Privacy Policy

Effective date: 26 June 2026  ·  Last updated: 26 June 2026

Eatrace helps you find restaurant dishes nearby that fit your nutrition goals. Because Eatrace works with health and fitness information — your weight, body metrics, calorie and macro goals, and the meals you log — we take what we collect, and what we don't, seriously. This policy explains exactly what data Eatrace processes, why, who we share it with, and the controls you have.

The short version. We collect the minimum we need to run the app: your email, your fitness profile, and the meals you log. Your precise location and meal photos are used in the moment and not stored on our servers. We do not sell your data, we do not use an advertising identifier, and we do not track you across other companies' apps or websites.

1. Who we are

Eatrace (the "app", "we", "us") is operated by Cleolead Corp. of Alberta, Canada. We are the data controller for the personal data described here. For any privacy question or request, contact us at info@eatrace.app.

2. What we collect & why

We only collect what the app needs to function. The table below lists every category of personal data we process, why, and the purpose it serves.

DataWhat it isWhy we use it
Account identity Your email address and a Supabase Auth user ID. If you choose "Continue with Apple" or "Continue with Google", we receive the email (or Apple relay email) from that provider. To create and secure your account, sign you in, and send password resets and essential service emails.
Health & fitness profile Sex, age, weight, height, activity level, and your goal (lose / gain / maintain). From these we compute your calorie and macro (protein / carbs / fat) targets. To calculate your daily nutrition targets and score how well dishes fit them. This is health data and is treated with extra care.
Logged meals & macros Dishes and foods you add to your tracker, their calories and macros, barcodes you scan, and your saved meals and tracker history. To show your daily progress, history, and weekly reports, and to power Smart Pick recommendations.
Precise location Your device GPS coordinates, only while the app is in use, and only after you grant the OS permission. Used in the moment and not stored on our servers. To find restaurants near you and rank dishes by distance. See section 5.
Approximate country A coarse country code derived from your network connection (Cloudflare's cf-ipcountry header) when your app calls our backend. We do not store your IP address for tracking. To choose region-appropriate content and meet regional legal requirements.
Meal photos Photos you choose to take of a meal. Sent transiently for AI identification and not stored by us. See section 5. To recognise a dish or food and estimate its macros so you can log it.
Purchases & entitlements Your subscription status and entitlement. On iOS/Android this is handled by Apple/Google via RevenueCat (we never see your card). To unlock Eatrace Plus features, restore purchases, and handle renewals, refunds, and support.
Usage analytics First-party product events — e.g. screens viewed, onboarding steps, paywall views, food and barcode actions — stored in our own database and Google Analytics. See section 6. To understand which features are used, fix drop-off points, and improve the product. No advertising identifier is used.
Crash & error diagnostics Crash reports, error stack traces, device model, OS version, and app version, collected by Sentry. To detect, diagnose, and fix bugs and crashes.
We do not collect: your contacts, your photo library (beyond a meal photo you explicitly capture), health data from Apple Health or Google Fit, an advertising identifier (IDFA/AAID), or precise location in the background. Eatrace does not use your data for cross-app or cross-site advertising and does not sell your personal data.

3. Legal bases for processing (EEA / UK users)

If you are in the European Economic Area or the United Kingdom, we rely on these legal bases under the GDPR / UK GDPR:

You can withdraw consent at any time (for example, by turning off location or camera permission in your device settings, or by deleting your account). Withdrawing consent does not affect processing already carried out.

4. Third-party processors

We use a small set of trusted vendors to run Eatrace. Each acts as our processor under a data-processing agreement and may only use the data to provide their service to us.

ProcessorWhat it doesData it sees
SupabaseAuthentication, database, and backend (edge functions).Email, user ID, fitness profile, logged meals, analytics events.
RevenueCat (with Apple App Store / Google Play)Manages in-app subscriptions and entitlements on iOS and Android.An anonymous app user ID and your purchase / entitlement status. Apple/Google process the actual payment.
Google Analytics (GA4)First-party product analytics.Usage events and a first-party analytics identifier. Not linked to ad profiles; no advertising ID.
SentryCrash and error monitoring.Crash reports, stack traces, device/OS/app version.
AnthropicAI analysis of meal photos and menu text to identify dishes and estimate macros.The meal photo or menu text you submit, sent transiently for that request. Not used to train their models, and not stored by us afterwards.
Nutrition data providersSupply restaurant menus, food items, and nutrition/macro values.We send a query (e.g. a dish name or barcode); these lookups are not tied to your identity.

5. Location & meal photos — handled in the moment, not stored

Precise location

Eatrace requests location access only "While Using the App" — never in the background. We use your coordinates at the moment you look for nearby restaurants to find and rank dishes by distance, and then discard them. We do not store your precise location on our servers and do not build a location history. You can deny or revoke this permission at any time in your device settings; the app still works, you'll just need to set a location manually.

Meal photos

When you photograph a meal to log it, the image is sent transiently to our AI photo-identification service (powered by Anthropic) for that single request, used to identify the dish and estimate its macros, and then discarded. We do not retain your meal photos on our servers, and they are not used to train AI models. The camera is also used to scan barcodes; the barcode value, not the camera feed, is what we process.

6. Analytics & diagnostics

To improve Eatrace we record first-party product events (such as "paywall viewed", "meal logged", or "onboarding step completed") in our own database and in Google Analytics. These are tied to a first-party identifier so we can understand flows like sign-up completion and feature use. This is not advertising tracking: Eatrace does not use the iOS advertising identifier (IDFA) or Android advertising ID, does not share analytics with ad networks, and does not track you across other apps or websites. On iOS, if the App Tracking Transparency prompt appears, declining it does not reduce the app's functionality. Crash diagnostics from Sentry help us find and fix bugs.

7. How long we keep your data

8. Your rights & choices

You can, at any time:

If you are a California resident, you have the right to know, delete, and correct your personal information, and to not be discriminated against for exercising these rights. We do not sell or "share" (as defined by the CPRA) your personal information. Exercise any right by contacting info@eatrace.app.

9. Children

Eatrace is not directed to children under 13 (or the minimum age of digital consent in your country, where higher), and we do not knowingly collect personal data from them. Because the app involves weight and body-metric tracking, it is intended for adults and older teens with appropriate guidance. If you believe a child has provided us data, contact info@eatrace.app and we will delete it.

10. Security & international transfers

We protect your data with encryption in transit (HTTPS/TLS), database row-level security so users can only access their own records, and access controls on our systems. No method of transmission or storage is perfectly secure, but we work to protect your information and to notify you and regulators of a breach where required.

Our processors may store or process data in countries outside your own, including the United States. Where required, such transfers are protected by appropriate safeguards (for example, the European Commission's Standard Contractual Clauses).

11. Changes to this policy & how to contact us

We may update this policy as the app evolves or the law changes. When we make material changes we will update the "Last updated" date above and, where appropriate, notify you in the app. Continued use after an update means you accept the revised policy.

Questions, requests, or concerns? Email us at info@eatrace.app. Governing law for this policy is Alberta, Canada.