Effective Date: August 12, 2025

NuMacros (“NuMacros,” “we,” “our,” or “us”) provides a nutrition and macronutrient tracking application and website (the “Services”). This Privacy Policy explains what we collect, how we use and share it, and the choices you have.

If you do not agree with this Policy, please do not use the Services.

1. What we collect

We collect the information you provide or that is generated when you use the Services:

• Account & Contact Info: email address, password (hashed), basic profile settings.
• Food Logs & Notes: text entries, nutrition values you input, goals, and preferences.
• Photos you upload (optional): meal images you choose to analyze for nutrition.
• Apple Health / HealthKit Data (optional; with your explicit consent): e.g., nutrition, weight, activity metrics you allow us to read.
• Usage & Device Data: app interactions, approximate location from IP, device identifiers, crash/diagnostic data.
• Marketing Preferences: your opt-in/opt-out choices, email engagement signals (opens/clicks).

We do not knowingly collect data from individuals under 18, and the Services are not directed to them.

2. How we use your data

We use information to:

• Provide the Services: create/log in to your account, store and display your logs, sync with Apple Health (if enabled).
• Process Photos: send images to an image-analysis tool to return estimated nutrition details; we keep only what is needed to deliver results and operate the feature.
• Improve & Secure: troubleshoot, debug, monitor performance, prevent fraud/abuse, and develop new features.
• Communicate: transactional emails (account, security, updates).
• Marketing (only if you opt in): send product updates, tips, and offers. You can unsubscribe anytime.

3. Health & Apple Health (HealthKit) data

We access Apple Health / HealthKit data only with your explicit consent and only to provide or improve health/fitness features.

We do not use HealthKit data for advertising or marketing, and we do not sell HealthKit data to third parties.

We do not combine HealthKit data with other data for targeted advertising or data brokering.

You can revoke Health permissions at any time in your Apple Health settings.

4. Legal bases (EEA/UK only)

If you are in the EEA/UK, we process:

• Contract: to provide the Services you request (account, logging, syncing).
• Consent: Health/HealthKit data, photos for analysis, marketing emails.
• Legitimate Interests: analytics, security, product improvement (balanced against your rights).
• Legal Obligations: respond to lawful requests, maintain required records.

You can withdraw consent at any time in app settings (where available) or by contacting us.

5. How we share information

We do not sell your personal information. We share only as described:

• Service Providers (processors): trusted third-party providers for secure cloud hosting, image analysis tools, analytics/diagnostics, and email communication platforms. They process data on our behalf under confidentiality and security obligations.
• Legal & Safety: to comply with law, enforce our terms, or protect rights, safety, and security.
• Business Transfers: in a merger, acquisition, financing, or sale of assets, your information may be transferred, subject to this Policy.

We do not share HealthKit data with third parties except to operate the health feature you requested or where you have explicitly consented.

6. Your choices & controls

• Health Permissions: manage in Apple Health settings.
• Marketing Emails: unsubscribe via link in any email.
• Access / Export / Delete: request a copy, correction, or deletion of your data by contacting us (see “Contact Us”). We may ask for verification before acting on a request.
• Account Deletion: you can request account and data deletion; we will also delete HealthKit-sourced data we hold (subject to legal retention requirements).

7. Data retention

We keep personal data for as long as your account is active or as needed to provide the Services, comply with legal obligations, resolve disputes, and maintain security (e.g., limited backups). When no longer needed, we delete or de-identify it.

8. Security

We use administrative, technical, and physical safeguards designed to protect information, including encryption in transit and at rest where appropriate, access controls, and vendor security reviews. No method of transmission or storage is 100% secure; use the Services at your own risk.

9. International transfers

We may process and store information in countries other than where you live. When we transfer personal data internationally, we rely on appropriate safeguards (e.g., Standard Contractual Clauses where applicable).

10. Cookies & tracking (Website)

Our website may use cookies or similar technologies for functionality, analytics, and to remember your preferences. You can control cookies via your browser settings. The mobile app uses device-level identifiers and in-app telemetry for diagnostics and performance.

11. State & regional privacy rights

California (CPRA): You have rights to know/access, delete, correct, and limit use of sensitive personal information, and to opt out of “sale” or “sharing” for cross-context behavioral advertising.

We do not sell personal information and do not “share” it for cross-context behavioral advertising.

You or your authorized agent can submit requests via the contact methods below. We will verify your identity before responding. We will not discriminate against you for exercising your rights.

Virginia/Colorado/Connecticut/Utah and similar laws: You may have rights to access, delete, correct, obtain a portable copy, and opt out of targeted advertising or profiling. Contact us to exercise rights. If we deny a request, you may appeal by replying to our decision; we will explain our final determination.

EEA/UK (GDPR): You may request access, rectification, erasure, restriction, portability, and object to processing based on legitimate interests, and you may withdraw consent at any time. You may lodge a complaint with your local supervisory authority.

12. Children’s privacy

The Services are not directed to individuals under 18. If we learn we have collected such data, we will delete it.

13. Third-party links

The Services may link to third-party sites or services. Their privacy practices are governed by their own policies.

14. Changes to this Policy

We may update this Policy from time to time. If changes are material, we will notify you by email or in-app notice. Your continued use of the Services after the effective date means you accept the updated Policy.

15. Contact Us