Privacy Policy

Last updated: April 20, 2026

This Privacy Policy explains what personal data Fuel Fox collects, why we collect it, and the choices you have. We’re a small team and we try to keep things simple: we collect only what we need to run the app for you, and we do not sell your data.

1. What we collect

Account data

When you sign up we collect your email address and a unique user ID issued by our authentication provider, Supabase. If you sign in with Google, we also receive your basic profile (name, profile picture) from Google — nothing else.

Nutrition data you log

Meals, macros, goals, presets, plans, weight entries, and notes you write inside the app. This is the core data we hold for you; it’s stored in your private Supabase row and is protected by row-level security so that only you can read or write it.

AI interactions

When you use the AI assistant or photo / description estimation, the text (and image, if applicable) of your request is sent to our server and then forwarded to Anthropic’s API to produce a response. Anthropic processes the request as a data processor on our behalf and does not use it to train its models. We store chat history and estimation results tied to your account so you can read them back later.

Subscription and purchase data

We use RevenueCat to manage subscription state. RevenueCat receives a pseudonymous user ID (your Supabase user UUID), the product IDs you purchase, transaction timestamps, and the renewal status. Apple handles the actual payment; we never see your payment card or Apple ID password. See RevenueCat’s privacy policy and Apple’s privacy policy for their processing details.

Apple Health (optional)

If you grant permission, Fuel Fox writes dietary energy and macro data you log into Apple Health. Health data stays on your device. Fuel Fox never reads anything back from Apple Health and never transmits Health data to our servers. You can revoke the permission at any time in iOS Settings → Health → Data Access & Devices.

Diagnostic data

We keep minimal server logs (timestamp, endpoint, user ID, HTTP status) to debug problems and enforce rate limits. We don’t use third-party analytics SDKs like Google Analytics or Firebase Analytics.

2. Why we use your data

• To run the app: authenticate you, save your meals, sync across devices.
• To produce AI estimates and chat responses you explicitly request.
• To enforce free-tier quotas and validate Pro entitlements.
• To improve the app (diagnose crashes, understand aggregate failure rates).
• To send you service notifications (e.g., subscription receipts).

We do not use your data for advertising, profiling, or sale to third parties.

3. Who we share it with

We rely on a small number of trusted processors to run the Service:

Supabase

Authentication and database hosting (EU region).

Netlify

Hosts our API server and website.

Anthropic

AI model inference. Requests are processed transiently and are not used for model training (per Anthropic’s commercial terms).

RevenueCat

Subscription state management.

Apple

In-App Purchase processing, App Store distribution, HealthKit (on-device only).

Google

OAuth sign-in, if you choose it.

OpenFoodFacts

Barcode lookups. We query it with just the barcode — no personal data is sent.

We also disclose data if required by law, to enforce our Terms, or to protect the rights, property, or safety of our users.

4. Where your data lives

Your account and meal data is stored in Supabase. Our processors may operate servers in other countries; when data leaves your region we rely on standard contractual protections offered by those processors.

5. How long we keep it

• Account and meal data: as long as your account is active.
• Chat history: indefinitely, unless you delete it from the app.
• Server logs: up to 30 days.
• After account deletion: we remove your personal data within 30 days, except where law requires us to keep it (e.g., tax records for subscription payments).

6. Your rights

You can:

• Access and export a copy of your data — email us and we’ll send it.
• Correct inaccurate data by editing it in the app.
• Delete your account, which removes your data as described above.
• Withdraw consent for optional permissions (HealthKit, Notifications) at any time in iOS Settings.
• Object to, or restrict, certain processing — contact us and we’ll do our best to accommodate.

If you’re in the EU, UK, or another region with additional data-protection rights, you may also lodge a complaint with your local data protection authority.

7. Children

Fuel Fox is not intended for children under 13 (or under the higher age of digital consent in your country). If you believe a child has provided us with personal data, contact us and we’ll delete it.

8. Security

We use HTTPS everywhere, keep API keys off the client, and rely on Supabase row-level security to isolate your data from other users. No system is perfect — if you spot a vulnerability, please email us right away.

9. Changes

We may update this policy. Material changes will be surfaced in the app and, where required by law, we’ll ask for your renewed consent. The “Last updated” date at the top always reflects the current version.

10. Contact

Email support@fuel-fox.app — we read every message.