Privacy Policy

1. What this policy covers

This Privacy Policy describes what information MacroSquad ("we," "us," "our," operated by Karan Sharma (sole proprietor)) collects, how we use and disclose it, the third parties that process it on our behalf, and your rights over it.

It applies to the MacroSquad mobile application, the MacroSquad website at getmacrosquad.com, and related services (collectively, the "Service").

This policy does not cover third-party services you reach through links, or the independent data practices of the app stores and platforms you use to access the Service (e.g., Apple).

2. The short version

We collect only what we need to run the Service.
We do not sell your personal information and we do not "share" it for cross-context behavioral advertising, as those terms are defined under California law.
We use third-party processors (listed in Section 7) under contracts that restrict them to processing your data only on our instructions.
We do not use your data to train our own AI models, and our image-processing provider does not train on your photos: FatSecret has confirmed in writing (2026-06-10) that customer-submitted images are processed for the requested output only and are not used to train or improve its Image Recognition models (license §2.4.3).
You can export or delete your data at any time (Section 9).
Your friend graph is mutual-only. No public profiles. No discoverability without your action.
Importing your contacts to find friends is optional and opt-in, and we do not store your full address book (Section 3).

3. Information we collect

3.1 Information you provide

Account info: email, username, password (stored only as a salted hash), optional display name and profile photo.
Food / meal logs: food entries, macros, restaurant selections, free-text notes, timestamps.
Photos: meal photos you upload for AI macro estimation; optional profile photo.
Body metrics (health data): body weight, optional height, fitness goals (cut / recomp / bulk), and any other body metrics you choose to enter.
Social content: friend connections, reactions, comments.
Contacts (friend-finding — optional, opt-in): if and only if you tap to find friends from your contacts and grant the OS contacts permission, we process phone numbers and/or email addresses from your device address book solely to match against existing MacroSquad accounts. See Section 3.4 for exactly what we retain.
Subscription info: managed by Apple via RevenueCat; we receive subscription status and entitlement, not payment card details.
Support communications: emails or in-app messages you send.

3.2 Information collected automatically

Device info: model, OS version, app version, language/region.
Usage analytics: feature taps, sessions, and error logs. Individual food-log content is not transmitted to analytics; analytics events are designed to avoid carrying meal contents.
Push notification tokens (only if you enable notifications).
Approximate diagnostics: crash stack traces and performance metrics, used to debug the app.

3.3 Information from third parties

Apple In-App Purchase / RevenueCat: subscription status, entitlement, and transaction IDs (no card numbers).
Sign in with Apple (if used): only the email (or Apple private-relay proxy) and name you choose to share.

3.4 Contacts-import (friend-finding): exactly what we do

This is the most sensitive optional feature, so we describe it precisely:

The feature is off by default. It runs only after you tap "Find friends from contacts" and grant the iOS contacts permission.
On your device, we read phone numbers and email addresses from your address book.
We transmit one-way cryptographic hashes of those phone numbers/emails (normalized, then hashed) to our server, where they are matched against hashes of registered MacroSquad accounts.
We return only the matches that correspond to existing MacroSquad users.
We do not store your raw address book, do not store contacts who are not MacroSquad users beyond the transient matching operation, and do not message or invite anyone on your behalf without a separate explicit action by you.

4. What we do with it

Operate the Service: log meals, run AI macro inference, sync your friends-only feed, deliver notifications, and match contacts you opt to import.
Improve the Service: aggregate, de-identified analytics; debug crashes; evaluate AI prompt changes using de-identified or synthetic samples.
Communicate: account-related emails, support replies, and occasional product updates (you can unsubscribe from non-transactional messages).
Safety & integrity: detect abuse, enforce our Terms, and protect users.
Legal: comply with subpoenas, court orders, and regulatory requests.

We process the categories of data above on the legal bases described in Section 12 (for EU/UK users).

5. Photo handling and the SHA-256 content-addressed cache

When you upload a meal photo:

It is transmitted over TLS to our infrastructure (Cloudflare Workers + Supabase storage).
It is processed by FatSecret's Image Recognition API — our sole image-recognition provider — to identify the food and estimate macros.
A result is cached by SHA-256 hash of the image bytes so identical photos are not re-processed. The cache is content-addressed (keyed on the image bytes), contains no user identifiers, and stores only the derived nutrition estimate.

