Privacy Policy

Welcome to ProteinLog ("we," "our," or "us"), operated by Swiftful Dynamics. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, Apple Watch companion app, website, and related services (collectively, the "Service").

Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

Information you provide directly:

• Account information: Name, email address, and authentication credentials when you sign in via Apple, Google, or email.
• Dietary goals: Calorie, protein, carbohydrate, and fat targets you configure.
• Food logs: Meal entries, food item names, brands, portion sizes, and nutrition data you log or edit.
• Food photos: Images you capture or select for AI analysis. Photos are uploaded and stored on our cloud storage provider (Cloudflare R2) to enable photo display in your meal history and for processing purposes.
• Voice input: When you use the voice logging feature, audio is processed on-device using Apple's Speech framework to convert speech to text. The resulting text description is sent to our servers for AI analysis. We do not store raw audio recordings.
• Barcode scans: Product barcodes you scan are sent to third-party food databases to retrieve product information.
• Saved templates: Meal templates you create for quick re-logging.

Information collected automatically:

• Device tokens: Apple Push Notification service (APNs) device tokens to deliver meal analysis notifications.
• Usage and analytics data: We track in-app events (such as onboarding steps completed, features used, and meal analysis requests) to understand usage patterns and improve the Service.
• Subscription data: Subscription status, product identifiers, and billing period information received from our payment processor.
• Website analytics: Our website uses Vercel Analytics, which collects anonymized page view and visitor data. No cookies are used for tracking on our website.

If you grant permission, ProteinLog can write nutritional data to Apple Health, including:

• Dietary energy consumed (calories)
• Dietary protein
• Dietary carbohydrates
• Dietary total fat

HealthKit integration is entirely optional and requires your explicit permission. We do not read data from Apple Health. HealthKit data remains on your device and in Apple's ecosystem — it is never sent to our servers, used for advertising, or shared with third parties. You can revoke HealthKit access at any time in your device's Settings under Health > Data Access & Devices.

We use the information we collect to:

• Provide, operate, and maintain the ProteinLog service across iPhone and Apple Watch.
• Analyze food photos and text descriptions using AI to generate nutrition estimates.
• Look up barcode and food data from public and licensed nutrition databases.
• Track and display your daily nutrition progress against your goals.
• Sync your data between devices and our servers for a seamless experience.
• Send push notifications when meal analyses are complete.
• Process subscription transactions and manage your account status.
• Analyze usage patterns to improve app features and fix issues.
• Detect, investigate, and prevent fraudulent or unauthorized activity.

We do not sell your personal information to third parties.

We share information with the following categories of service providers, solely to operate and improve the Service:

• Authentication: Clerk manages user sign-in and account security. Clerk receives your email, name, and authentication method.
• AI analysis: Food photos and text descriptions are sent to AI models via OpenRouter (currently using xAI Grok and Google Gemini) to generate nutrition estimates. These providers process your content under their respective data processing terms.
• Food databases: Barcode scans and food searches are sent to FatSecret, the USDA FoodData Central API, and Open Food Facts to retrieve nutrition information.
• Cloud infrastructure: Our backend runs on Vercel. Meal data is stored in a PostgreSQL database hosted by Neon. Food photos are stored on Cloudflare R2.
• Background processing: Upstash QStash manages asynchronous job processing for meal analysis workflows.
• Payments: RevenueCat processes subscription transactions and manages entitlements. RevenueCat receives your anonymous app user ID and subscription events from the Apple App Store.
• Push notifications: Apple Push Notification service (APNs) delivers notifications to your device.

We may also share information when required by law, to protect rights and safety, or in connection with a business transfer such as a merger or acquisition.

Your data is stored on servers in the United States. We retain your personal data — including meal logs, food photos, and account information — for as long as your account is active or as needed to provide you services.

Food photos you upload are stored on Cloudflare R2 and remain accessible in your meal history until you delete the associated meal or your account. Deleted meals are soft-deleted and permanently removed during routine cleanup operations.

You may request deletion of your account and all associated data at any time by contacting us. We will process deletion requests within 30 days.

We implement industry-standard technical and organizational measures to protect your information, including:

• Encrypted data transmission (HTTPS/TLS) for all API communications.
• Authentication tokens with limited lifetimes.
• Presigned URLs with expiration for photo access.
• Server-side authentication on all protected API endpoints.

However, no internet transmission or electronic storage method is 100% secure. We cannot guarantee absolute security.

ProteinLog is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such data, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us immediately.

Depending on your location, you may have the following rights regarding your personal data:

All users:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data and account.
• Export your meal and nutrition data.

California residents (CCPA/CPRA):

• Right to know what personal information is collected, used, and shared.
• Right to delete personal information.
• Right to opt out of the sale or sharing of personal information. We do not sell or share your personal information for cross-context behavioral advertising.
• Right to non-discrimination for exercising your rights.

European Economic Area residents (GDPR):

• Right to access, rectify, erase, restrict processing, and data portability.
• Right to object to processing based on legitimate interests.
• Right to withdraw consent at any time.
• Right to lodge a complaint with a supervisory authority.

To exercise any of these rights, please contact us at the address below. We will respond within 30 days (or sooner if required by applicable law).

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date and, where appropriate, providing additional notice (such as an in-app notification). Your continued use of ProteinLog after changes are posted constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or wish to exercise your privacy rights, please contact us at: