Eating Glasseshello@eatingglasses.com

Privacy Policy

Eating Glasses LLC

Effective Date: June 4, 2026

Last Updated: June 4, 2026

1. Introduction

Eating Glasses LLC ("we," "us," or "our") operates the Eating Glasses mobile application (the "App"). This Privacy Policy explains what personal information we collect, how we use and protect it, and the choices and rights you have.

By downloading or using the App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the App.

This Policy should be read together with our Terms of Service.

2. Who We Are (Data Controller)

The data controller responsible for your personal information is:

Eating Glasses LLC

1717 N St NW #1

Washington, DC 20036

United States

Email: privacy@eatingglasses.com

Website: https://eatingglasses.com

For users in the European Economic Area (EEA) or United Kingdom, our Article 27 representative will be identified here prior to making the App available in those regions. See Section 12.3.

3. Information We Collect

3.1 Information You Provide Directly

  • Account Information: Email address and date of birth, required to create an account. Your date of birth is used to verify you meet the minimum age requirement (13 years) and is stored as a protected field on your profile.
  • Health Profile Data: Diabetes type, insulin-to-carb ratio (if enabled), glucose target range, dietary preferences, and health goals you enter during onboarding or in Settings.
  • Meal Log Data: Food items you photograph or manually enter, including estimated nutritional content (carbohydrates, calories, and related values).
  • Meal Photos: If you are a Premium subscriber and choose to save meal photos to your log, those images are stored in our secure cloud storage. Free-tier scan photos are used only to identify food during the scan and are not retained (see Section 5).
  • Glucose Readings: Blood glucose values you manually enter, and — if you grant permission — values imported from Apple HealthKit (see Section 6).
  • Feedback: Ratings and comments you choose to submit through the in-app feedback form.

3.2 Information Collected Automatically

  • Device & Diagnostic Information: Device type, operating system version, and app version, used for compatibility and troubleshooting.
  • Crash Reports: If the App crashes, anonymous diagnostic information may be collected. Crash reports do not include your health data, meal content, or glucose values.

3.3 Information We Do Not Collect

  • We do not sell your personal information.
  • We do not share your health data (glucose readings, meal logs, nutritional data) with third-party advertising networks, data brokers, or analytics platforms for their own purposes.
  • We do not use your information for cross-context behavioral advertising.
  • We do not collect precise geolocation data.

4. How We Use Your Information

We use your information to:

  • Provide core App functionality: Identify foods in photos, estimate nutrition, compute metabolic summaries, display glucose insights, and log meals.
  • Enforce age requirements: Verify you are 13 or older before account creation, as required by the Children's Online Privacy Protection Act (COPPA).
  • Secure your account: Authenticate your identity and manage your session.
  • Process your subscription: Manage Premium subscription status via RevenueCat and the Apple App Store.
  • Communicate with you: Send account-related messages such as email verification and password reset.
  • Improve the App: Diagnose crashes and fix problems. We do not use individual health data for product analytics.

Legal bases (EEA/UK users). Where the General Data Protection Regulation (GDPR) or UK GDPR applies, we rely on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)) — to create and operate your account and deliver the App's features.
  • Explicit consent (Art. 9(2)(a)) — for processing of health-related data, which is a "special category" of personal data. You may withdraw consent at any time by deleting the relevant data or your account.
  • Legitimate interests (Art. 6(1)(f)) — to secure our service, prevent abuse, and fix crashes, balanced against your rights.
  • Legal obligation (Art. 6(1)(c)) — to comply with applicable law, including age-verification and breach-notification requirements.

5. Food Analysis and AI Processing

When you scan or describe food, the photo and/or text is sent to our secure API server (hosted on Railway, in the United States) where it is processed by Google Gemini, an AI model operated by Google. The data is used only to identify the food and estimate nutritional content.

  • Scan photos and requests are processed transiently and are not retained on our server beyond the duration of the request.
  • Voice food entries are transcribed using the same provider and are not stored as audio.
  • We do not use food photos to train AI models.
  • An active internet connection is required for scanning; the App does not perform food identification fully on-device.

6. Apple HealthKit

If you enable glucose import, the App reads blood glucose values from Apple HealthKit with your explicit, separate permission granted through iOS.

  • HealthKit data is read from your device only after you grant permission, and only the data types you authorize.
  • We use imported glucose values solely to display your trends and insights within the App and, if you save them, to store them in your account alongside your manually entered readings.
  • We do not use HealthKit data for advertising, and we do not share it with third parties for their own purposes.
  • You can revoke HealthKit access at any time in the iOS Settings app. Per Apple's requirements, data obtained from HealthKit is never used for marketing or sold to third parties.

7. Data Storage and Security

7.1 Cloud Storage

Your account data — email, profile settings, meal logs, saved meal photos, and glucose readings — is stored in Supabase, a cloud database and storage provider, and processed by our API server hosted on Railway. Both providers operate in the United States.

  • All data in transit is encrypted using TLS.
  • Data at rest in Supabase is encrypted using AES-256.
  • Health-sensitive fields are additionally encrypted at the application layer using AES-256-GCM with a server-side key before storage.
  • Access to your data is enforced by Row-Level Security (RLS): your records can only be accessed by your authenticated account.
  • Your account is identified by a pseudonymous UUID. No legal name is required to use the App.
  • Saved meal photos are automatically purged on a rolling 30-day schedule unless retained as part of your active log.

7.2 Your Responsibilities

No method of transmission or storage is 100% secure. We encourage you to use a strong device passcode, keep your operating system up to date, and protect access to your email account.

