TabetAI — Privacy Policy
Last updated: 8 July 2026 (beta)
This policy explains what TabetAI ("the app", "we", "us") collects, how it is used, and the choices you have. TabetAI is currently a beta product. Contact: support@tabetai.app.
Summary (the short version)
- Your food diary (meals, macros, exercise, weight) lives **on your device**. If you create an account, an encrypted-in-transit backup copy is stored with our backend so you can restore it.
- Meal photos you choose to capture are uploaded to our servers for AI analysis and stored in your account. Photos and text meal descriptions may also be used to train AI/machine-learning models and may be included in datasets that we license or sell, as described below.
- Health Connect data (steps, calories, exercise, distance) is read only with your permission, used on your device only, is **never uploaded to our servers, never sold, and never used to train AI**.
- Location is optional and off by default. If you opt in, your approximate area powers nearby food suggestions and your private saved "spots". Your location is never shown to other users and never used to train AI.
- We do not run third-party advertising and do not sell your identity.
What we collect and why
- Meal photos and text descriptions — used to (1) estimate nutrition with AI, (2) show your meal history, (3) share meals with groups you join, and (4) improve TabetAI, including AI training and dataset creation (see the next section). Uploaded to our backend (Supabase) and processed by Anthropic, our AI provider.
- Health & fitness data via Health Connect (steps, active/total calories, exercise sessions, distance) — read only after you grant permission; used solely on your device to show activity and adjust your calorie budget. Never uploaded, sold, shared, or used for AI training or marketing. This data is handled in line with Google's Health Connect permissions policy.
- Location (optional, off by default) — two separate opt-ins. (1) If you enable "Suggest things available near me", your approximate area (rounded to about 1 km) is included in that one AI request so suggestions match what's around you; it is not stored. (2) If you pin a location to a saved food "spot" or tag it to a restaurant/store, the coordinates are stored privately in your account so the app can resurface that spot when you're nearby. Spot locations are visible only to you — never to other users or groups — and are never used for advertising or AI training.
- Place searches — if you tag a food to a restaurant or store, your search text and approximate area are sent through our server to Google's Places service to find the place; we store the chosen place's name, address, and location with your private spot.
- Food, exercise, and weight logs — stored on your device; included in your cloud backup if you create an account.
- Account identifiers — you start with an anonymous account (a random ID). If you link an email, we store it for sign-in, backup, and recovery.
- Usernames and social features — your username, friend connections, and the meals you share into a group feed are visible to the friends/groups you choose.
- App economy and usage — energy, TabeGems, missions, streaks, and AI-usage counters, kept server-side to run the app fairly.
- Diagnostic basics — server logs (timestamps, request outcomes) to keep the service running and prevent abuse.
Meal photos: AI training and datasets
This is the part to read carefully.
By uploading a meal photo or text meal description, you grant us the right to use that content — including the full-resolution image — to:
- provide the service (nutrition analysis, your history, group sharing);
- train, fine-tune, and evaluate AI and machine-learning models, ours or those of partners we work with; and
- create, license, and sell datasets that include this content, for example food-image datasets used for research or commercial AI development.
Before including photos in datasets we apply de-identification measures: content is separated from your account identity, and we do not include your name, email, or account ID. Please avoid photographing people, documents, or other personal information along with your food — the subject of the photos should be the meal.
If you delete a photo or your account, we delete the content from the live service. Content already incorporated into trained models or datasets that have been distributed may not be retrievable; where feasible we exclude deleted content from future dataset versions and training runs.
If you do not want your photos used this way, do not upload photos — you can use text descriptions sparingly, log meals manually, or use your own API key in Developer mode (photos then go directly from your device to Anthropic and are not stored by us).
Third parties (sub-processors)
- Anthropic — processes meal photos/descriptions to estimate nutrition, subject to Anthropic's terms and privacy policy.
- Supabase — hosts our database, authentication, and photo storage.
- Google Play services — app distribution, Play Integrity (device/app verification), and Health Connect (on-device).
- Google Maps Platform (Places API) — when you search for or tag a place, your search text and approximate location are sent via our server to Google to return matching restaurants/stores, subject to Google's privacy policy. Our API key stays on the server; Google does not receive your TabetAI identity.
We do not sell your identity (name, email, contact details) to anyone. Dataset licensing described above covers de-identified meal content, not your identity or your health data.
Health Connect
TabetAI reads the listed Health Connect data types only after you grant permission, and uses them solely to display your activity and adjust your daily calorie budget on-device. You can revoke access at any time in Health Connect settings; the app keeps working without it. Health Connect data is never transferred off your device by TabetAI and is never used for advertising, AI training, or data sales.
Location and places
TabetAI never collects location in the background and never without an explicit opt-in. The app holds only the "approximate location" permission. Nearby-suggestion requests use your area rounded to about 1 km and are not stored. Saved-spot locations are stored in your private account data, shown only to you, and deleted when you remove the spot or delete your account. You can revoke the location permission at any time in Android settings; every feature keeps working without it.
Storage, security, and retention
Data in transit is encrypted (TLS). Photos are stored in a private bucket readable by your account (and, for small shared thumbnails, by group members you share with). Backups and server data are retained while your account is active. Local data stays on your device until you delete the app or clear it.
Your choices and rights
- Delete a meal/photo — removes it from your device, backup, and group feeds (subject to the dataset caveat above).
- Delete your account — Settings → Account → Delete account removes your cloud data (account, backup, photos, wallet, social links). Local data on your device is untouched until you uninstall.
- Revoke Health Connect access — via Health Connect settings.
- Data requests — email support@tabetai.app to access or delete your data, or with any privacy question.
Children
TabetAI is not directed at children under 13 (or the equivalent minimum age in your region), and we do not knowingly collect their data.
Changes
We may update this policy as the app evolves (this is a beta). Material changes will be announced in-app, and continued use after the effective date means you accept the updated policy.