Privacy Policy

Last updated: 13 June 2026 · Contact: privacy@trymacrosnap.com

The short version. MacroSnap analyzes photos and voice notes of your meals to estimate macros. We send that data to a small set of cloud services (Supabase, Anthropic, OpenAI) to make the app work. We don't sell your data, we don't train AI models on it, and we don't track you across other apps or the web. You can use MacroSnap without an account, and you can delete everything from inside the app.

1. What we collect

When you sign up

Email address (or Apple/Google ID if you use single sign-on)
A password hash — we never see your plaintext password
The display name you choose (optional)

When you set up your profile (onboarding — all optional, skippable)

During onboarding you can optionally tell us a few things so the app can personalize targets and greet you by name. Every field is optional — you can skip the entire step, and change or clear any of it later in Settings.

First name (used only to greet you in-app — "Hi, {name}")
Biometrics: biological sex, age, height, and weight (used to estimate body-weight-relative targets like protein and hydration). Weight is stored over time so you can see a trend.
Health context (sensitive). If you tell us, we store: whether you use or are considering a GLP-1 medication (we never ask for or store a brand name), whether you are in perimenopause or menopause, and whether you want sodium tracking for blood pressure. We use these only to tailor in-app targets and guidance. This is health-related information; we treat it as sensitive, never sell or share it, and never use it to train AI models. It is informational only and not medical advice.

When you log meals

Photos you take of meals (stored in your private storage folder)
Voice notes you record describing meals (sent to OpenAI Whisper for transcription, then discarded)
The text transcript that came back
The food items + macronutrient estimates we generated, plus any edits you made
The time and date of each meal
For Menu Mode: photos of restaurant menus you snap

When you use the app

Crash reports (sent to Sentry — includes phone model, OS version, and the stack trace; does NOT include your meal data unless that data caused the crash)
Anonymous usage events (sent to PostHog — e.g. "user logged a meal"; NOT meal content)
Diet preference, calorie/carb targets, theme preference, photo-retention preference

When you subscribe (optional)

Your subscription status + purchase history (managed by RevenueCat, keyed to your account). We never receive or store your card or bank details — Apple and Google process the payment itself.

What we do NOT collect

Your location (we don't request it)
Your contacts, calendar, or call/message history
Your browsing history or activity in other apps
Health data from Apple Health or Google Fit (planned for a future version — will require a separate explicit opt-in)

2. Why we collect each thing

Data	Why	Where it lives
Email + auth identifier	Sign you in across devices	Supabase Auth (US)
Meal photos	Show your meal history; AI analyzes the photo to estimate macros	Supabase Storage (US), private to your account
Voice clips	Transcribe what you said into text	Transient — sent to OpenAI, not stored by us afterward
Food + macro data	Show your daily macros; build your history; power your personal food cache	Supabase Postgres (US), private to your account
Menu photos	Same as meal photos	Supabase Storage (US), private
Crash reports	Fix the bugs that affected you	Sentry
Usage events	Understand which features are valuable	PostHog (US cloud)
Diet preferences	Configure the app to match your goals	Supabase Postgres (US)
Name + biometrics (sex, age, height, weight)	Greet you by name; estimate body-weight-relative targets; show a weight trend	Supabase Postgres (US), private to your account
Health context (GLP-1 use, menopause stage, sodium tracking) — sensitive, optional	Tailor in-app targets + guidance. Never sold, never shared, never used to train AI	Supabase Postgres (US), private to your account
Subscription status + purchase history (if you subscribe)	Unlock Pro features; restore your purchase across devices	RevenueCat (keyed to your account); we never see card data

3. Sub-processors

We rely on these third parties to operate MacroSnap. Each is bound by their own privacy policy and a contractual agreement that prohibits using your data for advertising or model training:

Sub-processor	What they do	Their policy
Supabase	Database + Auth + Storage hosting	supabase.com/privacy
Anthropic	Claude vision identifies foods + estimates macros from your photos	anthropic.com/legal/privacy
OpenAI	Whisper transcribes your voice notes	openai.com/policies/privacy-policy
Sentry	Crash reporting	sentry.io/privacy
PostHog	Usage analytics	posthog.com/privacy
RevenueCat (when you subscribe)	Manages your subscription status + purchase history (we never see your card details)	revenuecat.com/privacy
Apple (Sign in with Apple)	Identity verification	apple.com/legal/privacy
Google (Sign in with Google)	Identity verification	policies.google.com/privacy

4. AI training disclaimer

Your meal photos, voice clips, and food data are NEVER used to train AI models. Both Anthropic and OpenAI's API tiers (the ones we use) explicitly exclude API inputs from training under their published policies. We've configured our API access to use these no-training tiers and will move to a different provider if those terms change.

