Effective Date: May 19, 2026 · Version: 1.0 · Last Updated: May 19, 2026
Welcome to eatamame, the food education app that lets you photograph or describe your meals and receive an AI-powered health score to guide you toward healthier eating habits.
Protecting your personal data is our top priority. This Privacy Policy informs you about what data we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR – EU Regulation 2016/679) and the Italian Privacy Code (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018).
Our core privacy principles:
eatamame
Email: team@eatamame.com
For any request regarding the processing of your personal data or to exercise your GDPR rights, you can contact us at the address above.
eatamame collects different categories of personal data, depending on the features you use and the consents you have provided.
Legal Basis: Art. 6(1)(b) GDPR – Contract performance
When you create an eatamame account via Google Sign-in or Apple Sign-in, we collect:
This data is essential to create and manage your account, allow you to access the app, and sync your meal history across devices.
Legal Basis: Art. 6(1)(b) GDPR – Contract performance
When you use eatamame to log a meal, we collect:
Where it's stored: Firebase Firestore (server: europe-west1 – Belgium)
Important – Health Data (Art. 9 GDPR): Meal data may reveal information about your dietary habits, food intolerances, or health conditions and may constitute special category data. This data is processed exclusively on the basis of your explicit consent and is never shared with third parties for commercial purposes or used for profiling.
Legal Basis: Art. 6(1)(b) GDPR – Contract performance
When you use the photo or audio input features, we temporarily process meal photos and audio recordings.
Legal Basis: Art. 6(1)(b) GDPR – Contract performance
To ensure fair and sustainable use of the AI service, we maintain daily, weekly, and monthly AI request counts per user. This data is used to enforce fair usage limits and prevent abuse.
Legal Basis: Art. 6(1)(a) GDPR – Explicit consent; Art. 9(2)(a) GDPR – for health-related data
During onboarding, we may ask you to share information to personalize your experience. All fields are answered voluntarily: age range, gender, occupation, food goals, main struggles, healthy eating frequency, food choice confidence, and more.
Important – Health Data (Art. 9 GDPR): Some fields may relate to physical or psychological well-being and fall under Article 9 GDPR. This data is not shared with third parties for commercial purposes and not used for individual profiling.
Legal Basis: Art. 6(1)(a) GDPR – Explicit consent
If you accept analytics consent, we collect anonymous usage data via PostHog: screen views, user actions, device info, and timestamps — using a randomly generated anonymous identifier that cannot be traced back to you.
What we DON'T collect:
Legal Basis: Art. 6(1)(a) GDPR – Explicit consent
If you accept error monitoring consent, we collect technical information about crashes via Sentry: stack traces, device info, and breadcrumbs. We do NOT collect IP addresses, email, meal content, or session recordings.
Legal Basis: Art. 6(1)(a) GDPR – Explicit consent
If you join our waitlist or accept marketing emails, we subscribe your email to our newsletter via Loops.so (email, name, subscription date and status).
Pursuant to Art. 13 GDPR, below we summarize the processing purposes and related legal bases:
| Data | Purpose | Legal Basis | Mandatory? |
|---|---|---|---|
| Email, Name, UID | Authentication and account management | Art. 6(1)(b) – Contract | ✅ Yes |
| Meal data (descriptions, scores) | Meal tracking service provision | Art. 6(1)(b) + Art. 9(2)(a) | ✅ Yes |
| Temporary media (photos, audio) | AI analysis – deleted immediately | Art. 6(1)(b) – Contract | ❌ Optional |
| AI usage counters | Fair use enforcement | Art. 6(1)(b) – Contract | ✅ Yes |
| Onboarding profile | App personalization | Art. 6(1)(a) + Art. 9(2)(a) | ❌ No |
| Analytics (PostHog) | App improvement and UX | Art. 6(1)(a) – Consent | ❌ No |
| Error Tracking (Sentry) | App stability and bug fixing | Art. 6(1)(a) – Consent | ❌ No |
| Email Marketing (Loops) | Newsletter and promotions | Art. 6(1)(a) – Consent | ❌ No |
eatamame uses the following third-party services to process your personal data:
Some subprocessors are located in the United States. We ensure all international data transfers comply with Chapter V of the GDPR (Art. 44–49).
Data Stored in EU
Transfers to USA
Services: Loops.so, RevenueCat, Google Gemini API
Legal Mechanism: Standard Contractual Clauses (SCC) – Commission Decision 2021/914/EU
We retain your personal data only for as long as necessary, in accordance with Art. 5(1)(e) GDPR.
| Data Type | Retention Period |
|---|---|
| Account and authentication | Until account deletion |
| Meal data (descriptions, scores) | Until account deletion |
| Temporary media (photos, audio) | Deleted immediately after AI processing (seconds) |
| AI usage counters | Until account deletion |
| Onboarding profile data | Until account deletion |
| Analytics (PostHog) | 7 years |
| Error logs (Sentry) | 90 days from the error |
| Email marketing (Loops) | Until consent revocation or account deletion |
| Transaction data (RevenueCat) | 12 months after account deletion |
Automatic Deletion on Account Deletion
When you delete your eatamame account, all data is deleted immediately:
In accordance with Articles 15–22 of the GDPR, you have the following rights:
Right of Access (Art. 15)
Obtain a copy of all personal data we hold about you. Contact us at team@eatamame.com — we will respond within 30 days.
Right to Data Portability (Art. 20)
Receive your data in a structured, machine-readable format. Go to Settings → Export Data in the app.
Right to Erasure (Art. 17)
Request deletion of all personal data. Go to Settings → Delete Account. All data will be permanently deleted immediately.
Right to Object (Art. 21)
Object to processing for analytics or marketing. Go to Settings → Privacy and disable the relevant consents. Effect is immediate.
Right to Rectification (Art. 16)
Correct inaccurate data. Edit meals directly in the app, or contact us at team@eatamame.com for other data.
Right to Restriction (Art. 18)
Request restriction of processing in certain circumstances. Contact us at team@eatamame.com.
Right to Withdraw Consent (Art. 7)
Withdraw consent at any time without affecting prior processing. Go to Settings → Privacy.
Right to Lodge a Complaint
If you believe we have violated the GDPR, you can lodge a complaint with the Italian Data Protection Authority (Garante):
Piazza Venezia, 11 – 00187 Rome, Italy · garante@gpdp.it · garanteprivacy.it
We adopt appropriate technical and organizational measures in accordance with Art. 32 GDPR.
Technical Measures
Organizational Measures
We reserve the right to modify this Privacy Policy at any time to reflect regulatory changes, new features, or improvements in data protection.
For any question, request, or complaint regarding the processing of your personal data:
Email: team@eatamame.com
We commit to respond within 30 days of receiving the request (Art. 12.3 GDPR).
© 2026 eatamame. All rights reserved. · Version 1.0 · Published May 19, 2026