Privacy Policy - HamEat

Introduction

HamEat ("we," "our," or "us") is committed to protecting your privacy. We believe in transparency and giving you control over your personal information. This Privacy Policy explains how we collect, use, share, and protect your data when you use the HamEat mobile application ("the App"). By using HamEat, you agree to the practices described in this policy.

1. Information We Collect

1.1 Personal Information You Provide

When you create an account or use HamEat, we may collect:

• Account Information: Email address, name, password (encrypted), and authentication tokens when you sign up via email, Google, or Apple Sign-In
• Health and Nutrition Data: Food diary entries, calorie intake, macronutrient data (protein, carbs, fat), micronutrient data (vitamins and minerals), meal photos, portion sizes, and meal timestamps
• Body Measurements: Weight logs, weight goals, height, age, activity level, and target weight
• Exercise Data: Workout logs, exercise types, duration, and estimated calorie burn
• Preferences: Calorie targets, water intake goals, notification preferences, language settings, and app customizations
• Custom Data: User-created foods, recipes, and meal templates

1.2 Automatically Collected Information

We automatically collect certain technical information when you use the App:

• Device Information: Device model, operating system version, unique device identifiers, mobile network information
• Usage Analytics: App screens viewed, features used, time spent in app, interaction patterns, crash reports, and performance metrics
• Camera and Photo Data: When you use AI meal photo analysis, we temporarily process meal photos on our servers. Photos are not permanently stored unless you explicitly save them to your diary

1.3 Third-Party Data Sources

We may receive information from third-party services you choose to connect:

• Firebase Authentication: Authentication tokens and profile information when you sign in via Google or Apple
• Apple HealthKit: Weight measurements, exercise data, and nutrition data (only if you grant permission)
• OpenAI Vision API: We send meal photos to OpenAI for AI-powered food recognition and nutrition estimation
• FatSecret API: We use FatSecret's food database to provide nutrition information for 1.9 million foods

2. How We Use Your Information

We use the collected information for the following purposes:

• Provide Core Services: Enable food tracking, calorie counting, nutrition analysis, weight tracking, and progress visualization
• AI Meal Analysis: Process meal photos through OpenAI's API to identify foods and estimate nutrition content
• Personalization: Calculate personalized calorie goals, provide nutrition recommendations, and customize the app experience based on your preferences
• Data Synchronization: Sync your data across devices using Firebase (optional cloud backup)
• Health Integration: Sync data with Apple HealthKit when you grant permission
• Analytics and Improvement: Analyze app usage patterns to improve features, fix bugs, and enhance user experience
• Communication: Send important updates, security alerts, and respond to your support requests

3. Information Sharing and Disclosure

We may share your information only in the following limited circumstances:

• With Your Consent: When you explicitly authorize us to share information
• Service Providers: We share data with trusted third-party services that help us operate the app (see Section 4 below)
• Legal Requirements: When required by law, court order, or government regulation
• Safety and Security: To protect the rights, property, or safety of HamEat, our users, or others
• Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)

4. Third-Party Services

4.1 Firebase (Google)

Purpose: Authentication, cloud data storage, and app analytics

Data Shared: Account information, authentication tokens, app usage data, device information

Privacy Policy: https://firebase.google.com/support/privacy

4.2 OpenAI Vision API

Purpose: AI-powered meal photo analysis and food recognition

Data Shared: Meal photos (temporarily processed, not permanently stored by OpenAI per their API policies)

Privacy Policy: https://openai.com/policies/privacy-policy

4.3 FatSecret Platform API

Purpose: Food database and nutrition information lookup

Data Shared: Food search queries, barcode lookups (no personal information)

Privacy Policy: https://www.fatsecret.com/Default.aspx?pa=privacy

4.4 Apple HealthKit

Purpose: Sync weight, exercise, and nutrition data with Apple Health

Data Shared: Only the specific health data types you explicitly authorize

Privacy: HealthKit data is controlled by iOS permissions and never sent to our servers

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL
• Secure Storage: Passwords are hashed and encrypted. Sensitive data is stored using iOS Keychain
• Access Controls: Strict access controls limit who can access user data
• Regular Audits: We conduct regular security assessments and updates
• Offline-First Design: Your core data is stored locally on your device, reducing cloud exposure

6. Data Retention

• Active Accounts: We retain your data for as long as your account is active or as needed to provide services
• Account Deletion: When you delete your account, your data is permanently removed from our servers within 30 days
• Local Data: Data stored locally on your device remains until you uninstall the app or manually delete it
• Backups: Backup copies are deleted within 90 days of account deletion
• Legal Obligations: We may retain certain information if required by law or for legitimate business purposes

7. Your Rights and Controls

You have the following rights regarding your personal information:

• Access: View and download all your personal data stored in the app
• Modification: Edit or update your profile, preferences, and diary entries at any time
• Export: Export your complete food diary, weight history, and exercise logs to CSV format
• Deletion: Delete individual entries, specific data types, or your entire account through the app settings
• Opt-Out: Disable analytics, notifications, and cloud backup in the app settings
• HealthKit Control: Manage HealthKit permissions through iOS Settings

8. Children's Privacy

HamEat is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will promptly delete that information. If you believe we have collected information from a child under 13, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We primarily use Firebase services hosted in the United States. By using HamEat, you consent to the transfer of your information to the U.S. and other countries where our service providers operate. We ensure appropriate safeguards are in place to protect your data in compliance with applicable laws, including GDPR for EU users.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy in the app with a new effective date
• Sending an in-app notification or email (for significant changes)
• Requiring acceptance of the updated policy before continued use (for material changes)

Your continued use of HamEat after changes are posted constitutes acceptance of the updated Privacy Policy.

12. Data Controller Information

The data controller responsible for your personal information is:

Hamster Desu
Bangkok, Thailand

---

Last updated: January 26, 2025