8. Payment Processing

All subscription payments are processed by the Apple App Store. We never see, store, or process your payment card details. Subscription entitlement status is managed by RevenueCat, which receives a pseudonymous user identifier and purchase events.

9. Third-Party Service Providers

We share the minimum data necessary with the following processors, each acting on our behalf under a data-processing agreement:

ServicePurposeData InvolvedPrivacy Policy
SupabaseDatabase, authentication, and file storageEmail, DOB, profile, meal logs, saved photos, glucose readingssupabase.com/privacy
RailwayHosting for our API serverTransiently processes scan and request datarailway.app/legal/privacy
Google Gemini (via our API server)Food identification, nutrition estimation, voice transcriptionFood photos, scan/voice requests (transient)policies.google.com/privacy
RevenueCatSubscription entitlement managementPseudonymous user ID, purchase eventsrevenuecat.com/privacy
AppleApp Store billing; HealthKit (on-device)Purchase records; glucose read from device with permissionapple.com/legal/privacy
Expo / EASApp framework and over-the-air update deliveryApp version and anonymous crash diagnosticsexpo.dev/privacy

We do not authorize any of these providers to use your personal information for their own marketing.

10. Data Sharing and Sale

We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA). We disclose information only:

  • to the service providers listed in Section 9, to operate the App;
  • to comply with law, legal process, or a valid government request;
  • to protect the rights, safety, or property of our users or the public; or
  • in connection with a merger, acquisition, or sale of assets, in which case we will notify you and honor this Policy.

11. Data Retention

  • Account and profile data: Retained for the life of your account.
  • Meal logs and glucose readings: Retained for the life of your account; deleted when you delete your account.
  • Saved meal photos: Automatically purged on a rolling 30-day schedule.
  • Scan photos / voice entries: Not retained beyond the duration of the request.
  • Crash diagnostics: Retained for a limited period for troubleshooting, then deleted.

When you delete your account (Section 12.1), your data is permanently and irreversibly removed from our active systems; residual copies in encrypted backups are overwritten on our standard backup-rotation cycle.

12. Your Privacy Rights

12.1 All Users

  • Access: Your meal logs, glucose readings, and profile are visible within the App at any time.
  • Correction: Update your profile and entries directly in the App.
  • Deletion: You can permanently delete your account and all associated data directly in the App (Profile → Delete Account). Deletion is immediate and irreversible. You may also email privacy@eatingglasses.com and we will action your request without undue delay.
  • Withdraw consent: You can disable HealthKit access in iOS Settings and delete any data you have entered.

12.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know the categories and specific pieces of personal information we collect, use, and disclose.
  • Delete the personal information we hold about you.
  • Correct inaccurate personal information.
  • Opt out of sale/sharing — note that we do not sell or share your personal information, so there is nothing to opt out of.
  • Non-discrimination — we will not discriminate against you for exercising these rights.

Categories collected in the past 12 months: identifiers (email, pseudonymous account ID), age (date of birth), and health information you provide (diabetes profile, meal logs, glucose readings). We collect these for the business purposes described in Section 4. We do not collect the categories of information we list as "not collected" in Section 3.3.

To exercise these rights, contact privacy@eatingglasses.com or use the in-app deletion tools. You may use an authorized agent; we may verify the agent's authority and your identity.

12.3 EEA and UK Residents (GDPR / UK GDPR)

If you are in the EEA or UK, in addition to the rights above you have the right to: access, rectification, erasure, restriction of processing, data portability, and to object to processing. Where we rely on consent, you may withdraw it at any time without affecting prior processing.

  • International transfers: Your data is stored and processed in the United States. Where we transfer personal data out of the EEA/UK, we rely on appropriate safeguards such as the Standard Contractual Clauses with our processors.
  • Supervisory authority: You have the right to lodge a complaint with your local data protection authority.
  • Article 27 Representative: Prior to offering the App in the EEA/UK, we will appoint and identify here an EU/UK representative as required by Article 27.

To exercise any of these rights, contact privacy@eatingglasses.com. We will respond within the timeframes required by applicable law.

13. Children's Privacy

The App is not intended for children under 13. We collect date of birth before account creation to verify eligibility, and users under 13 are blocked from creating an account. We do not knowingly collect personal information from children under 13 (or under the applicable minimum age in your jurisdiction). If we learn that we have collected such information, we will delete it.

Parents and guardians: If you create an account to manage nutrition for a minor in your care, you are the account holder and all data is associated with your account. Our Terms of Service require you to confirm you are the parent or legal guardian.

14. International Data Transfers

The App is operated from the United States, and your information is stored and processed there. By using the App from outside the United States, you understand that your information will be transferred to and processed in the United States, subject to the safeguards described in Section 12.3 where applicable.

15. FTC Health Breach Notification Rule

In the event of a breach of unsecured personally identifiable health information, we will notify affected users and the Federal Trade Commission as required by the FTC Health Breach Notification Rule, 16 C.F.R. Part 318, and any other applicable breach-notification laws.

16. Medical Disclaimer

Eating Glasses is a nutritional information tool, not a medical device. It is not intended to diagnose, treat, cure, or prevent any medical condition. All nutritional estimates and glucose insights are for informational purposes only and do not constitute medical advice. Always consult your endocrinologist, dietitian, or diabetes care team before making changes to your diet or insulin regimen.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via an in-app notification. Continued use of the App after the effective date of an update constitutes acceptance of the revised Policy.

18. Contact Us

Eating Glasses LLC

1717 N St NW #1

Washington, DC 20036

United States

Email: privacy@eatingglasses.com

Website: https://eatingglasses.com