Privacy Policy
1. Introduction
Biteright ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services (the "Service").
Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service.
2. Information We Collect
2.1 Information You Provide Directly
Account Registration:
- Email address
- Password (hashed and encrypted)
- First and last name
- Phone number (optional)
- Profile photo (optional)
Profile & Health Data:
- Age, gender, height, weight
- Dietary goals and preferences
- Health conditions (if voluntarily shared)
Food & Meal Data:
- Photos of meals you take with the camera
- Meal timing and frequency
- Nutritional information (generated by AI)
- Barcode scans and custom meal entries
2.2 Information Collected Automatically
- Device type, operating system, and version
- Mobile device identifiers
- App features accessed, crash reports, and error logs
- Photos processed locally and uploaded for meal analysis
3. How We Use Your Information
- Provide Services — create and manage your account, process meal requests, analyze food photos using AI, generate nutritional information
- Personalization — customize your experience based on dietary goals and track progress
- Communication — send transactional emails (OTP, password resets), respond to support requests
- Analytics & Improvement — understand how users interact with the app, fix bugs, develop new features
- Security & Legal — detect fraud, enforce Terms of Service, comply with legal obligations
4. Data Sharing & Third Parties
4.1 Third-Party Service Providers
| Service | Purpose | Data Shared |
|---|---|---|
| Google Gemini AI | Food image analysis | Meal photos (anonymized) |
| Google OAuth | User authentication | Email (login verification only) |
| Cloudflare R2 | Photo storage | Meal photos |
| MongoDB Atlas | Database storage | All user data (encrypted) |
| SendGrid | Email delivery | Email address for OTP/password reset |
| Railway | Backend hosting | All application data |
4.2 Non-Sharing Policy
We do not sell, rent, or share your personal information with third parties for marketing purposes.
4.3 Legal Requirements
We may disclose your information when required by law, such as subpoenas, court orders, or government requests.
5. Data Security
- Encryption in Transit: HTTPS/TLS for all communications
- Encryption at Rest: Sensitive data encrypted in databases
- Password Security: Passwords hashed using bcrypt
- Access Control: Limited employee access to personal data
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your information for as long as your account is active. After account deletion:
- Personal account data deleted within 30 days
- Meal history and photos deleted within 1 year
- Backup copies may persist for up to 30 additional days
- Aggregated, anonymized data retained indefinitely for analytics
7. Your Privacy Rights
7.1 Access, Correction & Deletion
You can update your profile information directly in the app. To delete your account and all associated data, go to Settings → Account → Delete Account.
7.2 GDPR Rights (EU Users)
If you're in the EU, you have additional rights under GDPR: right to access, rectification, erasure, restrict processing, object to processing, data portability, and to lodge a complaint with your data protection authority.
To exercise GDPR rights, contact privacy@biteright.io with "GDPR Request" in the subject line.
7.3 California Privacy Rights (CCPA)
California residents have the right to know what personal information we collect, request deletion, opt out of the "sale" of personal information, and the right to non-discrimination for exercising these rights.
To submit a request, email privacy@biteright.io with "California Privacy Request" in the subject line.
8. Children's Privacy
Biteright is intended for users 13 years and older. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will delete it immediately.
9. International Data Transfers
Your information may be transferred to, stored in, and processed in countries other than your country of residence. By using Biteright, you consent to the transfer of your information to countries outside your country of residence, including the United States.
10. Policy Changes
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy in the app, updating the "Last Updated" date, and sending an email for significant changes.
Contact Us
If you have questions about this Privacy Policy or our privacy practices:
General Privacy: privacy@biteright.io
Support: support@biteright.io
Location: India