FAQs - Docify

What does this Privacy Policy cover?

This Privacy Policy applies to the MyMacroGo service, including the MyMacroGo mobile app (available on iOS and Android devices) and any associated website or online features (collectively, the "Services"). The Services are operated by MyMacroGo Ltd, a company registered in England and Wales under company number 16775441, with its registered office at 128 City Road, London, United Kingdom, EC1V 2NX.

MyMacroGo Ltd ("MyMacroGo", "we", "us", or "our") is committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our Services, which are designed to help users track macronutrients, scan menus, and manage their nutrition and health goals through AI-powered tools.

By using the Services, you consent to the practices described in this Privacy Policy. If you do not agree with the terms of this Policy, please do not use the Services. We may update this Policy from time to time, and we will notify you of any significant changes (see the "Changes to this Privacy Policy" section below).

Important Note on Accuracy: Our AI-powered macro tracking, menu scanning, and nutritional analysis features are provided for informational and guidance purposes only and are not intended as medical advice or a substitute for professional nutritional or health guidance. These tools rely on algorithms and third-party data sources, which may not always be 100% accurate due to variations in food preparation, portion sizes, or data availability. Restaurant and menu data may also be incomplete, outdated, or subject to change. Users should verify information independently and consult qualified healthcare professionals for personalised advice. MyMacroGo disclaims all liability for any inaccuracies or reliance on the Services.

What personal information do we collect about you?

We collect, store, and process personal information about you to provide and improve the MyMacroGo Services. This includes both "personal data" (information that identifies you as an individual) and "special category data" (sensitive details relating to your health, fitness, and dietary habits, which receives additional protection under UK data protection laws).

Personal Data

We collect the following types of personal data:

· Account Information: First name, last name (optional), email address, encrypted password, username (if created), and date of account creation.

· Payment Information: If you subscribe to a premium version of the Services, we record transaction details such as purchase date and subscription type (but not full payment card details—see below).

· Device and Usage Data: IP address, mobile device ID (e.g., advertising ID or device identifier), operating system, app version, browser type, and usage patterns (e.g., time spent in the app, features accessed, crash reports). This also includes push notification tokens (pseudonymised identifiers) if you enable notifications, to deliver app alerts.

· Location Data: Approximate location (derived from IP address) for regional content customisation, unless you opt out. Precise, live (real-time) location data (from device GPS and location services) when you enable location permissions in the app for features like recommending nearby restaurants based on your current position. Live location is only collected with your explicit consent and can be disabled at any time via app settings.

· Communication Data: Information you provide when contacting us via email, in-app support, or forums, such as query details and response history.

· Uploaded Content: Any photos or images you upload for menu scanning or profile pictures (processed via AI for nutritional analysis).

When you purchase a subscription via the MyMacroGo app, payments are processed securely by Apple In-App Purchases (for iOS) or Google Play Billing (for Android). We do not store your full card details; instead, we maintain records of your subscription status for account administration. These processors have their own privacy policies, which you should review: Apple's at apple.com/legal/privacy and Google's at policies.google.com/privacy.

If you purchase via the website (if available), we use Stripe as a secure third-party payment processor, and your payment details are governed by their privacy policy, available atstripe.com/privacy.

Special Category Data

As a macro tracking app focused on health and nutrition, we also collect and process the following sensitive "special category" data, which you provide voluntarily through your profile or tracking entries:

· Demographic and Health Data: Age, sex at birth, height, current weight, goal weight, body measurements (e.g., waist circumference if entered).

· Dietary and Fitness Data: Daily macronutrient intake (proteins, carbs, fats—calculated from food logs and scans), calorie consumption, meal photos/descriptions, activity levels (e.g., exercise type, duration), step count, active calories burned, and sleep data (if integrated).

· Health Status Indicators: Whether you are pregnant, breastfeeding, have dietary restrictions (e.g., allergies, vegan), or specific health goals (e.g., weight loss, muscle gain).

· Derived Metrics: Body Mass Index (BMI), basal metabolic rate (BMR), and nutritional summaries generated by our AI tools.

You provide explicit consent for us to collect and process this special category data when you register, log entries, or enable integrations (e.g., with fitness trackers). This consent is obtained via clear prompts in the app. Withdrawing consent (see below) may limit or prevent the use of core Services, such as personalised macro recommendations.

