Back
Privacy Policy for MacroChat
Last Updated: 2023-11-01 This Privacy Policy explains how MacroChat (“MacroChat,” “we,” “us,” “our”) collects, uses, shares, and protects information when you use our website and progressive web application (the “Service”). By using the Service, you agree to this Policy. If you do not agree, please do not use the Service. 1) Who we are & how to contact us Website/App: https://macrochat.io Email: support@macrochat.io 2) Information we collect 2.1 Account & contact data Email address (required for authentication and communications) Display name and timezone (optional, for personalization) 2.2 Authentication data Email One-Time Passcode (OTP) events, Google OAuth profile basics (name/email as provided by Google), session tokens, and related metadata. 2.3 Usage & app data Food logs, favorites, custom items, weights, goals, reminder settings, and other preferences you provide. 2.4 Device & technical data IP address, device/browser type and version, language/locale, referring pages, crash logs, and performance metrics. 2.5 Payment data Processed by our payment provider (e.g., Stripe). We do not store full payment card numbers. We receive limited billing metadata (e.g., last4, plan, status). 2.6 Cookies & local storage Used for sign-in/session management, preferences, analytics, PWA install state, and notification settings. 3) How we use information We process information to: Provide the Service (account creation, sign-in, save logs/settings). Compute and display targets you request (daily/weekly totals, remaining macros, optional weekly adjustments). Process payments & subscriptions (trial, billing, invoices). Send operational communications (OTP codes, receipts, security alerts, reminders you configure). Improve reliability & safety (debugging, error monitoring, fraud/abuse prevention, support). Analyze product usage in aggregate to improve features and retention. Send marketing emails only with your consent (opt-in/opt-out anytime). Legal bases (EU/UK): contract performance (provide the Service), legitimate interests (security/analytics/improvement), consent (marketing/push/email reminders), and legal obligations (tax/records). 4) AI features & content processing When you type or speak meal descriptions, we may send that text (or STT-transcribed text) to trusted AI providers to transform it into structured nutrition entries. Providers act as our processors where applicable. Do not submit sensitive health information you do not want processed in this way. 5) Notifications & reminders Push notifications: Available where supported (installed PWAs on iOS; browsers/Android). You must opt in and can revoke permission in system/browser settings and within MacroChat. Email reminders: Optional; toggle in Settings or unsubscribe via links. Marketing emails: Sent only with explicit consent; unsubscribe anytime. 6) How we share information We share information with service providers that help us operate the Service, under agreements limiting use to our instructions, for example: Hosting/DB/Auth: Supabase (Postgres, Auth, storage) Payments: Stripe Email: Transactional mail/OTP delivery (e.g., Resend/Postmark/SES) Analytics: Product analytics (privacy-aware configuration) Error monitoring: Crash and performance tools AI processing: LLM and speech-to-text vendors (if voice is enabled) Push: Browser push infrastructure (VAPID/Web Push) We may disclose information to comply with laws, enforce our agreements, or protect rights, safety, and security. We do not sell your personal information. 7) International transfers We may transfer, store, and process information outside your country (e.g., in the United States or the EU). Where required, we rely on approved transfer mechanisms (e.g., Standard Contractual Clauses). 8) Data retention Account & logs: retained while your account is active. Deleted content: removed or anonymized within a reasonable period (backups may persist briefly). Billing records: retained as required by tax/accounting laws. Crash/analytics data: typically 12–24 months (or less where configurable). You may request export or deletion at any time (see §10). 9) Security We use reasonable technical and organizational measures (encryption in transit, access controls, least-privilege). No method is 100% secure; please protect access to your email account and devices. 10) Your choices & rights In-app controls Update profile, timezone, reminders, and preferences. Toggle push/email reminders and marketing opt-in. Export your logs (e.g., CSV) and request Delete Account. Privacy requests Access, correction, deletion, portability, or to object/restrict processing: email support@macrochat.io from your registered address. We may verify your identity before fulfilling requests. Region-specific rights EU/UK: You may contact your local data protection authority. US (e.g., California): We do not “sell” or “share” personal information as defined by CPRA. You may exercise rights to know, delete, correct, and limit use of sensitive data where applicable. 11) Children’s privacy MacroChat is not intended for children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child provided personal data, contact us and we will delete it. 12) Do Not Track & cookies Because there is no common industry standard, we do not respond to browser “Do Not Track” signals. You can manage cookies in your browser and adjust preferences in our app where available. 13) Third-party links The Service may link to third-party sites or content we do not control. Their privacy practices are governed by their own policies. 14) Changes to this Policy We may update this Policy from time to time. If changes are material, we will notify you (e.g., by email or in-app notice). The revised Policy is effective when posted unless otherwise stated. 15) Contact us Questions or privacy requests: support@macrochat.io