Privacy Policy

1. Introduction

This Privacy Policy explains how Dialysis Diet Tracker ('we', 'our', or 'the app') collects, uses, stores, and protects your personal and health information.

We are committed to protecting your privacy and comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data We Collect

We collect the following types of data:

Data Stored Locally on Your Device (Not Uploaded to Cloud):

• Name (optional)
• Medical data: Dialysis schedule, allergies, food preferences, weight tracking values
• Nutrition tracking: Daily nutrition targets and saved meals (including portions and nutritional values)
• App preferences: Language preferences, nutrition data source, diet summary reports

Data Stored in the Cloud (Minimal):

• Authentication: Email address and encrypted password (managed by Supabase)
• Feedback: Optional feedback messages and screenshots you submit
• Subscription data: Purchase history, subscription status, and expiration dates (managed by Supabase and RevenueCat)

Analytics Data (Sent to Amplitude, Optional):

When analytics is enabled (you can opt out at any time in Settings), the following non-personal technical data is sent to Amplitude:

• Device identifier: An anonymized identifier generated by the Amplitude SDK to distinguish sessions across app launches. This is not linked to your name, email, or health data.
• Device model and manufacturer
• Operating system name and version
• App version and platform (iOS/Android)
• App feature usage events (e.g., which screens you visit, which features you use — no health or nutrition values)

IP address, city, country, and carrier are explicitly disabled and are never sent to Amplitude.

2a. Device Permissions

We request access to your camera and photo library to capture and select meal photos for nutrition analysis. Photos are not stored by the app — they are used solely for AI analysis and discarded immediately after.

3. How We Use Your Data

• To provide personalized nutrition recommendations based on your dialysis schedule and dietary preferences
• To track your daily food intake and alert you when approaching nutrient limits
• To analyze meal photos and manual text inputs using AI (Google Gemini)
• To authenticate your account and sync minimal data across sessions
• To manage your subscription, validate purchases, and enable premium features through Google Play, the App Store, and RevenueCat

4. AI Processing (Google Gemini)

When you use the food analysis feature, your food photo or text description, your daily nutrient targets and today's nutrition totals, and any allergies or dietary preferences you have entered are sent to Google Gemini AI (by Google LLC) for nutritional analysis. The following data is shared:

Data Shared with Google Gemini:

• The photo you upload (meal or menu) or text you manually enter
• Your daily nutrient targets, today's nutrition totals, and any allergies or dietary preferences you have entered
• Your preferred language for AI responses

Important: No personal identifiers (name, email, or account info) are sent to Google Gemini. Meal photos are not stored by the app or by Google — they are processed temporarily for analysis only. AI analysis results are stored locally on your device only.

5. Data Storage & Security

Local Storage: Most of your health data is stored locally on your device. Except for the limited information you explicitly send for AI processing (see Section 4) or other cloud features described below, this data is not uploaded to our servers.

Cloud Storage: Your email and encrypted password are stored in the cloud (Supabase) for authentication. Feedback submissions are also stored in the cloud. Subscription data (purchase history, subscription status, expiration dates) is stored in Supabase and processed by RevenueCat.

Security Measures: We use industry-standard encryption (HTTPS/TLS) for all data transmitted over the internet. Your password is hashed using bcrypt and never stored in plain text.

6. Third-Party Services

We use the following third-party services:

• Supabase (https://supabase.com): Authentication and feedback storage. See their privacy policy at https://supabase.com/privacy
• Google Gemini AI (https://ai.google.dev): Image analysis and nutrition recommendations. See their privacy policy at https://policies.google.com/privacy
• Amplitude Analytics (https://amplitude.com): Optional usage analytics to improve the app. HIPAA-compliant configuration — no PHI collected. Amplitude receives an anonymized device identifier, device model, OS version, and app feature usage events. IP address and location data are disabled. See their privacy policy at https://amplitude.com/privacy
• RevenueCat (https://revenuecat.com): Subscription management and purchase validation. Collects user ID, email, and purchase history to enable cross-device subscription sync. See their privacy policy at https://revenuecat.com/privacy
• Google Play and Apple App Store: Payment processing for in-app subscriptions. See their privacy policies at https://policies.google.com/privacy and https://www.apple.com/legal/privacy/

