Privacy Policy

Last updated: 18 April 2026

This Privacy Policy explains how ScanBite (“ScanBite,” “we,” “us”) collects, uses, shares, and safeguards information when you use the ScanBite iOS application (the “App”) and the websites we operate, including calorweb.meteerdal.workers.dev (collectively, the “Service”). We designed ScanBite to minimize the information we collect about you. Please read this policy carefully. If you do not agree with it, please do not use the Service.

1. Our approach at a glance

• No user accounts. You do not create an account to use ScanBite. We do not ask for your name, email address, phone number, or social login.
• Your log stays on your device. The food you log, meal plans you create, weights you enter, progress photos, and notes are stored locally on your iPhone. We do not maintain a copy of your personal log on our servers.
• Photos you scan are processed, not stored. When you scan a meal, menu, or barcode, the image is sent to our AI proxy for analysis and is not persistently linked to an identifier that we can trace back to you.
• Apple HealthKit data is never transmitted to us. If you grant ScanBite permission to read or write HealthKit values, that data moves between the App and the Apple Health database on your device only.

2. Scope

This Policy applies to the Service. It does not apply to third-party products, services, or websites that we do not operate, including the Apple App Store, Apple HealthKit, and any external links we may provide for your convenience.

3. Information we collect

3.1 Information you provide in the App

ScanBite lets you enter details such as your goals (for example, lose, maintain, or gain weight), activity level, dietary preferences, allergies, height, weight, water intake, mood, meal entries, recipes, and custom meal plans. This information is stored locally on your device using Apple’s SwiftData framework. It is not automatically sent to our servers.

3.2 Scan content (photos, audio, and text)

When you use AI Food Scan, Menu Scanner, Barcode Scan, or Voice Logging, the photo, audio transcript, or barcode you capture is sent to our proxy server. The proxy forwards the content to a large-language-model provider (currently Google’s Gemini API) that returns an identification and a nutritional estimate. Scan content is:

• transmitted over TLS;
• processed to produce the response you see;
• not stored by us for training or analytics;
• subject to the provider’s short-term processing logs as described by that provider.

Scan requests are authenticated with a device-bound attestation token (Apple App Attest) and a short-lived session token. We associate scan requests with a RevenueCat-issued anonymous user identifier to enforce plan limits, not to build a profile of you.

3.3 Device and integrity information

To prevent abuse of our AI quotas and to enforce the free trial fairly, we use Apple’s App Attest and DeviceCheck frameworks. These produce cryptographic assertions and two-bit device flags that Apple sends to our servers. We do not receive your IDFV, Apple ID, advertising identifier, or any other device identifier that can identify you personally.

3.4 Subscription and purchase information

Subscriptions are handled by Apple and by our subscription-management provider, RevenueCat. When you start a trial, subscribe, or restore a purchase, RevenueCat receives a receipt from Apple and returns subscription status (entitlement, product, renewal date). We do not receive your Apple ID, your payment card, or your billing address. Apple’s Privacy Policy governs the collection of payment information.

3.5 Network and proxy logs

Our AI proxy, operated on Cloudflare Workers, temporarily processes your IP address and request headers for the purpose of providing the service, enforcing rate limits, and defending against abuse. Cloudflare may process IP addresses under its own Privacy Policy. We do not use these logs to profile you or to link network requests to your stored data.

3.6 Diagnostic information

If you opt in to share diagnostic data with Apple (Settings → Privacy & Security → Analytics & Improvements → Share with App Developers), Apple may share aggregated, anonymized crash reports and energy logs with us. We use this information solely to fix bugs and improve performance.

3.7 Information we do not collect

• We do not collect your name, email, phone number, or photograph (outside of meals you scan).
• We do not use third-party advertising SDKs and do not run behavioral advertising.
• We do not use App Tracking Transparency tracking; ScanBite does not track you across apps or websites.
• We do not sell your personal information.

