Just Ate — Privacy Policy
Last updated: 6 July 2026 · Effective: 6 July 2026
1.Who we are
Just Ate ("Just Ate", "the app", "we", "us", "our") is a mobile application for fast, AI-assisted food and nutrition logging. The app is operated by Aleksandr Karpov, an individual developer based in Germany.
For the purposes of the EU General Data Protection Regulation (GDPR), the UK GDPR, and comparable laws, Aleksandr Karpov is the data controller of your personal data.
Contact for privacy matters:
- Email: support@justateapp.com
- Postal: Duisburger Str. 42, 47166, Duisburg, Germany
This policy explains what data Just Ate collects, why, the legal bases we rely on, who we share it with, how long we keep it, and the rights and controls you have.
2.Summary (the short version)
- We collect the information needed to run a personal nutrition diary: your account identity, profile and goals, food logs (text, voice, photos), AI nutrition estimates, selected Apple Health data (only with your permission), app settings, and usage/analytics data.
- We use it to calculate your targets, save your meal history, generate AI food estimates, show your progress, send reminders you enable, provide support, and keep the app reliable and secure.
- We do not sell your personal data. We do not use it for third-party advertising. We do not track you across other companies' apps or websites.
- Our main service providers ("processors") are Google Firebase (accounts, database, file storage, cloud functions, analytics) and OpenAI (analysing your meal text, images, and voice). Payments and the app platform are handled by Apple.
- You can delete your data or your whole account from inside the app at any time, and you have full data-protection rights described in Section 10.
3.The data we collect
3.1 Account and identity data
- Email address and authentication identifiers when you create an account or sign in (email/password, Sign in with Google, or Sign in with Apple).
- A unique user ID (Firebase Auth UID) that links your data to your account.
- If you use Sign in with Apple's "Hide My Email" feature, we receive only a private relay email address.
3.2 Profile, body and goal data (health-related)
To calculate your energy and nutrition targets, we collect the profile information you enter during onboarding and can edit later, which may include:
- Height, weight, age or date of birth, and sex/biological sex.
- Activity level, your goal (for example: cut, maintain, bulk, recomp, or eat enough), your chosen pace, and dietary preferences.
- Calculated outputs such as BMR/TDEE, calorie targets, and macronutrient (protein/carbohydrate/fat) targets.
Some of this is health-related data, which is treated as a special category of personal data under GDPR/UK GDPR (see Section 5).
3.3 Food log content
When you log a meal, we collect and store the content you provide and what the app generates from it:
- Text descriptions of what you ate.
- Voice recordings you dictate. Audio is sent to our transcription provider to convert speech to text; see Section 4.
- Photos of meals you take with the camera or choose from your photo library. Images are uploaded to secure cloud storage for AI analysis and to display in your diary.
- AI-generated nutrition analysis: the structured result created from your input — identified dishes and ingredients, estimated portion sizes/grams, calories, macronutrients, and a confidence indicator.
- Edits, deletions, "undo" actions, meal tags (breakfast/lunch/dinner/snack), timestamps, and any refinements you make.
3.4 Derived and diary data
- Daily nutrition summaries, streaks, monthly calendar status, and meal suggestions generated from your own history.
3.5 Apple Health data (only if you connect it)
If you grant permission, Just Ate uses Apple HealthKit to:
- Read selected data such as height, weight, active energy, and resting energy, to calculate your targets and energy balance.
- Write the calories and macros you log back to Apple Health, only when you turn on nutrition sync.
Data obtained through HealthKit is used solely to provide app features. It is never sold, never used for advertising, and never shared with third parties. You can revoke Health access at any time in the iOS Settings app.
3.6 Device, technical and usage data (analytics)
We use Firebase Analytics / Google Analytics for Firebase to understand how the app is used and to improve it. This includes:
- App usage events, for example: sign-up and login, screen views, onboarding steps, food-log started/completed/failed/edited/deleted, activation ("first food log completed"), log duration, and (once available) paywall views, trial starts, purchases, and restores.
