Privacy Policy

1. Introduction

This Privacy Policy (“Policy”) describes how KombuchAI (“we”, “us”, “our”) collects, uses, shares and protects personal information when you use our nutrition-tracking webapp (the “Service”). By accessing or using the Service, you consent to the practices described here.

2. Changes to This Policy

We may update this Policy from time to time. When we do, we will post the revised Policy on the Service and update the “Last updated” date. Continued use of the Service after changes constitutes acceptance of the updated Policy.

3. Data We Collect

  • Account & Login Data: Email, name, OAuth identifiers (Google, Facebook, GitHub).
  • Profile & Health Data: Age, gender, weight, height, activity level, health conditions, dietary restrictions, nutrition goals.
  • Usage Data: Page views, timestamps, interactions (collected via Google Analytics and cookies).
  • Device & Technical Data: IP address, browser type, device identifiers, operating system.
  • User-Generated Content: Photos or media you upload for AI-assisted analysis.

4. How We Collect Data

  • Through forms you complete when registering or updating your profile.
  • Via OAuth providers (Google, Facebook, GitHub) when you sign in.
  • Automatically using cookies and Google Analytics as you navigate the Service.
  • When you upload images or other content for AI-enabled features.

5. Use of Your Data

We process your data to:

  • Provide and personalize nutrition logging, insights, and recommendations.
  • Perform AI-assisted nutrition analysis and image recognition.
  • Maintain and improve the Service, troubleshoot issues, and perform analytics.
  • Communicate with you about updates, features, or support.

6. Sharing Your Data

  • We do not sell or rent your personal data to third parties.
  • Your data is accessible only to you and is used by our AI models (via secure prompts) to generate personalized insights.
  • We may disclose your information if required by law or to protect our rights.

7. Cookies & Tracking Technologies

We use cookies and Google Analytics to collect usage data. You can manage cookie preferences through your browser settings. See Google’s documentation for opt-out options.

8. Data Retention & Deletion

  • We retain personal and usage data as long as needed to provide the Service or comply with legal obligations.
  • Logs may be kept for unspecified periods until no longer relevant.
  • You may request to download or delete your personal data by contacting us via the support page.

9. Your Rights under GDPR

If you are in the EU, you have the right to:

  • Access and receive a copy of your personal data.
  • Correct inaccurate or incomplete data.
  • Delete your personal data (“right to be forgotten”).
  • Object to or restrict processing of your data.
  • Port your data to another service.
  • Withdraw any consent you have given.

To exercise any of these rights, please contact us through our support page.

10. Security Measures

  • Login credentials are encrypted in transit and at rest unless otherwise noted on collection forms.
  • All data is stored securely in Google Firestore, which employs industry-standard protections.
  • We implement access controls and regular security reviews to safeguard your information.

11. International Data Transfers

Your data may be stored or processed on servers located outside the EU (e.g., Google’s data centers). We rely on appropriate safeguards such as standard contractual clauses to ensure your data remains protected.

12. Children’s Privacy

The Service is intended for users aged 16 or older. We do not knowingly collect data from children under 16. If you believe we have collected such data, please contact us to delete it.

13. Contact Information

If you have questions or wish to exercise your data rights, please reach out via our contact page.

14. Governing Law

This Policy and any disputes arising from it are governed by applicable EU laws and regulations.