Back to Home

Privacy Policy

Effective Date: January 2, 2026

1. Introduction

Welcome to Dietflow. We are committed to protecting your privacy and being transparent about how we collect, use, and protect your personal information. This Privacy Policy explains our data practices for the Dietflow mobile application and website.

Dietflow is a holistic wellness app that combines intermittent fasting, meditation, mood tracking, and calorie management. We understand that you're trusting us with sensitive health information, and we take that responsibility seriously.

Contact for Privacy Inquiries: privacy@dietflow.app

2. Data We Collect

2.1 Health & Wellness Data

We collect the following health and wellness information when you use Dietflow:

  • Fasting Data: Fasting start/end times, fasting duration, fasting zones, and fasting history
  • Mood Tracking: Mood entries (mood type, timestamps, optional notes), emotional state patterns
  • Meditation Data: Meditation session duration, type, frequency, and completed sessions
  • Weight & Body Metrics: Weight, height, BMI, body measurements, and progress tracking
  • Food Logs: Food entries via photo, voice recording, or text; calculated nutrition data (calories, macros, vitamins, minerals)

2.2 Health Integration Data

With your explicit permission, we may sync data from:

  • Apple HealthKit: Steps, active calories, workouts, heart rate (iOS only, user-controlled)
  • Google Fit: Activity data, heart rate, steps (Android only, user-controlled)

Note: You can revoke health data access at any time through your device settings.

2.3 Account Data

  • Email address (for account creation and communication)
  • Authentication credentials (securely hashed, never stored in plain text)
  • Profile information: Name, age, gender, goals (optional)

2.4 Device & Usage Data

  • Device type and operating system version
  • App usage analytics (which features you use, when, and how often)
  • Crash reports and diagnostic data (for bug fixes and performance improvements)

2.5 Payment Data

  • Subscription status and tier (managed via RevenueCat)
  • Payment history (processed by Apple or Google, not stored by Dietflow)

Note: We do not store your credit card information. Payments are processed securely by Apple or Google.

3. How We Use Your Data

We use your information to:

  • Provide Core Functionality: Fasting timer, food analysis, meditation tracking, mood logging, progress analytics
  • AI-Powered Insights: Generate personalized coaching, identify patterns between fasting/meditation/mood, suggest improvements
  • Improve the App: Analyze usage patterns to enhance features, fix bugs, and optimize performance
  • Send Notifications: Remind you about fasting goals, meditation sessions, or progress milestones (with your permission)
  • Manage Subscriptions: Process payments, manage premium features, handle refunds

We do NOT:

  • Sell your personal data to third parties
  • Use your health data for advertising
  • Share your data with insurance companies or employers

4. Third-Party Services

We use the following trusted third-party services to operate Dietflow:

4.1 Supabase (Database & Authentication)

  • Purpose: Secure cloud database and user authentication
  • Data Shared: All app data (encrypted)
  • Security: SOC 2 Type II certified, GDPR compliant
  • Privacy Policy: supabase.com/privacy

4.2 OpenAI (AI Food & Scale Analysis)

  • Purpose: Analyze food photos and scale images using GPT-4 Vision
  • Data Shared: Food/scale photos (sent for processing, not stored by OpenAI per their policy)
  • Privacy Policy: openai.com/policies/privacy-policy

4.3 RevenueCat (Subscription Management)

  • Purpose: Manage in-app purchases and subscriptions
  • Data Shared: User ID, subscription status, purchase receipts
  • Privacy Policy: revenuecat.com/privacy

4.4 Apple HealthKit / Google Fit

  • Purpose: Sync health and fitness data (user-controlled)
  • Data Shared: Only data you explicitly authorize
  • Note: You control permissions in your device's Health app settings

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption
  • Encryption at Rest: Your data is encrypted when stored in our Supabase database
  • Secure Authentication: Passwords are hashed using bcrypt; we support OAuth (Google, Apple Sign-In)
  • Access Controls: Strict role-based access to production systems
  • Regular Audits: We conduct security reviews and monitor for vulnerabilities

HIPAA Note: Dietflow is a wellness app, not a medical device or HIPAA-covered entity. While we implement strong security practices, we do not guarantee HIPAA compliance.

6. Your Rights

You have the following rights regarding your personal data:

6.1 Access

You can request a copy of all your personal data stored by Dietflow.

6.2 Export

You can export your data in a portable format (JSON/CSV) from within the app.

6.3 Delete

You can request deletion of your account and all associated data. Data will be permanently deleted within 30 days.

6.4 Opt-Out

You can disable specific data collection features:

  • Revoke Apple HealthKit / Google Fit permissions in device settings
  • Disable usage analytics in app settings
  • Turn off push notifications

6.5 GDPR Compliance (EU Users)

If you're in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to data portability
  • Right to rectification (correct inaccurate data)
  • Right to restriction of processing
  • Right to object to processing

6.6 CCPA Compliance (California Users)

If you're a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale (we don't sell your data)
  • Right to non-discrimination for exercising your rights

To exercise any of these rights, email: privacy@dietflow.app

7. Data Retention

  • Active Accounts: We retain your data as long as your account is active
  • Deleted Accounts: All data is permanently deleted within 30 days of account deletion request
  • Legal Holds: We may retain data if required by law (e.g., tax records, legal disputes)
  • Backups: Deleted data may persist in encrypted backups for up to 90 days, then permanently removed

8. Children's Privacy

Dietflow is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you're under 13, please do not use Dietflow or provide any personal information.

If you're between 13 and 18, you may need parental or guardian consent to use Dietflow, depending on your local laws. Please check with a parent or guardian before using the app.

If we discover we've collected data from a child under 13, we will delete it immediately. If you believe we have such data, contact us at privacy@dietflow.app.

COPPA Compliance: We comply with the Children's Online Privacy Protection Act.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of material changes by:

  • Posting a notice in the app
  • Sending an email to your registered email address
  • Updating the "Effective Date" at the top of this policy

Your continued use of Dietflow after changes are posted constitutes your acceptance of the updated Privacy Policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: privacy@dietflow.app
Response Time: We aim to respond within 48 hours

For general support inquiries (not privacy-related), please use the in-app support feature or visit our website.

Back to Home