Bite Built AIBite Built AI — home

Legal

Privacy Policy

How Bite Built AI handles the data you share with us.

Last updated April 22, 2026

Bite Built AI (“we,” “us,” or “our”) provides a mobile application and website (the “Service”) that help you log meals, track macros, and record workouts. This policy explains what data we collect, why, and the choices you have.

We designed the Service to collect as little as the feature you're using needs. When in doubt, we don't collect it.

1. Data we collect

Account data

When you create an account, we store your email, a hashed password, your display name (if provided), and optional profile details (age, sex, height, weight) used for BMR and macro calculations. If you sign in with Apple or Google, we receive the identifier the provider returns and, where you grant it, your email.

Health and fitness data

The core of the Service is health-related. We collect and store:

  • Foods you log (name, portion, macros, meal type, timestamp)
  • Workouts (exercise, sets, reps, weight, duration)
  • Body-metric entries you add (weight, body-fat %)
  • Optional data from Apple HealthKit or Google Health Connect when you explicitly grant permission — typically steps, active energy, and workouts

Health data stays associated with your account. It is never sold, never used to train third-party models, and never shared with advertisers.

Photos you take for meal logging

When you use the in-app camera or attach a photo to a meal, the image is uploaded to our private object store (Cloudflare R2) and processed by our AI vision pipeline to estimate foods and portions. You can delete photos at any time from the meal detail screen; deletion removes the file from storage within 24 hours.

We retain photos only so you can review past meals. We do not use your meal photos to train external models.

Device and usage data

When you use the app or site we collect standard technical data: device type, operating system, app version, crash reports, and privacy-respecting analytics events (which screen you visited, which features you used). We do not track you across other apps or sites.

2. How we use your data

  • To provide the core tracking, photo-logging, and analytics features
  • To personalize macro targets and suggestions
  • To authenticate your account and keep it secure
  • To process subscription payments through Apple, Google, or RevenueCat
  • To diagnose crashes and fix bugs
  • To send transactional email (password resets, receipts, security alerts)

3. Service providers we use

We rely on a small set of trusted providers to run the Service. Each receives only the data it needs to do its job.

  • Neon— managed PostgreSQL database (hosts your account, diary, and workout records; US region).
  • Cloudflare R2— private object storage for meal photos.
  • Render— application hosting for our API.
  • RevenueCat— subscription and in-app purchase management. Receives your in-app user ID and subscription status; no payment card data.
  • Apple App Store / Google Play— process all payment transactions under their respective privacy policies. We never see your card details.
  • Sentry— crash and error reporting. We configure Sentry to scrub personal identifiers from stack traces.
  • SendGrid— transactional email delivery.
  • Vercel— hosts this marketing website.

4. Third-party AI processing

When you take a photo to log a meal or ask the in-app coach a question, we send the relevant image or text to our AI provider to generate the result. We instruct the provider not to retain or use the content for model training. No other personal data is included in these requests.

5. Data retention

  • Account and diary data persist while your account is active. If you delete your account, we remove it within 30 days, except where we must keep limited records for tax or legal compliance.
  • Meal photos are removed within 24 hours of you deleting the meal.
  • Crash and analytics events are retained for 90 days.

6. Your rights

Depending on your jurisdiction, you may have rights to access, export, correct, or delete your personal data, and to object to certain processing. You can exercise most of these directly in-app (Settings → Account). For anything you can't do in-app, email support@bitebuiltai.com.

California residents: under the CCPA/CPRA, you have rights to know, delete, correct, and opt out of “sharing” of personal information. We do not sell or share your personal information for cross-context behavioral advertising.

EU/UK residents: under GDPR, our legal bases for processing are contract performance (to deliver the Service), legitimate interests (security, debugging), and consent (for optional Health integrations and marketing email).

7. Children

Bite Built AI is not directed to children under 13, and we do not knowingly collect data from them. If you believe a child has provided data to us, contact support@bitebuiltai.com and we will delete it.

8. Security

We use TLS in transit, encryption at rest on our database and object store, hashed passwords, rotating refresh tokens with theft detection, and account lockout on repeated failed logins. No system is perfect, but we treat your data the way we'd want ours treated.

9. International transfers

Data is processed in the United States. By using the Service you acknowledge your data may be transferred to the US.

10. Changes

If we make material changes to this policy, we'll notify you in-app or by email before they take effect. The “Last updated” date above always reflects the current version.

11. Contact

Questions? Reach us at support@bitebuiltai.com.