Privacy Policy

1. Introduction

This Privacy Policy describes how APB Digital Office S.R.L ("we", "us", or "our"), a company registered in Romania with CUI 46849897, collects, uses, and protects your personal information when you use the Food & Fit mobile application ("App") and related services at foodandfit.elarislabs.com.

We are committed to protecting your privacy and ensuring transparency about how we handle your personal data in accordance with the General Data Protection Regulation (GDPR) and Romanian data protection laws.

By using our App, you consent to the collection and use of your information as described in this Privacy Policy.

2. Data Controller

APB Digital Office S.R.L acts as the data controller for your personal information. You can contact us at:

3. Information We Collect

3.1 Personal Information

When you create an account, we collect:

• Email address (required for account creation and communication)
• Name or display name (for personalization)
• Password (encrypted and stored securely)
• Profile preferences and settings

3.2 Health and Fitness Data

To provide our services, we collect:

• Food intake data and nutritional information
• Calorie consumption and expenditure
• Exercise and physical activity logs
• Body measurements and fitness goals (if provided voluntarily)
• Photos of food (processed for nutritional analysis)

3.3 Technical Information

We automatically collect:

• Device type and operating system
• App usage statistics and performance data
• IP address (for security and analytics)
• Log data and error reports

3.4 Camera and Photo Data

With your permission:

• Access to camera for food photo capture
• Photo processing for AI-powered food recognition
• Temporary storage of photos for analysis (deleted after processing)

3.5 Purchase and Subscription Data

For premium features and subscriptions, we collect:

• Subscription status and renewal information
• App Store or Play Store user identifiers
• Payment method information (stored by Apple/Google, not by us)
• Purchase history and refund requests
• Promotional code usage and discount applications

4. How We Use Your Information

4.1 Service Provision

• Provide personalized nutrition and fitness tracking
• Generate AI-powered food recognition and analysis
• Calculate calories and nutritional information
• Track progress toward your health goals
• Send you relevant notifications and reminders

4.2 Communication

• Send account-related notifications
• Provide customer support
• Share important app updates and changes
• Send password reset and security alerts

4.3 Improvement and Analytics

• Improve app performance and user experience
• Develop new features and functionality
• Conduct research and analytics (using aggregated, anonymous data)
• Ensure app security and prevent fraud

4.4 Subscription and Premium Features

• Process and manage in-app purchases and subscriptions
• Verify subscription status and grant access to premium features
• Handle subscription renewals, cancellations, and refunds
• Send subscription-related notifications and reminders
• Provide customer support for billing and subscription issues
• Analyze subscription metrics to improve our premium offerings

5. Legal Basis for Processing

Under GDPR, we process your personal data based on:

• Consent: For processing health data and photos with your explicit permission
• Contract Performance: To provide the services you've requested through our App
• Legitimate Interest: For app improvement, security, and analytics (with privacy safeguards)
• Legal Obligation: To comply with applicable laws and regulations

6. Third-Party Services

6.1 AI Processing

We use OpenAI's services to process food photos and provide nutritional analysis. Food photos are processed securely and are not stored permanently by us or OpenAI.

6.2 Email Services

We use Postmark for sending transactional emails (welcome messages, password resets, notifications). Only your email address and name are shared with this service.

6.3 Subscription Services

We use RevenueCat to manage in-app purchases, including subscriptions and lifetime offerings. RevenueCat processes purchase and subscription metadata (such as product identifiers and entitlement status) to verify access to premium features.

6.4 App Store Services

Information may be shared with Apple App Store and Google Play Store as required for app distribution and updates.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your data only in the following circumstances:

• With your explicit consent
• With service providers who assist in app operation (under strict data protection agreements)
• To comply with legal obligations or court orders
• To protect our rights, property, or safety, or that of others
• In connection with a business transfer or merger (with notification to users)

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit and at rest
• Secure authentication and password protection
• Regular security assessments and updates
• Access controls and employee training
• Secure data centers with physical security measures

9. Data Retention

We retain your personal data only as long as necessary:

• Account Data: Until you delete your account or request deletion
• Health Data: As long as your account is active, or until you delete specific entries
• Photos: Processed immediately and not stored permanently
• Log Data: Maximum of 12 months for security and improvement purposes

When you delete your account, we will delete or anonymize your personal data within 30 days, except where required by law to retain it longer.

10. Your Rights Under GDPR

You have the following rights regarding your personal data:

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

11. Cookies and Tracking

Our mobile app does not use traditional web cookies. However, we may use:

• Local storage for app preferences and offline functionality
• Session tokens for secure authentication
• Analytics identifiers for app improvement (anonymized)

You can manage these through your device settings or by contacting us.

12. International Data Transfers

Your data may be processed outside the European Economic Area (EEA) for:

• AI processing services (OpenAI - with appropriate safeguards)
• Email services (Postmark - with GDPR-compliant contracts)

We ensure that any international transfers comply with GDPR requirements through Standard Contractual Clauses or other approved mechanisms.

13. Children's Privacy

Our App is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

If you believe we have inadvertently collected information from a child under 16, please contact us immediately, and we will take steps to remove such information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Updating the "Last updated" date at the top of this policy
• Sending an in-app notification
• Emailing you at your registered email address
• Requiring consent for material changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Us and Complaints

If you have any questions about this Privacy Policy or wish to exercise your rights, contact us:

You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) if you believe we have not handled your data appropriately.

16. Consent and Agreement

By using our App, you acknowledge that you have read, understood, and agree to this Privacy Policy. You consent to the collection, use, and processing of your personal data as described herein.