AI insights payload and to compute your leaderboard burn ring.
• Only the computed today_burned_kcal value is synced to our servers for display on your friends' leaderboard.
• We do not write any data back to HealthKit.
• You can disconnect HealthKit at any time from the Munchit Settings screen.

6. Social Features and Data Visible to Others

Munchit includes an optional social leaderboard. When you add friends:

• Your display name, current streak, today's calorie progress (logged vs. goal), today's water intake (vs. goal), and your burned calories (if HealthKit is connected) are visible to your friends on the leaderboard.
• Reactions you send to a friend (one per day) are recorded in our database linked to your account.
• Friends are added by mutual connection — you can remove a friend at any time, which removes their visibility into your data and yours into theirs.

7. Data Retention

• Account data — retained for the lifetime of your account. If you delete your account, your data is removed within 30 days. Apple sign-in users will be prompted to re-authorise before deletion.
• Meal logs, weight logs, water logs — retained for the duration of your account. You may delete individual entries at any time from within the app.
• Progress photos — stored in a private bucket and served only via short-lived signed URLs (1-hour expiry). Deleted when you remove the associated weight log entry or delete your account.
• HealthKit data — raw values are never stored on our servers. The computed leaderboard burn value is retained with a rolling 24-hour window.
• Usage and diagnostic data — retained in aggregated or anonymised form for up to 24 months.

8. Your Rights

Depending on where you live, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your data ("right to be forgotten"). You can also delete your account directly from within the app via Settings → Delete Account.

To exercise any of these rights, email us at hello@munchit.ai. We will respond within 30 days.

9. Cookies and Tracking

Our marketing website currently uses only essential session cookies necessary for basic site functionality. We do not use advertising or third-party tracking cookies. If we add analytics or advertising tools in the future, we will update this policy and provide appropriate consent controls.

10. Children's Privacy

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

11. Security

We use industry-standard security measures to protect your data, including:

• TLS encryption for all data in transit and encryption at rest.
• Row-Level Security (RLS) on all database tables — your data is never accessible to other users except through explicit social sharing (friends and leaderboard).
• Progress photos and meal photos are stored in private buckets and served only via short-lived signed URLs; they cannot be accessed without a valid, time-limited token.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your information to the best of our ability.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. For material changes, we will notify you by email or a prominent notice within the app. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out:

• Email: hello@munchit.ai