Cache persistence and deletion: because cache rows are keyed on image bytes and contain no link to you, an individual cache row can persist after your photo is deleted from your meal log and after account deletion. The cached row is not personal data because it cannot be associated with you. Your stored photo itself (which is personal data) is deleted as described in Sections 6 and 10.

6. AI image recognition and model-training (READ CAREFULLY — accuracy-sensitive)

Your meal photos are sent to an AI image-recognition provider so the Service can identify foods and estimate macros. Specifically:

FatSecret is our sole AI image-recognition provider. Meal photos you submit for macro estimation are sent to FatSecret's Image Recognition API and processed to return the food identification and macro estimate. No general-purpose large language model provider is in the runtime path.
FatSecret does not train on your photos. FatSecret has confirmed in writing (2026-06-10) that customer-submitted images are processed for the requested output only and are not used to train or improve its Image Recognition models (FatSecret license agreement §2.4.3).
We do not train our own models on your personal data. Any internal evaluation of our estimation pipeline uses de-identified, aggregated, or synthetic data. (FatSecret's §2.4.3 likewise prohibits us from using FatSecret API data to train external models — our practices comply.)

You can delete any photo at any time from the meal log. Deletion removes it from our storage and from your friends' feeds within reasonable engineering time.

7. Processors and disclosures (GDPR Art. 28 / CCPA service-provider framing)

We disclose personal information to the third parties below only as processors / service providers acting on our behalf. Each is engaged under a written contract (a Data Processing Addendum under GDPR Article 28, and "service provider" / "contractor" terms under the CCPA/CPRA) that: (a) limits the provider to processing data solely for the purposes we specify; (b) prohibits selling or sharing the data or using it for the provider's own purposes; (c) requires appropriate security; and (d) requires deletion or return of data on termination. Engaging any of these in a way that meets the CCPA "service provider" exemption means these disclosures are not a "sale" or "share."

Processor	Data shared	Purpose	Contract status
Apple / RevenueCat	Subscription status, entitlement, transaction IDs (no card numbers)	Subscription management & billing	Data Processing Addendum / service-provider terms maintained
FatSecret	Meal photos, food queries	Food database + AI image recognition (sole image-recognition provider)	Data Processing Addendum maintained; no-training confirmed in writing (§2.4.3)
Nutritionix	Restaurant/food queries	Restaurant & branded-food database	Data Processing Addendum / service-provider terms maintained
USDA FoodData Central	Generic food-name queries (no account identifiers)	Public nutrition reference data	Public US-government data source; queried for food data only under its public API terms
Open Food Facts	Generic food / barcode queries (no account identifiers)	Open food-products reference data	Open public data source; queried for food data only under its public API terms
Supabase	All stored data (account, logs, photos, body metrics, social graph)	Backend hosting, database, object storage, auth	Data Processing Addendum maintained
Cloudflare	Request data, edge routing metadata	Edge compute (Workers), routing, CDN, security	Data Processing Addendum maintained
Expo Push (Expo Application Services)	Push notification tokens, notification payloads	Delivering push notifications (routes via Apple Push Notification service)	Data Processing Addendum / service-provider terms maintained

We do not disclose personal information to advertising networks, data brokers, or analytics resellers.

8. What we don't do

We don't sell your personal information, and we don't "share" it for cross-context behavioral advertising (as defined under California law).
We don't share your friend graph with third parties.
We don't share individual meal content with anyone other than the friends you've explicitly added — except that your meal photos are sent to the AI processor in Sections 5–7 (FatSecret) so the app can identify foods and estimate macros.
We don't use your personal data to train our own AI models.
FatSecret confirmed in writing (2026-06-10) that submitted images are processed for the requested output only and not used for model training — see Section 6.
We don't show ads inside the logging flow. Free tier shows ads on home, paywall, and settings surfaces only; Premium has no ads at all.
We don't store your full address book; contacts-import is opt-in and match-then-discard (Section 3.4).

9. Your rights and how to exercise them

Depending on where you live, you have some or all of the following rights:

Access / know: request a copy of the personal information we hold about you.
Portability / export: export your data (Settings → Account → Export My Data).
Deletion: delete your account and associated data (Settings → Account → Delete Account).
Correction / rectification: correct inaccurate data.
Object / restrict / withdraw consent: object to or restrict certain processing, and withdraw consent where processing is consent-based (e.g., contacts-import).
Non-discrimination: we will not discriminate against you for exercising your rights.

How to exercise: use the in-app controls above, or email privacy@getmacrosquad.com. We will verify your identity before fulfilling a request and respond within the timeframe required by applicable law (generally 30–45 days, extendable where the law allows). You may use an authorized agent where the law permits.

