Privacy Policy

Effective Date: 20 April 2026 | Last Updated: 20 April 2026

Important: FoodHandi is a food discovery and meal tracking application. It is NOT a medical device, nutritionist service, dietitian, or doctor. FoodHandi does not provide medical, nutritional, or dietary advice for any health condition. Nutritional information displayed is sourced from public databases and is approximate. If you have a medical condition, pregnancy, allergy, medication concern, or health question, consult a qualified medical professional. FoodHandi is for general wellness information only.

1. Who We Are

FoodHandi ("we", "us", "our") is a mobile application based in Australia.

Contact for privacy matters:

Email: foodhandi.app@gmail.com
Location: Australia

When we refer to "FoodHandi", "the Services", or "the App", we mean the FoodHandi mobile application available on Apple App Store and Google Play.

2. Our Commitment

We take your privacy seriously. We collect only the data we need to provide the Services. We do not sell your data to any third party. We store your data securely using industry-standard practices. You have the right to access, export, and delete your data at any time.

This Privacy Policy explains what information we collect, how we use it, and the rights you have regarding your data.

3. Information We Collect

3.1 Information you provide directly

Email address — used for account creation, authentication, and service communications
First name and last name — displayed in your profile and used for personalization
Dietary preferences — e.g. vegetarian, vegan, non-vegetarian, food allergies, chosen cuisines
Meal logs — food items, portions, meal times, and dates you log in the app
Recipe content — recipes you create or upload to the app, including ingredients, steps, titles, and descriptions
Photos — images of food you upload for meal logging, recipe upload (Nani/Dadi feature), or visual reference

3.2 Information collected automatically

Device information — device type, model, operating system version, app version, language, time zone
Usage data — screens viewed, features used, app interaction events (for improving the app)
Crash reports — diagnostic information when the app encounters errors (no personal content)
Approximate location — country-level detection based on IP address (used for showing regional content)

We do NOT collect precise GPS location.

3.3 Subscription data

If you purchase a subscription through Apple App Store or Google Play:

Subscription status (active, expired, cancelled)
Subscription plan (monthly, annual, Family add-on)
Purchase date

Payment card and billing details are processed by Apple App Store or Google Play. We do not see, store, or have access to your payment card details.

3.4 Content moderation and safety

When you use the AI Chef feature (chat), we may temporarily process your message content to:

Generate responses through third-party AI services (see Section 5)
Detect harmful or prohibited content (per the Terms of Service)

Chat messages are stored in our database to maintain conversation context and for service improvement.

4. How We Use Your Information

We use your information for the following purposes:

Provide the Services — create your account, personalize your experience, deliver the features you use
Improve the app — understand how users interact with features, identify bugs, plan updates
Communicate with you — send account verification, password reset, subscription receipts, service updates, and respond to support requests
Ensure security — detect fraud, prevent abuse, comply with legal obligations
Comply with laws — respond to legal requests from competent authorities when required

We do NOT:

Sell your personal data to any third party
Share your personal data with advertisers for marketing purposes
Use your data for automated decision-making with significant impact
Use your data to train AI models (your personal recipes are not used for AI training unless you explicitly opt in)

5. Third Parties

We use the following third-party service providers to operate FoodHandi. Each receives only the data needed for their specific function:

Provider	Purpose	Data shared
Supabase (database + authentication)	Storing your account, meal logs, recipes. Hosted on AWS.	Account data, meal logs, recipes, app events
OpenAI (AI language models)	Generating AI Chef responses and processing food-related queries	Your text queries and chat history (for context)
Anthropic (AI language models)	Alternative AI provider	Your text queries
Mistral (AI language models)	Alternative AI provider	Your text queries
RevenueCat (subscription management)	Managing subscription status, renewals, and cancellations	Email, subscription plan, purchase history
Apple App Store	App distribution, subscription payments	Managed under Apple's Privacy Policy
Google Play	App distribution, subscription payments	Managed under Google's Privacy Policy
Sentry (crash reporting, if used)	Diagnostic information when app crashes	Device info, stack trace (no personal content)

Each service has its own privacy policy. We recommend reviewing them for further information.

6. Data Retention

We retain your personal data only as long as needed to provide the Services:

Account data (email, name, preferences) — retained while your account is active
Meal logs — retained while your account is active; exported/deleted on request
Recipes — retained while your account is active; deleted on account deletion
Photos — retained while your account is active; deleted on account deletion
Chat history — retained for up to 2 years for service improvement
Subscription records — retained as long as legally required for tax and accounting (typically 7 years in Australia)

Anonymized and aggregated usage data (no personal identifiers) may be retained longer for analytics and service improvement.

