The short version
- We store your account, food logs, water, and weight, so the app works across your devices.
- Food photos are sent to our AI provider only to recognize what's in them, then discarded. We don't keep photos.
- We don't sell your data. We don't run ads. There are no third-party analytics or trackers in Bitey.
- You can delete your account, and every byte of data we hold about you, from inside the app. One tap.
- Apple Health data stays between your device and Apple. We never send it to our servers.
1. Who we are
This policy describes how Bitey (the "app," "we," "us") collects and handles personal information. Bitey is a calorie and meal tracking app for iOS and watchOS, operated by Luke Mulholland, a sole proprietor based in Vancouver, British Columbia, Canada. Questions? Email us at hello@heybitey.com.
2. What we collect
Information you give us
- Account: email address and password (or a Google sign-in token if you sign in with Google).
- Profile: optional details you enter during onboarding, name, gender, age, height, weight, activity level, goal (lose / maintain / gain), target weight, pace, and dietary preferences. These are used to calculate your daily calorie and macro targets.
- Food logs: meals, ingredients, portions, calories, macros, timestamps, notes.
- Water logs and weight logs you record.
- Subscription status (Pro / Free), validated via Apple's in-app purchase receipt. We never see your card details, those stay with Apple.
Information generated by using the app
- Scan usage counts: the number of AI photo scans you've run each day, so we can enforce your plan's scan quota.
- Streak and challenge progress.
Information we do not collect
- No analytics or telemetry. Bitey ships with no third-party analytics, crash reporting, advertising SDKs, or tracking libraries.
- No device identifiers for advertising. We don't use IDFA, fingerprinting, or any ad ID.
- No location data.
- No contacts, calendar, or browsing history.
3. Photos and AI recognition
When you take or pick a photo to log a meal, the image is resized on your device and sent over an encrypted connection to our food-recognition service (powered by OpenAI's vision models). The service returns a structured nutrition estimate. The photo itself is not stored, not by us, not in our database, not in any long-term log. Only the recognized nutrition data (food name, portion, calories, macros) is saved to your meal history.
OpenAI processes these requests on our behalf as a data processor. Under our API agreement, they do not use your photos or requests to train their models. You can review OpenAI's API privacy practices at openai.com/policies.
4. Apple Health (HealthKit)
If you grant permission, Bitey can read and write a narrow set of HealthKit data types, steps, active energy, exercise minutes, stand hours, body weight, dietary water, and workouts (read); and dietary energy, protein, carbs, fat, water, and body mass (write). This keeps Apple Health and Bitey in sync.
HealthKit data never leaves your device in a form that reaches our servers. Apple's rules prohibit this, and we follow them. Health data syncing happens locally between Bitey and Apple Health. You can review or revoke these permissions at any time in Settings โ Privacy & Security โ Health โ Bitey.
5. Device permissions
- Camera: used only when you take a photo to log a meal or scan a barcode. Images are used as described above.
- Photo library: used only when you explicitly pick a photo to log a meal.
- Microphone / Speech recognition: used only when you use voice logging, to transcribe what you say. The transcription happens via Apple's on-device Speech framework and the resulting text is sent to our recognition service. Audio is not stored.
- Notifications: if you opt in, for reminders and streak nudges.
- Apple Watch connectivity: to sync today's log, recents, and quick actions between your iPhone and watch.
6. Who we share data with
We do not sell your data. We share it only with the following service providers, and only to run the app:
- Supabase, hosts our authentication, database, and serverless functions. This is where your account and logs live. Data is encrypted in transit (TLS) and at rest.
- OpenAI, processes food photos and voice logs for recognition, as described in ยง3.
- Apple, handles sign-in (optional Google OAuth via Supabase), in-app purchases, TestFlight, and push notifications. Apple's privacy terms apply.
- Google, only if you choose "Sign in with Google." Google provides us your email and a sign-in token; nothing more.
We do not share your data with advertisers, data brokers, or marketing platforms. Ever.
7. Where your data lives
Your account and logs are stored in our Supabase project on infrastructure located in the United States. If you access Bitey from outside the U.S., your data is transferred to the U.S. for processing. By using Bitey, you consent to this transfer.
8. How long we keep data
We keep your data for as long as your account is active. If you delete your account (ยง10), we wipe your account record, meals, water logs, weight logs, scan usage, challenge progress, and profile from our database. Backups may retain a copy for up to 30 days before being overwritten in the normal backup rotation.
9. Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you.
- Correct or update it.
- Delete it (see ยง10).
- Export a copy, email us and we'll send you a JSON dump of your logs.
- Object to or restrict certain processing.
- Lodge a complaint with your local data protection authority (EEA / UK residents).
California residents (CCPA/CPRA): we do not "sell" or "share" personal information as those terms are defined under California law. You have the same access and deletion rights listed above.
10. Deleting your account
Open Bitey โ Profile โ Delete account. After two confirmations, we immediately delete your account, every meal, water log, weight entry, scan record, challenge, and profile row associated with it. You will be signed out.
If you can't access the app, email hello@heybitey.com from the address on your account and we'll handle it within 30 days.
11. Children
Bitey is not intended for children under 13 (or under 16 in the EEA / UK). We do not knowingly collect data from children. If you believe a child has created an account, email us and we'll remove it.
12. Security
We use TLS for every request between the app and our servers. Passwords are hashed by our authentication provider. Access to production data is limited to the people who operate the service. No system is perfectly secure, if we ever learn of a breach that affects you, we'll tell you promptly and explain what happened.
13. Changes to this policy
We'll update this page when practices change. The "Last updated" date at the top will change too. If the update is material, we'll flag it in-app or by email before it takes effect.
14. Contact
Email us anytime at hello@heybitey.com for privacy questions, support, or anything else.