We also don't train any models ourselves. The "cache" of food data we build is per-account, used only to make your app faster on repeat foods — your data is not shared across accounts.

5. How long we keep your data

Your account + meal data: kept as long as your account exists. Delete it from Settings → Account → Delete.
Meal photos: kept based on your Photo Retention setting (default: keep forever; options: 30 days, or "don't save photos at all").
Voice clips: never stored. Transcribed and discarded in under 60 seconds.
Crash reports: 90 days.
Usage analytics: retained per PostHog's default settings.
After account deletion: we delete your data from our database within 30 days. Backups roll over within 90 days.

6. Sharing

We do not sell your personal data. We do not share it with advertisers or data brokers. We share data only with:

The sub-processors listed in §3, strictly for the functions they perform.
Law enforcement when legally compelled (subpoena, court order). We will notify you unless legally prohibited.

7. Your rights

Access your data — visible in-app; we can export it on request to privacy@trymacrosnap.com
Correct your data — edit any meal directly in-app
Delete your data — Settings → Account → Delete account. Soft-deleted immediately; permanently deleted after a 30-day restoration window. Signing in within that window restores the account; after day 30 deletion is irreversible.
Export your data — Settings → Account → Download my data.
Object to processing — close your account via the same Delete flow.
Restrict processing — Settings → Privacy → Anonymous analytics → off.

What you can opt out of

Telemetry	Default	User-controllable	Why
PostHog product analytics	On	Yes — Settings → Privacy toggle	Behavioral data used to prioritize features. One-tap opt-out.
`app_opened` cold-start counter	On	No	Reliability measurement. No PII, no behavior.
Sentry crash reports	On	No	Operational telemetry. Stack traces only — no meal data, no transcripts.

If you require a stricter opt-out, email privacy@trymacrosnap.com and we can flag your account for server-side telemetry exclusion.

Account deletion mechanics

The 30-day "soft delete" window exists for mistake recovery and subscription unwinding. Note: Apple and Google do not let us cancel your subscription when you delete your account — if you delete with an active subscription, it continues to bill until you cancel separately via the App Store / Google Play. The deletion screen warns about this.

After day 30 a scheduled job permanently removes your account row, profile, all meals and food items, all analysis logs, and every meal/menu photo in your private storage folder. Backups roll over within an additional 90 days.

EU/UK users have GDPR rights including data portability and the right to lodge a complaint with your local data protection authority. California residents have CCPA rights including the right to know and the right to delete.

8. Children

MacroSnap is not directed to children under 13 and we do not knowingly collect data from anyone under 13. If you believe we've collected data from a child under 13, contact privacy@trymacrosnap.com and we'll delete it. We do not engage in targeted advertising or behavioral tracking that triggers COPPA / GDPR-K.

9. Security

All data in transit is encrypted (HTTPS / TLS 1.2+).
All data at rest in Supabase is encrypted (AES-256).
Authentication uses industry-standard password hashing (bcrypt via Supabase Auth) or OAuth (Apple, Google).
Row-level security policies mean your data is only readable via your authenticated session.

We cannot guarantee absolute security — no online service can — but we hold ourselves to commercially reasonable standards.

10. Account linking edge cases

If you sign up with email/password and later use Sign in with Apple or Google with the same email, the identities may link into a single account. A different SSO email creates a separate account with no automatic merge. Contact privacy@trymacrosnap.com if you need accounts merged.

11. International transfers

Our data lives primarily in the US (Supabase US region). If you're outside the US, by using MacroSnap you consent to your data being transferred to and processed in the US. We rely on Standard Contractual Clauses with our sub-processors for EU→US transfers.

12. Changes to this policy

We'll update the "Last updated" date above whenever this policy changes. For material changes (new data we collect, new sharing) we'll surface an in-app notice and require you to acknowledge it.

13. Contact

Questions, requests, or complaints: privacy@trymacrosnap.com

← Back to home