7. Your Rights

7.1 Under Australian Privacy Act, Indian DPDP Act, GDPR, and CCPA

You have the following rights regarding your personal data:

Right of access — request a copy of all personal data we hold about you
Right of rectification — update or correct your personal data
Right of erasure (right to be forgotten) — delete your account and all associated personal data
Right of data portability — receive your data in machine-readable format
Right to object — object to certain processing of your data
Right to withdraw consent — withdraw consent for data processing at any time

7.2 How to exercise your rights

Delete your account: Profile → Settings → Data & Privacy → Delete Account. Account and personal data are permanently removed from our active systems within 30 days.
Export your data: Profile → Settings → Data & Privacy → Export My Data. Your data is provided in machine-readable format (JSON) within 14 days.
Access / correct data: Profile → Edit Profile for basic corrections. For specific requests, email foodhandi.app@gmail.com.
Other requests: Email foodhandi.app@gmail.com with your request. We will respond within 14 days.

7.3 If you are in the European Union (GDPR)

In addition to the above rights:

You have the right to lodge a complaint with a supervisory authority
The legal basis for our processing is: (a) performance of a contract (to provide you the Services you have signed up for), (b) legitimate interest (to improve and secure the Services), and (c) your consent (where applicable)
If you do not provide required data, we may not be able to provide the Services

7.4 If you are in California, USA (CCPA + CPRA)

You have additional rights:

Right to know what personal information is collected, used, shared, or sold
Right to opt out of sale of personal information — we do not sell your personal information
Right to non-discrimination for exercising your rights
Right to correct inaccurate personal information

To submit a CCPA request, email foodhandi.app@gmail.com with subject line "CCPA Request".

7.5 If you are in India (DPDP Act 2023)

You have the rights of access, correction, erasure, and grievance redressal. Our grievance officer contact:

Email: foodhandi.app@gmail.com
Response time: within 14 days

8. Data Security

We implement industry-standard security practices to protect your personal data, including:

Encryption of data in transit (HTTPS/TLS)
Encryption of data at rest (Supabase default encryption)
Access controls to limit who can access user data
Regular security reviews

However, no method of electronic storage or transmission is 100% secure. In the event of a data breach that affects your personal data, we will notify you and the relevant authorities as required by law.

9. Data Transfers

FoodHandi is operated from Australia. Some of our third-party service providers are based in the United States, European Union, or other countries. When your data is transferred outside your country of residence:

For European users: we rely on Standard Contractual Clauses or equivalent safeguards
For Indian users: transfers are made under the Digital Personal Data Protection Act 2023
For Australian users: transfers comply with the Privacy Act 1988

10. Nutritional Data Sources

FoodHandi displays nutritional information calculated from public databases:

Indian Food Composition Tables (IFCT 2017) — published by the Indian Council of Medical Research — National Institute of Nutrition (ICMR-NIN)
USDA FoodData Central — Standard Reference Legacy, Survey FNDDS, Foundation
AUSNUT 2023 — published by Food Standards Australia New Zealand
CoFID 2021 — published by Public Health England / UK Food Standards Agency
Open Food Facts — open community database (for packaged food barcode scanning)

Where a dish is not directly represented, FoodHandi uses AI estimation, clearly labeled "Chef's estimate" in the interface. Values are approximate and should not be relied upon for medical, clinical, or diagnostic purposes.

11. Children's Privacy

FoodHandi is intended for users 18 years of age or older. Users 13–17 may use the Services only with the explicit consent and supervision of a parent or legal guardian. We do not knowingly collect personal information from children under 13.

If you believe a child under 13 has provided us with personal information, please contact us immediately at foodhandi.app@gmail.com and we will delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The latest version will always be available at our hosted URL (see the Privacy Policy link in the app's Profile → Legal section). We will notify registered users of material changes via email or in-app notification at least 30 days before the changes take effect.

Continued use of the Services after the effective date of updates constitutes acceptance of the revised Privacy Policy.

13. Legal Compliance

This Privacy Policy is designed to comply with:

Australia — Privacy Act 1988 (Cth) and Australian Privacy Principles
India — Information Technology Act 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011, and Digital Personal Data Protection Act 2023
European Union — General Data Protection Regulation (GDPR)
United States — California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
Other jurisdictions — applicable local privacy laws

14. Contact Us

For questions about this Privacy Policy or our data practices:

Email: foodhandi.app@gmail.com
Location: Australia

We aim to respond to all privacy-related inquiries within 14 days.