- A Firebase installation/app-instance identifier, device model, operating-system version, app version, language, and coarse region/country derived from your IP address.
We do not use this data to build advertising profiles or to track you across other companies' services.
3.7 Notifications
If you enable notifications, we store a push token so we can send the reminders and lifecycle nudges you opt into (for example, a trial reminder). You can turn notifications off at any time in iOS Settings.
3.8 Subscription and purchase data
When paid subscriptions are available and you purchase one, the transaction is processed by Apple through the App Store. We do not receive or store your full payment card details. We receive from Apple a subscription/transaction status (for example, active, trial, expired, refunded) needed to unlock paid features and to restore purchases.
3.9 Support communications
If you email us, we receive your message, email address, and anything you choose to include, and we keep it to handle your request.
We do not knowingly collect precise location, contacts, or advertising identifiers for cross-app tracking.
4.Service providers (processors) and international transfers
We rely on a small number of trusted providers that process personal data on our behalf and under our instructions to deliver the app. They are not permitted to use your data for their own purposes.
| Provider | What it does for Just Ate | Data involved |
|---|---|---|
| Google Firebase / Google Cloud (Google Ireland Ltd / Google LLC) | Authentication, database (Firestore), image storage, cloud functions, analytics, remote configuration | Account identity, profile/goals, food logs, images, summaries, usage/analytics data |
| OpenAI (OpenAI, L.L.C. / OpenAI Ireland Ltd) | AI analysis of meal text and images; speech-to-text transcription of dictated meals | Meal text, meal images, meal audio you submit |
| Apple (Apple Inc. / Apple Distribution International Ltd) | App distribution, Sign in with Apple, HealthKit, push notifications, in-app purchases/subscriptions, ratings prompts | Account/purchase status, and the platform data Apple processes as a controller under its own policy |
| Google (Sign-In) | "Sign in with Google" authentication, if you choose it | Your Google account email and basic profile identifiers |
Some of these providers are located in, or may process data in, the United States or other countries outside the EU/EEA and the UK. Where personal data is transferred outside the EEA/UK, we rely on appropriate safeguards recognised under GDPR/UK GDPR — primarily the European Commission's Standard Contractual Clauses (and the UK Addendum), and, where applicable, the EU–U.S. Data Privacy Framework. You can request a copy of the relevant safeguards using the contact details in Section 1.
We do not sell your personal data, and we do not share it with third parties for their own advertising or marketing.
5.Legal bases for processing (EU/UK users)
We only process your personal data where we have a legal basis under GDPR/UK GDPR:
- Performance of a contract (Art. 6(1)(b)) — to create and run your account, store your logs, calculate targets, generate AI estimates, and provide the features you request.
- Consent (Art. 6(1)(a)) — for optional features such as connecting Apple Health, camera/microphone/photo access, and push notifications. You can withdraw consent at any time (see Section 10) without affecting prior processing.
- Explicit consent for health data (Art. 9(2)(a)) — your body metrics, goals, and Apple Health data are special-category (health) data. We process them based on your explicit consent, which you give when you enter this information or connect Apple Health, and which you can withdraw at any time by editing or deleting the data, disconnecting Health, or deleting your account.
- Legitimate interests (Art. 6(1)(f)) — to keep the app secure, prevent abuse, apply rate limits, and understand aggregate usage to improve the product, balanced against your rights. Where required by law (for example for non-essential analytics), we rely on your consent instead.
- Legal obligation (Art. 6(1)(c)) — to comply with applicable law and respond to lawful requests.
6.How we use your data
We use your data to:
- Create and secure your account and authenticate sign-in.
- Calculate your calorie and macronutrient targets and energy balance.
- Turn your text, voice, and photos into structured food logs using AI.
- Save your meal history and show your daily/weekly progress, streaks, and suggestions.
- Sync selected nutrition data to Apple Health when you enable it.
