Privacy Policy

Effective Date: 01/01/2026 · Last Updated: 01/01/2026

AteAI ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding that information. By using AteAI, you agree to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide Directly

  • Account information: Your name and email address when you sign up via email or Google
  • Profile and health data: Gender, age, height, weight, goal weight, activity level, dietary preference, and calorie/macro goals
  • Food diary entries: Meals you log including food name, calories, macronutrients, meal type, and time
  • Water intake: Daily glass counts you log
  • Weight logs: Body weight entries you record over time
  • Food photos: Images captured for AI food analysis — sent to our AI processor and not stored after analysis
  • Voice recordings: Audio clips in Voice mode — sent for transcription and not stored after analysis
  • Barcode scans: UPC/EAN barcodes sent to nutrition databases for lookup

1.2 Information Collected Automatically

  • Usage data: Screens viewed, features used, and interaction patterns — collected in anonymized form via PostHog
  • Device information: Device type, OS version, and app version
  • Push notification token: Used to deliver notifications you have opted into
  • Subscription status: Your subscription state and entitlements via RevenueCat

1.3 Information from Third Parties

  • Google Sign-In: Your name and email from Google as part of the OAuth flow
  • RevenueCat: Subscription status and purchase history

2. How We Use Your Information

  • Provide and manage your account and personalized calorie/macro goals
  • Power AI food recognition via Google Gemini (through our secure backend)
  • Generate personalized daily nutrition tips and weekly trend analyses
  • Manage subscriptions and verify your plan via RevenueCat
  • Deliver meal reminders and push notifications you have enabled
  • Improve the Service using anonymized usage patterns via PostHog
  • Respond to your support inquiries
  • Comply with applicable laws and enforce our Terms of Use

3. How We Share Your Information

We do not sell your personal information. We share data only with service providers who process it on our behalf:

ProviderPurposeData Shared
SupabaseAuthentication, database storageAccount info, profile, diary, water, weight logs
Google Gemini (via backend)AI food recognition and insightsFood photos, voice audio, text inputs, aggregated diary data
RevenueCatSubscription managementUser ID, subscription events
Open Food Facts / USDABarcode nutritional lookupBarcode number only
Expo / FirebasePush notification deliveryDevice push token, notification payload
PostHogAnonymized usage analyticsAnonymized interaction events, device metadata

4. AI Processing and Your Data

Food photos and voice recordings are never stored on our servers. They are processed and discarded immediately after the AI returns a result.

When you use camera, voice, or ingredient scanning, your data is transmitted over an encrypted connection to our secure backend (Supabase Edge Functions), which forwards it to Google Gemini. The result is relayed to your device. For AI nutrition insights, only aggregated diary summaries (calorie totals, macro totals) are sent — no photos or identifying details.

5. Data Storage and Security

  • Your data is stored on Supabase's infrastructure (AWS, SOC 2 Type II certified)
  • All data in transit is encrypted using TLS
  • Database records are protected by Row Level Security — only you can access your data
  • Authentication uses OAuth 2.0 and passwordless OTP — we do not store passwords
  • Some data is cached locally on your device using encrypted MMKV storage

6. Data Retention

  • Account and diary data: Retained while your account is active
  • Food photos and voice audio: Not retained — discarded after AI analysis
  • Analytics data: Retained by PostHog per their policy; cannot be linked to your identity
  • Deleted accounts: Data deleted from our database on account deletion. Encrypted backups purged within 30 days

7. Your Rights and Choices

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Delete your account and all data via Settings → Delete Account
  • Portability: Request your data in a portable format
  • Opt-out of analytics: Contact us to opt out of PostHog tracking
  • Notifications: Manage preferences in Settings → Notifications or at OS level

8. Children's Privacy

AteAI is not directed to children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us their information, contact us and we will delete it promptly.

9. California Privacy Rights (CCPA)

California residents have the right to know what personal information we collect, request deletion, and opt out of sale (we do not sell personal information). Contact us at the email below to exercise these rights.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last Updated" date and notify you of material changes via in-app notification or email. Continued use after changes take effect constitutes acceptance.

11. Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at:

Email: support@ateai.app