We do not collect genetic or biometric data beyond what's necessary for nutritional tracking.

When do we collect personal information about you?

We collect personal information at various points during your interaction with the Services:

· Registration and Account Creation: When you sign up via the app or website, you provide your email, name, and initial profile data.

· App Usage: Automatically during use, including food logging, menu scanning (via camera), and AI analysis of uploads.

· Location-Based Features: Live location data is collected only when you explicitly enable location services (e.g., via device permissions) for recommendations of nearby restaurants or location-specific nutritional tips.

· Integrations and Syncing: When you opt to link with third-party services like Apple Health, Google Fit, Fitbit, or Garmin. For example:

· Apple Health (iOS): You control permissions; we may read step counts, workouts, and calories burned, and write nutritional data back (e.g., daily macros). This data is stored solely in your MyMacroGo account for your use and not shared further without consent.

· Google Fit (Android): Similar opt-in process; we read activity data (steps, distance, heart rate if permitted) and store it privately in your account. No data is shared with these platforms without your explicit permission, and integrations comply with their developer policies.

· Payments and Subscriptions: During in-app or web purchases.

· Communications and Support: When you email us, use in-app chat, or participate in optional community forums (where you can post anonymously but must verify email).

· Push Notification Setup: When you grant permission via the app's consent prompt, we collect your device token for delivering notifications.

· Analytics: Via cookies and similar technologies on the website (see our [Cookie Policy]([insert link to Cookie Policy]) for details) or app telemetry for non-personal usage insights.

Forum participation is optional; you can read posts without sharing data, but posting requires email validation and a profile (real name optional). You control visibility of profile info in privacy settings.

How we use the personal information we hold about you, and our legal basis for this use

We process your personal data fairly, lawfully, and transparently, always minimising collection to what's necessary. Below is a table outlining key purposes, data types, and legal bases under UK GDPR:

We only rely on consent for special category data and location data and will not process it without your affirmative agreement. Aggregated data (non-identifiable) may be used for broader insights, like popular food trends, without identifying individuals. For push notifications, consent is granular—you can opt in/out for types (e.g., motivational vs. functional) via the app, and it's separate from email consent. We record your consent server-side for each notification type, ensuring a verifiable audit trail independent of device OS prompts.

Automated Decision-Making and Profiling

Under Articles 21–22 of the UK GDPR, we use automated processing in our AI tools (e.g., Google Gemini for menu scanning and personalised macro recommendations based on your profile data, such as age, weight, and activity levels). This may involve profiling to generate tailored insights, such as suggested meal plans or progress alerts.

These automated decisions do not produce legal effects or similarly significant impacts on you (e.g., they do not affect eligibility for services, credit, or employment). They are solely for enhancing your user experience within the Services. You have the right to:

· Obtain human review of any automated output (e.g., if a recommendation seems inaccurate, contact us for manual adjustment).

· Object to profiling at any time via privacy settings or by emailing privacy@mymacrogo.com.

We ensure transparency by explaining AI limitations during onboarding, and outputs are always advisory, not binding.

We do not sell your personal data. Sharing is limited to what's necessary for Service delivery, and always under strict agreements ensuring UK GDPR compliance (including Standard Contractual Clauses for non-UK transfers).

· Third-Party Providers: We use the following services to support our operations, which may process your data on our behalf:

· FatSecret and OpenFoodFacts: For nutrition databases and food data enrichment.

· Google Gemini: For AI-powered menu scanning and image recognition.

· Google Firebase: For authentication, database management, and app analytics. This includes Firebase Cloud Messaging (FCM) for delivering Android push notifications, which processes pseudonymised device tokens.

· Stripe: For secure payment processing (website subscriptions only).

· Google Cloud Storage: For secure storage of uploaded images and logs. Data processing agreements and confidentiality obligations bind these providers.

· Integrations: With your consent, we share limited diary data (e.g., macros, calories) with Apple Health or Google Fit for syncing. No further sharing occurs, and usage adheres to their developer and user data policies (e.g., Google's Limited Use requirements).

· Support Consultations: Rarely, we may share anonymised query details with nutrition experts for assistance—no identifiable info is disclosed.