- Send reminders and lifecycle notifications you opt into.
- Provide customer support and respond to your requests.
- Operate, maintain, debug, secure, and improve the app, and prevent abuse.
- Process subscriptions and restore purchases via Apple.
We do not use your food, health, or profile data to make decisions producing legal or similarly significant effects about you, and we do not use automated decision-making of that kind. AI meal analysis is an estimation tool you can always review, edit, or delete.
7.Data retention
- Account, profile, food logs, images, and summaries are kept for as long as your account is active, so the app can show your history.
- When you delete individual logs or images, they are removed from your active storage.
- When you delete your data or your account (Section 9), we delete your stored logs, summaries, uploaded images, and, for account deletion, your sign-in record. Residual copies in encrypted backups are overwritten on our providers' normal backup cycle.
- Analytics data is retained according to our analytics provider's configured retention window and is held in aggregated/pseudonymous form.
- Support emails are kept for as long as needed to handle your request and for a reasonable period afterwards.
- We may retain limited information where necessary to comply with legal obligations, resolve disputes, or enforce our agreements.
8.How we protect your data
- Data is transmitted over encrypted connections (HTTPS/TLS) and stored on Google Firebase infrastructure with encryption at rest.
- Access is restricted by security rules so that each user can only read and write their own data; uploaded images are stored in a per-user, access-controlled location.
- Server-side functions apply per-user rate limits to reduce abuse.
- No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we take reasonable measures appropriate to the sensitivity of the data.
9.Your controls inside the app
- Edit or delete any food log and undo your most recent log.
- Delete your data or delete your entire account from the Profile screen. Account deletion removes your stored logs, summaries, uploaded images, and your sign-in record.
- Manage Apple Health access in iOS Settings › Privacy & Security › Health.
- Manage camera, microphone, photo, and notification permissions in iOS Settings.
- Manage or cancel subscriptions in iOS Settings › your Apple Account › Subscriptions.
10.Your privacy rights
10.1 EU/EEA and UK users (GDPR / UK GDPR)
You have the right to:
- Access the personal data we hold about you and receive a copy.
- Rectify inaccurate or incomplete data.
- Erase your data ("right to be forgotten").
- Restrict or object to certain processing.
- Data portability — receive your data in a structured, commonly used, machine-readable format.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with your local supervisory authority. In Germany this is your national data protection authority; a full list of EU authorities is available at edpb.europa.eu. UK users may complain to the Information Commissioner's Office (ico.org.uk).
To exercise these rights, use the in-app controls in Section 9 or email support@justateapp.com. We will respond within the time limits required by law (generally one month under GDPR/UK GDPR). We may need to verify your identity first.
10.2 California users (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect and how it is used, to request access to and deletion of your personal information, to correct inaccurate information, and to not be discriminated against for exercising your rights.
We do not "sell" or "share" your personal information as those terms are defined under the CPRA, and we do not process it for cross-context behavioural advertising. To exercise your rights, email support@justateapp.com.
10.3 Canada (PIPEDA) and other regions
If you are in Canada or another region with applicable privacy law, you may request access to and correction of your personal information and may contact us with concerns. You may also contact the Office of the Privacy Commissioner of Canada. Use the contact details in Section 1.
11.Children's privacy
Just Ate is intended for users aged 13 and older and is not directed at children under 13. We do not knowingly collect personal data from children under 13. Where local law sets a higher age of digital consent, users below that age should use the app only with the consent of a parent or guardian. If you believe a child has provided us personal data, contact support@justateapp.com and we will delete it.
12.Changes to this policy
We may update this policy as the app evolves. We will change the "Last updated" date above and, for material changes, provide a more prominent notice in the app or by other appropriate means. Your continued use of the app after an update means you accept the revised policy.
13.Contact
Questions or requests about this policy or your data:
Aleksandr Karpov
Email: support@justateapp.com
Postal: Duisburger Str. 42, 47166, Duisburg, Germany