Privacy Policy

Last updated: May 19, 2026

1. Introduction

This Privacy Policy explains how Dietk ("Dietk", "we", "our", or "us") collects, uses, discloses, and protects information about you when you use the Dietk mobile application and our website at dietk.app (collectively, the "Service").

We respect your privacy and are committed to protecting it. Please read this policy carefully. By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

This policy is designed to comply with applicable data protection laws globally, including:

• The European Union General Data Protection Regulation (GDPR), where applicable
• Other applicable national and regional data protection regulations in the country where you reside
• Apple App Store and Google Play privacy requirements

2. Who We Are (Data Controller)

The data controller responsible for your personal data is:

Dietk (available on request via support@dietk.app) Email: support@dietk.app

3. Information We Collect

We collect the following categories of personal data:

3.1 Information you provide directly

• Account data: name, email address, or phone number (depending on sign-in method), country, time zone, preferred language
• Profile data: age or date of birth, gender, height, weight, activity level, dietary goals (these are used to calculate your nutrition targets)
• Authentication data: when you sign in via Google, Apple, or phone, we receive a unique identifier from those providers

3.2 Information you generate by using the Service

• Food logs: meals, ingredients, portion sizes, and times you log
• Photos: images of food you upload for AI analysis (processed and stored as described in Section 5)
• Chat messages: conversations with the AI nutrition coach
• Tracking data: water intake, daily streaks, progress over time

3.3 Information collected automatically

• Device and technical data: device model, operating system version, app version, IP address (collected briefly for security and abuse prevention), language settings
• Push notification tokens: Firebase Cloud Messaging (FCM) tokens used to deliver notifications you have enabled
• Usage data: anonymized analytics about feature use (no third-party advertising trackers)

3.4 Sensitive personal data

Nutrition and dietary data, body measurements, and food images may be classified as health-related personal data under applicable laws. We treat this category with elevated protection. We do not process such data for purposes other than delivering the Service to you.

4. How We Use Your Information

We use your personal data to:

• Provide, operate, and maintain the Service
• Calculate your daily nutrition targets and track your progress
• Analyze food images and respond to your chat messages using artificial intelligence
• Send you notifications you have enabled (daily check-ins, streak protection, milestones)
• Improve and develop new features
• Communicate with you about your account, updates, and support
• Detect, prevent, and respond to security incidents, abuse, or violations of our Terms
• Comply with legal obligations

We do not sell your personal data. We do not use it for third-party advertising.

5. AI Processing of Food Images and Chat Messages

To deliver the core features of the Service, food images and chat text are processed by Anthropic's Claude API (operated by Anthropic, PBC, United States). When you submit a photo or message:

• The content is transmitted securely to Anthropic for analysis
• Anthropic returns the analysis (estimated nutrition values, coaching response) which we store in your account
• Per Anthropic's published policies, your content is not used to train their AI models
• Anthropic acts as a data processor under our instructions

If you do not consent to this processing, you cannot use the AI features of the Service.

6. Legal Bases for Processing (GDPR)

Where the GDPR applies to you, we process your personal data on the following legal bases:

• Performance of a contract (Article 6(1)(b)) — to deliver the Service you signed up for
• Consent (Article 6(1)(a)) — for sensitive health-related data processing, push notifications, and optional features; you can withdraw consent at any time
• Legitimate interests (Article 6(1)(f)) — for security, fraud prevention, and analytics
• Legal obligations (Article 6(1)(c)) — to comply with applicable laws

For sensitive health data under GDPR Article 9, we rely on your explicit consent.

Where other data protection laws apply, we rely on equivalent legal bases under those laws.

7. How We Share Your Information

We share your personal data only with the following categories of recipients:

7.1 Service providers (data processors)

• Microsoft Azure (United States / European Union) — cloud hosting, database storage (Azure West Europe region)
• Firebase, a Google service (United States / European Union) — authentication, push notifications
• Apple Inc. (United States) — Apple Sign-In authentication only
• Anthropic, PBC (United States) — AI analysis of food images and chat messages

All service providers are contractually bound to process your data only on our instructions and to maintain appropriate security measures.

7.2 Legal requirements

We may disclose your information if required to do so by law, court order, or government request, or if necessary to protect our rights, your safety, or the safety of others.

7.3 Business transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. You will be notified of any such change.

We do not share your data with advertisers, data brokers, or for marketing purposes by third parties.

8. International Data Transfers

Your data is primarily stored in the European Union (Azure West Europe). When data is transferred to processors in the United States or other countries, we ensure appropriate safeguards including:

• Standard Contractual Clauses or equivalent transfer mechanisms recognized under applicable data protection law
• Adequacy decisions where applicable
• Other legally recognized safeguards as required by the data protection regulations of your country

9. Data Retention

We retain your personal data for as long as your account is active. When you delete your account:

• Your account data, profile, food logs, photos, chat history, and other personal data are permanently deleted from our active systems immediately
• Backup copies are purged within thirty (30) days
• Some anonymized usage statistics may be retained for legitimate analytics
• We retain data longer only where required by law (for example, tax records)

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit (TLS) and at rest
• Access controls and authentication
• Regular security reviews
• Secure handling of credentials via Azure Key Vault

No system is perfectly secure. If we become aware of a data breach affecting your personal data, we will notify you and the appropriate authorities as required by law.

11. Your Rights

Subject to applicable law, you have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your data (in most cases, by deleting your account in the app)
• Restriction — request that we limit how we process your data
• Portability — request a machine-readable copy of your data
• Objection — object to certain processing activities
• Withdrawal of consent — withdraw consent at any time, where processing is based on consent
• Complaint — lodge a complaint with your local data protection authority

To exercise these rights, email support@dietk.app. We will respond within 30 days (extendable by an additional 60 days for complex requests, as permitted by law).

You can directly delete your account at any time inside the app under Settings → Delete Account.

12. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it.

In some jurisdictions, the minimum age for consent to data processing is higher (16 in parts of the EU). Users under 18 should obtain a parent or guardian's consent before using the Service.

13. Cookies and Similar Technologies

The Dietk mobile app does not use third-party advertising cookies or trackers.

Our website (dietk.app) uses only essential first-party storage required for the site to function (language preference). We do not deploy advertising or tracking cookies.

14. Third-Party Links

Our Service may contain links to third-party websites or services not operated by us. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

• Update the "Last updated" date at the top of this page
• Notify you through the app or by email for material changes
• For significant changes affecting your rights, ask for renewed consent where required by law

Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

16. Contact Us

Questions, requests, or complaints regarding this Privacy Policy or our data practices:

Email: support@dietk.app Postal address: Dietk, (available on request via support@dietk.app)

If you are not satisfied with our response, you may file a complaint with your local data protection authority.