4. How we use information

We use the limited information described above to:

• provide the features you request (scan a meal, generate a plan, log water);
• authenticate your device and enforce fair-use quotas for AI features;
• manage your subscription, trial, and entitlements;
• maintain the integrity and security of the Service, including fraud prevention;
• comply with our legal obligations and enforce our Terms of Use.

5. Legal bases (EEA / UK users)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the General Data Protection Regulation and the UK GDPR:

• Performance of a contract — to provide the Service you asked to use.
• Legitimate interests — to secure the Service, prevent abuse, and improve reliability. You may object to this processing (see Section 9).
• Consent — where required, for example when you grant HealthKit access. You may withdraw consent at any time.
• Legal obligation — where required to comply with applicable law.

6. Sharing and service providers

We share limited information with the following categories of service providers acting on our behalf under contractual obligations of confidentiality and security:

• Apple Inc. — App Store distribution, App Attest, DeviceCheck, HealthKit, subscription billing, and diagnostic reports.
• Cloudflare, Inc. — hosting of the AI proxy and the ScanBite websites, DDoS protection, and rate limiting.
• Google LLC (Gemini API) — AI processing of scan content to return identification and nutrition estimates.
• RevenueCat, Inc. — subscription-state management and receipt validation.

We do not sell personal information. We may disclose information if required by law, by a valid legal process, or to protect the rights, safety, and property of ScanBite, our users, or the public.

7. International data transfers

Our service providers may process information in countries other than the country in which you live. Where personal data is transferred outside the EEA, the UK, or Switzerland, we rely on appropriate safeguards including the European Commission’s Standard Contractual Clauses and equivalent UK and Swiss addenda, or on provider-specific certifications.

8. Data retention

• Data on your device. Your food log, plans, weights, and other in-app entries remain on your iPhone until you delete them or delete the App. Deleting ScanBite removes all locally stored data.
• Scan content. We do not retain the photos, audio, or text you submit for scanning.
• Proxy counters. We keep rate-limit counters keyed to an anonymous RevenueCat identifier for short periods (minutes to a day) to enforce fair use.
• Subscription records. RevenueCat retains subscription status for as long as your subscription is active and for a reasonable period thereafter for accounting and tax purposes.
• Network logs. Cloudflare’s default Worker logging retains request metadata for short periods in line with its own retention policies.

9. Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing of personal data, and to data portability. Because most of your data lives on your device, you can exercise many of these rights directly:

• Access and portability: your entries are accessible to you inside the App.
• Deletion: deleting the App deletes all locally stored data. HealthKit data can be removed from Settings → Health.
• Objection / restriction: you can disable features (for example, HealthKit or voice logging) in iOS Settings.
• Subscription records: contact us at maotunko@gmail.com and we will work with our provider to honour your request to the extent required by law.

EEA, UK, and Swiss residents have the right to lodge a complaint with a supervisory authority. California residents have rights under the California Consumer Privacy Act, including rights to know, delete, correct, and to not be discriminated against for exercising those rights; we do not sell or share personal information as defined by that law.

10. Children

ScanBite is not directed to children under the age of 13 (or under 16 in the EEA/UK where a higher age applies). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at maotunko@gmail.com and we will take appropriate steps to delete it.

11. Security

We use reasonable administrative, technical, and physical safeguards to protect information we process, including TLS in transit, device-bound attestation for sensitive requests, and least-privilege access controls. No method of transmission over the Internet is fully secure, and we cannot guarantee absolute security.

12. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice in the App. Your continued use of the Service after a change becomes effective constitutes acceptance of the updated Policy.

13. Contact

Questions, requests, or concerns about this Policy can be sent to maotunko@gmail.com. General support questions go to maotunko@gmail.com.

This policy is a good-faith description of our practices. If you represent a regulated industry and need a formal Data Processing Addendum or Standard Contractual Clauses, write to us and we will work with you.