Appeals: if we decline a request, you may appeal by replying to our response or emailing privacy@getmacrosquad.com with "Appeal" in the subject line. We will respond to appeals within the timeframe required by applicable law.

10. Data retention and deletion

Active accounts: data retained for the life of the account.
Account deletion: when you trigger account deletion, your account record, meal logs, social content, and stored photos (including object-storage bytes, e.g., R2/Supabase storage) are deleted promptly (typically within minutes). Deletion is tracked verifiably in our account_deletion_jobs system.
Cache: content-addressed AI-estimate rows (keyed on image SHA-256, no user identifiers) persist; these are not personal data (Section 5).
Backups: nightly/transaction backups age out and are rotated within up to 90 days.
Contacts-import: non-matching contact hashes are not retained beyond the transient match (Section 3.4); match results are reflected in your friend suggestions and not otherwise retained.
Legal retention exceptions: transaction/tax records held for audit purposes (typically up to 7 years) are retained in de-identified form (no link to you) wherever feasible.

11. Security

We use industry-standard safeguards: TLS in transit, encryption at rest, restricted access controls, salted password hashing, dependency scanning, and incident response. Body-weight and other health metrics are treated as sensitive and access-restricted.

No system is 100% secure. If you suspect unauthorized access to your account, contact security@getmacrosquad.com immediately. In the event of a data breach affecting your personal information, we will notify affected users and regulators as required by applicable law.

12. Legal bases for processing (EU/UK / GDPR)

Where GDPR or UK GDPR applies, we process personal data on these bases:

Contract: to provide the Service you signed up for (account, logging, AI inference, social feed).
Consent: for optional features such as contacts-import and push notifications; you may withdraw consent at any time.
Legitimate interests: to secure the Service, prevent abuse, and improve the product using de-identified data, balanced against your rights.
Legal obligation: to comply with law and respond to lawful requests.

We are the controller of your personal data; the providers in Section 7 act as processors under Article 28 contracts. The controller of your personal data is Karan Sharma (sole proprietor).

13. International data transfers

Data is processed in the United States and may be processed in other regions where our providers operate. For transfers of EU/UK/Swiss personal data to the US or other countries, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (and the UK Addendum / Swiss equivalents) and, where applicable, provider participation in the EU–US Data Privacy Framework.

14. Children (COPPA and minimum-age policy)

The Service is intended for users 13 and older and is not directed to children under 13. We do not knowingly collect personal information from anyone under 13. Because our minimum age is 13, the Service is not subject to COPPA's under-13 obligations. Users between 13 and 17 are subject to the additional terms in our Terms of Service (parental review and consent).

If we learn that we have collected personal information from someone under 13, we will delete it. If you believe a child under 13 has provided us information, contact privacy@getmacrosquad.com.

15. US state privacy rights (California CCPA/CPRA and other states)

California (CCPA/CPRA). California residents have the rights in Section 9, plus the right to know the categories of personal information collected, the purposes, and the categories of third parties to whom it is disclosed (see Sections 3 and 7). We do not sell or "share" personal information for cross-context behavioral advertising. We collect the categories: identifiers; customer records; commercial information (subscriptions); internet/usage activity; sensitive personal information (health metrics such as body weight; account credentials). We use sensitive personal information only for permitted purposes and not to infer characteristics. We honor the Global Privacy Control (GPC) and other recognized opt-out preference signals where required.

Other US states (e.g., Virginia, Colorado, Connecticut, Utah, Texas, and others as enacted): residents have access, correction, deletion, portability, and opt-out rights as provided by their state laws; exercise them as described in Section 9.

16. Changes to this policy

We may update this Privacy Policy. Material changes will be communicated in-app or via email at least 30 days before they take effect (or sooner where the law requires immediate notice).

17. Contact

Privacy questions / data subject requests: privacy@getmacrosquad.com
Security: security@getmacrosquad.com
General contact: support@getmacrosquad.com

Karan Sharma (sole proprietor)
Ann Arbor, Michigan, USA

EU representative (GDPR Art. 27): Not currently appointed; the Service is not actively offered to EU data subjects until a representative is appointed.
UK representative: Not currently appointed; the Service is not actively offered to UK data subjects until a representative is appointed.
Data Protection Officer / privacy contact: privacy@getmacrosquad.com

Effective date: June 11, 2026

Last updated: June 11, 2026

Version: 2.1