MacroIt ("we," "us," "our," or the "App") is a mobile application that helps users track nutrition, scan food labels, log meals, and generate personalised recipes using artificial intelligence. This Privacy Policy describes how we collect, use, share, and protect your personal data when you use the MacroIt application and related services.
We are committed to safeguarding your privacy and complying with applicable data protection laws, including India's Digital Personal Data Protection Act, 2023 (DPDP Act), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and applicable Apple App Store and Google Play Store guidelines.
For Indian Users: MacroIt is operated by Bhavish Berry (Individual Developer), located in India. Under the DPDP Act, we act as a Data Fiduciary. For any grievances regarding the processing of your personal data, please contact our Grievance Officer at berrybhavish086@gmail.com.
MacroIt is developed and operated by Bhavish Berry (Individual Developer), based in India.
| Data Category | Examples | Purpose |
|---|---|---|
| Account Information | Email address, name | Account creation, authentication, communication |
| Health & Wellness Data | Health conditions (e.g., diabetes, hypertension, allergies), dietary preferences (e.g., vegetarian, vegan, gluten-free), fitness goals (e.g., weight loss, muscle gain) | Personalised nutrition scoring, AI recipe generation, dietary alerts |
| Body Metrics | Height, weight, age, gender, activity level | Calorie and macro target calculation |
| Meal & Nutrition Data | Meal logs (free-text descriptions), food scan history (barcodes, product names) | Tracking daily nutrition intake, providing nutritional analysis |
| Shopping Lists | Saved ingredients linked to recipes | Meal planning convenience |
| Data Category | Details | Purpose |
|---|---|---|
| Nutrition Scores | Health scores computed from food label analysis | Helping you evaluate food products |
| AI-Generated Recipes | Recipes tailored to your calorie targets and dietary profile | Meal planning suggestions |
| Usage Analytics | API call counts, response times, error logs (anonymised) | System monitoring, cost tracking, abuse prevention |
We process your personal data for the following specific purposes:
| Purpose | Description |
|---|---|
| Core App Functionality | Analysing food labels, logging meals, tracking nutrition, generating recipes |
| Personalisation | Using your health conditions, dietary preferences, and goals to tailor nutrition scores and recipe recommendations |
| AI-Powered Analysis | Sending food images and meal descriptions to AI providers for nutritional breakdown (see Section 4) |
| Account Management | Creating and managing your user account, authenticating your identity |
| System Health & Security | Monitoring API usage, preventing abuse, tracking error rates, managing rate limits |
| Customer Support | Responding to queries and resolving issues |
We do not use your data for:
Important: MacroIt uses third-party AI services to power its core features. This section explains exactly what data is sent and how it is handled.
| Feature | Data Sent | AI Provider |
|---|---|---|
| Food Label Scanning | Captured food label image (temporarily, for that request only) | Google Gemini (2.0 Flash) |
| Meal Logging | Free-text meal descriptions (e.g., "2 roti with dal") | Google Gemini |
| Premium Insights | Nutritional data + your health conditions and dietary preferences | Google Gemini (2.5 Flash) |
| Recipe Generation | Your calorie/protein targets, dietary preferences, health conditions | Google Gemini |
| Barcode Lookup (Fallback) | Barcode number and product name | Perplexity AI (only when free databases fail) |
We follow the principle of data minimisation:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database hosting & authentication | All app data (encrypted at rest) |
| Google Gemini AI | Food scanning, meal parsing, recipe generation | Images, text, health profile (API calls only) |
| Perplexity AI | Barcode product lookup (fallback) | Barcode numbers, product names |
| OpenFoodFacts | Free barcode/product database lookup | Barcode numbers |
| RevenueCat | Subscription management | Subscription status, anonymous user ID |
| Apple / Google | Payment processing, app distribution | Payment details (handled entirely by Apple/Google) |
We do not share your personal data with any other third parties, advertisers, or data brokers.
We process your personal data based on your explicit, informed consent, obtained during the onboarding process. You may withdraw consent at any time by deleting your account (see Section 9).
| Data Type | Legal Basis |
|---|---|
| Account data (email, name) | Contract performance (Art. 6(1)(b)) — necessary to provide the service |
| Health data (conditions, diet, goals) | Explicit consent (Art. 9(2)(a)) — you actively provide and consent to processing |
| Usage analytics (anonymised) | Legitimate interest (Art. 6(1)(f)) — system monitoring and abuse prevention |
| AI processing | Explicit consent (Art. 9(2)(a)) — disclosed at onboarding |
We collect the following categories of personal information:
We do not sell your personal information. See Section 12.
| Data Type | Retention Period |
|---|---|
| Account Information | Until you delete your account |
| Health Profile | Until you delete your account or modify your profile |
| Meal Logs & Scan History | Until you delete your account or clear your history |
| API Logs (anonymised) | 90 days, then automatically deleted |
| Scan History | 180 days, then automatically deleted |
| AI-Processed Images | Not stored — processed and immediately discarded |
| Shopping Lists | Until you delete items or your account |
| Cached Nutrition Data | 7 days for query cache, indefinite for product database |
When you delete your account:
Our servers and database are hosted by Supabase on AWS Asia-Pacific (Mumbai, India). AI API calls to Google Gemini and Perplexity may be processed by servers located in the United States or other jurisdictions.
Data may be transferred to countries that may not provide the same level of data protection as your jurisdiction. We take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.
You have the right to:
To exercise any of these rights, please email us at berrybhavish086@gmail.com or use the in-app settings.
MacroIt uses AI to generate nutrition scores, health insights, and recipe recommendations. However, we do not use solely automated decision-making that produces legal or similarly significant effects on you. All AI-generated insights are informational only and do not replace professional medical or nutritional judgment.
| Measure | Details |
|---|---|
| Encryption in Transit | All data transmitted between the app and our servers uses TLS 1.2+ (HTTPS) |
| Encryption at Rest | Database is encrypted at rest via Supabase's infrastructure (AES-256) |
| Authentication | Secure JWT-based authentication with token rotation |
| Row-Level Security | Database policies ensure users can only access their own data |
| Rate Limiting | API rate limits prevent abuse and brute-force attempts |
| Access Control | Backend uses service-role keys; frontend never has direct database access |
| Secure Storage | Authentication tokens are stored using platform-secure storage (Keychain on iOS, EncryptedSharedPreferences on Android) |
| No Persistent Image Storage | Food label images are processed in-memory and immediately discarded |
Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but strive to use commercially acceptable means to protect your data.
MacroIt is not intended for users under 18 years of age in India (as required by the DPDP Act, 2023). For users outside India, the minimum age is 13 years (or the minimum digital age of consent in your jurisdiction).
We do not knowingly collect personal data from children below the applicable age threshold. If we discover that we have inadvertently collected data from a child, we will promptly delete it. If you believe a child has provided us with personal data, please contact us at berrybhavish086@gmail.com.
We do not sell your personal information. We have never sold personal information and have no plans to do so.
If you are a California resident, you have the right under the CCPA to request that we do not sell your personal information. Since we do not engage in such practices, no action is required on your part. However, you may still contact us at berrybhavish086@gmail.com for any inquiries.
We may update this Privacy Policy from time to time. When we make significant changes:
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
This Privacy Policy was last reviewed and updated on March 1, 2026.