Privacy Policy (ChompMate)

Last updated: 19 January 2026

This Privacy Policy explains how Toise LTD ("we", "us", "our") collects, uses, and shares information when you use the ChompMate mobile app and our website (including our waitlist).

If you have questions or want to exercise your privacy rights, contact us at: hello@chompmate.app

1) Scope

This policy applies to:

  • The ChompMate app (including account, logging, scan features, notifications, and subscriptions).
  • The ChompMate website, including our waitlist.

If you use third-party services through ChompMate (e.g., Apple, Google), their own privacy policies may also apply.

2) Information we collect

A) Website waitlist

When you join the waitlist, we collect:

  • Email address
  • Your answers to product questions, such as:
    • Primary goal
    • Experience level
    • Biggest pain points (1–2 selections)
    • Preferred logging method
    • Dietary preferences (optional)
    • Device type (e.g., iPhone/Android)

We may also collect limited technical data to help prevent abuse (e.g., hashed IP and user agent) plus a timestamp of submission.

B) Account & identity (app)

If you create an account, we may collect:

  • A unique account identifier(e.g., a Firebase UID mapped to an internal user ID)
  • Email address (if provided by your sign-in method)
  • Your sign-in provider(s) (e.g., Apple/Google/email)
  • Your timezone (used to calculate day boundaries correctly)

C) Profile & goal information (app)

If you provide it, we collect information used to personalize your experience, such as:

  • Gender (optional)
  • Birthdate (optional)
  • Height, weight, activity level (optional)
  • Goal focus and planning inputs (e.g., goal type, rate per week, and related notes)

D) Nutrition and health-related logs (app)

ChompMate is a nutrition tracking product, so we collect the data you enter or generate through the app, including:

  • Meals and meal items (name, grams, calories, protein/carbs/fat, timestamps, and metadata)
  • Daily totals and metrics (calories/macros/water; nutrition score; progress fields)
  • Weight entries (weight value, timestamp, source, optional notes)
  • Water entries (amount and timestamp)
  • Targets and target history (macro/calorie targets, recalculations, and overrides)
  • Notification preferences (e.g., recap enabled, quiet hours)

Note: Depending on your jurisdiction, nutrition logs and weight data may be considered health-related information. You control whether you enter it.

E) Photos and scan-related information (app)

If you use scan or AI-enabled features, we may process:

  • Images you upload (e.g., a plate photo, nutrition label, barcode, pack front)
  • Scan session metadata (status, timestamps, latency, error codes)
  • Scan outputs and results (structured JSON outputs and related metadata)
  • An image hash (e.g., SHA-256) for deduplication and caching

We aim to collect and store only what is needed to provide scan functionality and improve performance. Some scan results may be cached for faster responses and may expire.

F) Push notification identifiers (app)

If you enable push notifications, we may collect:

  • A device identifier used for notifications (e.g., OneSignal player ID)
  • Platform (iOS/Android/web)
  • Whether the device is active
  • Your notification preferences (e.g., quiet hours, recap toggles)

G) Purchases and subscriptions (RevenueCat / app stores)

If you purchase a subscription or use paid features, we may collect and store subscription-related information such as:

  • Subscription status (active/inactive), tier/entitlement, start/end dates
  • Purchase and renewal events
  • App store product identifiers and a purchase receipt or transaction reference
  • A linkage between your ChompMate account and your subscription/entitlements

Payments are processed by Apple/Google(and/or their payment processors). We do not receive or store your full payment card details. We use RevenueCat to manage subscription status and entitlements.

H) Diagnostics and crash analytics (Crashlytics)

To improve stability and fix bugs, we may collect diagnostics such as:

  • Crash logs, stack traces, and performance signals
  • Device and OS information
  • App version/build information
  • Timestamps related to crashes or errors

We do not intentionally send your meal entries or other sensitive content in crash logs, but some information may be included depending on the nature of an error.

3) How we use information

We use your information to:

  • Provide the app and website functionality (including the waitlist)
  • Create and maintain your account
  • Calculate targets, daily totals, and progress indicators
  • Provide scan features and return results to you
  • Generate personalized recommendations and plan-related outputs based on the information you provide
  • Send notifications if you enable them (including reminders and recaps)
  • Prevent abuse, spam, and fraud (especially for the waitlist)
  • Diagnose issues, improve performance, and develop new features
  • Communicate with you about beta access and product updates if you join the waitlist

4) AI processing (Gemini and similar services)

Some ChompMate features use AI services (for example, to interpret food images, generate scan outputs, produce meal comments, or help generate plans and recommendations). When you use these features:

  • We may send inputs you provideto an AI service provider (e.g., an image you uploadand/or relevant context such as goals, preferences, meal summaries, and macros) in order to generate the requested output.
  • The AI provider processes the inputs and returns an output to ChompMate, which we then show to you.
  • AI providers may retain and process data according to their terms and the configuration we use. We aim to minimize the data shared and send only what is necessary to deliver the feature.

If you prefer not to have your images or data processed this way, you can avoid AI-enabled scan features and use manual logging instead.

5) Legal bases (UK/EU users)

If you are in the UK/EU, we process personal data under these legal bases:

  • Contract: to provide the ChompMate app and features you request.
  • Legitimate interests: to maintain security, prevent abuse, and improve the product.
  • Consent: where required (for example, certain notifications and device permissions).
  • Legal obligation: if required to comply with law.

6) How we share information

We do not sell your personal information.

We may share information with service providers (“processors”) who process data on our behalf to operate ChompMate, such as:

  • Database/storage (e.g., Supabase)
  • Authentication (e.g., Firebase)
  • Push notifications (e.g., OneSignal)
  • Crash analytics (e.g., Crashlytics)
  • AI processing (e.g., Gemini) for AI-enabled features you use
  • Subscription management (e.g., RevenueCat) and app stores/payment processors (Apple/Google) to process purchases and manage entitlements
  • Hosting/infrastructure for the website and backend

We share only what is needed for the provider to perform its role.

We may also share information if required by law, to enforce our terms, or to protect rights, safety, and security.

7) Data retention

We keep data for as long as needed to:

  • Provide the service, maintain your account, and support your use of ChompMate
  • Meet legal, accounting, or reporting requirements
  • Resolve disputes and enforce agreements
  • Improve product performance and reliability

Examples:

  • Waitlist entries: retained until no longer needed for beta rollout and product research, or until you ask us to delete them.
  • Scan caches: stored temporarily for performance and may expire automatically.
  • Account data and logs: retained while your account is active. You can request deletion.

8) Security

We use reasonable safeguards to protect information, including access controls and secure storage practices. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9) Your choices and rights

Depending on your location, you may have rights to:

  • Access the information we hold about you
  • Correct inaccurate information
  • Request deletion of your information
  • Object to or restrict certain processing
  • Export your data (where available)

To make a request, contact: hello@chompmate.app

Include the email tied to your account or waitlist signup.

10) Children’s privacy

ChompMate is not intended for children under 13(or the minimum age required in your jurisdiction). If you believe a child has provided personal information, contact us and we will take appropriate steps to delete it.

11) International transfers

Your information may be processed in countries other than where you live, depending on our service providers. Where required, we use appropriate safeguards for international transfers.

12) Changes to this policy

We may update this policy from time to time. We will update the “Last updated” date and may provide additional notice within the app or on the website if changes are material.