You can opt out of analytics at any time in Settings. Payments are processed securely through Google Play and the App Store. We do not use advertising services. Third-party providers may receive limited account and billing identifiers (such as email address, user ID, or purchase history) as described above to provide authentication, analytics, and subscription services. We never share your health or nutrition data with any third party without your explicit consent. We confirm that any third party the app shares data with provides the same or equal protection of user data as stated in this policy.

Analytics Data Collection

When analytics is enabled, we collect:

• Device identifier (anonymized, generated by Amplitude SDK — not linked to personal identity)
• App feature usage (which screens you visit, which features you use)
• Technical data (device model, OS version, app version, platform)
• Aggregate metrics (e.g., 'user logged 3 meals' but not what the meals were)

We NEVER collect: actual food names, nutrition values, weight measurements, lab results, or any other Protected Health Information (PHI). IP address, city, country, and carrier are explicitly disabled.

7. Your Rights (GDPR)

Under GDPR, you have the following rights:

• Right to Access: View all your data in the app at any time
• Right to Rectification: Edit and correct your personal and medical information
• Right to Erasure: Delete your account and all associated data immediately and permanently
• Right to Data Portability: Request a copy of your data (contact us for export)
• Right to Object: Opt out of AI processing by not using the food analysis feature

8. Data Retention

Your data is stored indefinitely on your device until you delete individual entries or your entire account.

Analytics data sent to Amplitude is retained for 12 months per Amplitude's standard retention policy.

9. How to Delete Your Data (Without Deleting Account)

Dialysis Diet Tracker allows you to delete specific data without deleting your entire account.

Step-by-Step Instructions:

1. Open the Dialysis Diet Tracker app on your device
2. Navigate to the section containing the data you want to delete:
   • Food entries: Go to Food Log → Swipe left on any entry → Tap "Delete"
   • Medical information: Go to Profile → Edit medical data → Clear fields → Save

What Gets Deleted:

• Selected food entries or medical information
• Data is deleted immediately and permanently from your device
• This action cannot be undone

What Remains:

• Your account (email and authentication)
• Other data not explicitly deleted
• App preferences and settings

Timeline: Data is deleted immediately upon confirmation.

10. How to Delete Your Account

Dialysis Diet Tracker allows you to permanently delete your account and all associated data.

Step-by-Step Instructions:

1. Open the Dialysis Diet Tracker app on your device
2. Go to Profile/Settings (tap your profile icon or settings menu)
3. Scroll down to find "Delete Account" option
4. Tap "Delete Account"
5. Confirm deletion when prompted (this action is irreversible)

Alternative method: Contact us through the app's feedback feature or email (provided in app settings) with the subject "Account Deletion Request" including your registered email address.

What Gets Deleted:

Immediately deleted from your device:

• All food entries and meal logs
• Medical information (dialysis schedule, allergies, food preferences, weight tracking values)
• Nutrition targets and diet summary reports
• App preferences and settings

Immediately deleted from Supabase:

• Your email address
• Encrypted authentication credentials
• Subscription records stored in Supabase
• Any feedback submissions you made

Third-party subscription data (RevenueCat / Google Play / App Store):

Purchase history retained by RevenueCat, Google Play, or the App Store is not automatically deleted. Contact us to request deletion from these third-party services.

What Cannot Be Deleted Automatically:

• Data already processed by Google Gemini AI during photo analysis (processed temporarily and not stored by Google)
• Purchase history retained by RevenueCat, Google Play, or the App Store (see above)

Timeline: All data is deleted immediately and permanently. This action is irreversible.

11. Children's Privacy

This app is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us to delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the 'Last Updated' date. Continued use of the app after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your GDPR rights, please contact us through the app's feedback feature or at the email address provided in the app settings.