· Analytics Tools: Pseudonymised data may be shared with Google Firebase for usage insights; we ensure safeguards for international transfers.

· Legal Requirements: We may disclose data to law enforcement, regulators, or courts if required by law, or to protect rights/safety.

· Business Transfers: In a merger/acquisition, your data may transfer to the new owner, bound by this Policy.

All third parties must respect data security and only use it for specified purposes. For more on specific providers, review their privacy policies (linked where applicable).

International Data Transfers: Certain third-party providers, including Google Gemini, Google Firebase, and Google Cloud Storage, are based in the United States and involve transfers of your personal data outside the UK/EEA. To protect your data, we implement the following safeguards:

· Standard Contractual Clauses (SCCs): Incorporated into our data processing agreements with these providers.

· UK International Data Transfer Agreement (IDTA): Used where applicable for post-Brexit compliance.

· Additional Measures: End-to-end encryption (TLS 1.3 in transit, AES-256 at rest), pseudonymisation of sensitive data, and regular audits of provider compliance.

These ensure an equivalent level of protection to UK GDPR standards. You can request details of specific transfer mechanisms by emailing privacy@mymacrogo.com.

How you can change your email preferences & data privacy

You have full control over your data. Manage preferences anytime:

· In the App: Tap 'Settings' > 'Privacy & Preferences' to adjust notifications, integrations, data sharing, email opt-outs, and location permissions. For push notifications, you can toggle types (e.g., tips, reminders) here; changes take effect immediately.

· On the Website: Log in > 'My Account' > 'Privacy Settings'.

· Emails: Use unsubscribe links or reply to opt out.

· Device-Level Controls: You can also manage push notifications globally via your phone's OS settings (iOS: Settings > Notifications > MyMacroGo; Android: Settings > Apps > MyMacroGo > Notifications). This will stop all app pushes, even if enabled in-app.

Withdrawing consent for special category data may suspend premium features; we'll explain the impacts.

Use of children's personal information

The Services are not directed at children under 18, as nutritional targets are based on adult profiles. We do not knowingly collect data from minors. If we discover such data, we will delete it promptly. Parents/guardians should contact us if concerned.

You have the following rights, exercisable free of charge (subject to limits for manifestly unfounded requests):

· Access: Request a copy of your data and confirmation of processing.

· Rectification: Correct inaccurate data (update via app or contact us; we'll verify within 1 month).

· Erasure ("Right to be Forgotten"): Delete data where no longer needed, consent withdrawn, or unlawful processing. Exceptions apply (e.g., legal retention); we'll notify.

· Restriction: Limit processing during disputes or verification.

· Portability: Receive your data in a structured format (e.g., CSV) for transfer.

· Objection: Oppose processing for direct marketing, profiling, or legitimate interests (we'll stop unless compelling reasons).

· Withdraw Consent: At any time, without affecting prior processing.

To exercise rights, email privacy@mymacrogo.com. We'll respond within 1 month (extendable for complexity). For appeals, contact the UK Information Commissioner's Office (ICO) atico.org.uk.

Keeping your personal information secure

Security is paramount. We use:

· Encryption (TLS 1.3) for data in transit and AES-256 at rest.

· Access controls, regular audits, and pseudonymisation where possible.

· Hosting on secure UK/EU clouds (e.g., Google Cloud with GDPR compliance).

· Breach notification within 72 hours if required.

Despite efforts, no system is infallible; we cannot guarantee absolute security

How long do we keep your personal information?

We retain data only as needed:

· Account data: While active, plus 3 years post-last use (for queries/reactivation).

· Health logs: Up to 3 years, then anonymised/deleted.

· Payments: 7 years for tax/compliance.

· Location data: Only while the feature is active; deleted immediately upon disabling consent or within 30 days of inactivity.

· Push notification tokens: Retained only while notifications are enabled; deleted upon opt-out.

Inactive accounts auto-delete after 3 years; re-registration starts fresh.

Changes to our Privacy Policy

This Policy is effective 18 October 2025. We may update it; minor changes post online immediately, major ones (requiring consent) via email/app notice. Check regularly.

Trading Address: 128 City Road, London, EC1V 2NX.

For Queries, Email privacy@mymacrogo.com or write to the above.