Privacy Policy

Last updated: March 25, 2026

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information.

Information We CollectHow We Use DataData SharingAccuracy CalibrationAnonymized DataSecurityData RetentionYour RightsCookiesChildren's PrivacyInternational TransfersChanges to PolicyContact

1. Information We Collect

Account Information

  • Email address
  • Name and profile information
  • Height, weight, age, gender (for nutrition calculations)
  • Dietary preferences and restrictions

Usage Data

  • Meal logs and nutrition tracking data
  • Receipt images and barcode scans
  • Food items in your pantry
  • Nutrition tracking history
  • Exercise logs and activity data
  • Body composition measurements (body fat percentage, lean mass)
  • Accuracy calibration data
  • Device information and app usage patterns

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers. Stripe's privacy policy applies to payment data.

2. How We Use Your Information

  • Provide the Service: Process meal logs, calculate nutrition, run reconciliation algorithms
  • Improve Accuracy: Use your calibration data to improve personal model accuracy
  • Improve Predictions: Your meal corrections help improve the accuracy of future predictions
  • Communication: Send service updates, weekly reports, and support responses
  • Analytics: Understand usage patterns to improve the product. Generate anonymized aggregate statistics and de-identified pricing intelligence as described in Section 5
  • Legal Compliance: Comply with applicable laws and regulations

3. Data Sharing

✨ We do not sell your personal information.

Your individual data is never sold, shared with advertisers, or provided to third parties for their own marketing purposes.

Separately, anonymized aggregate statistics (which contain no personally identifiable information and cannot be traced to any individual) may be used for commercial purposes as described in Section 5 below.

  • Household Members: Other members in your household can see shared meals and household statistics
  • Service Providers: We work with trusted third-party service providers who help us operate the Service:
    • Stripe - Payment processing
    • Vercel - Website hosting and CDN
    • Railway - Backend infrastructure and database hosting
    • Mistral - Receipt OCR processing and upload parsing
    • AWS S3 - Storage for receipt scans and pantry data (EU region)
    • Google Analytics - Usage analytics (with your consent)
    • Microsoft Clarity - Behavior analytics (with your consent)
    • Meta (Facebook) - Advertising analytics (with your consent)
    • Intercom - Customer support chat (with your consent)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfer: If we merge or sell the company, your data may transfer to the new entity

4. Personal Accuracy Calibration

Your meal corrections and pantry tracking data are used to calibrate prediction accuracy for your account. This data:

  • Stays on your account to improve your predictions through physics-based reconciliation
  • Is not shared individually with other users. Anonymized aggregate statistics may be derived as described in Section 5
  • Can be exported or deleted anytime via Settings
  • Receipt images are stored for 30 days then automatically deleted for privacy

5. Anonymized Data and Commercial Insights

How We Use Anonymized Data

Eatomate generates anonymized aggregate statistics from the data you provide through normal use of the Service. Under GDPR, truly anonymized data is not personal data — it cannot be linked back to any individual. This section explains what anonymized data we produce and how it may be used.

5.1 Receipt Processing

When you upload a receipt image, our AI systems extract: product names, quantities, prices, store name, and store location information (which may include street address, locality, city, county, postcode, and country as printed on the receipt). Individual receipt images are automatically deleted after 30 days.

The extracted data follows two separate processing flows:

  • Your Account (personal data): Product names, quantities, and store locality/borough only are stored against your account for pantry management, nutrition tracking, and reconciliation. Street address, postcode, and raw address lines are immediately discarded from your record after processing. We do not collect your home address — your user profile contains only city and country.
  • Pricing Intelligence (de-identified): Individual SKU-level price observations (store name, store location, product, price, date) are stored in a separate de-identified dataset with no user ID, no receipt ID, and no item combinations. Each product is recorded as an independent price observation. These records cannot be traced to any individual user — they are equivalent to a price observation anyone could make by visiting the store.

5.2 Health, Nutrition, and Economic Aggregates

Anonymized aggregate statistics may be derived from nutrition patterns (meal logs), purchasing patterns (receipt data), exercise data, body composition trends, and combinations thereof — for example, aggregate nutritional economics such as average cost per gram of protein by demographic group. These aggregates contain only population-level statistics (e.g., averages, medians, percentages) — never individual records. Individual per-person metrics are computed at query time from your account data and are never stored separately; only the aggregate result (across 5 or more users) is produced. The aggregate dimensions include:

  • Geography: Locality/borough level (derived from receipt store locations, not user home addresses)
  • Age: 5-year age bands (e.g., 25–29, 30–34) — exact age is never included
  • Gender, dietary pattern, activity level, time period

Your exact weight, height, age, and body composition measurements are never exported into aggregate datasets. Only banded categories and population-level statistics are used.

5.3 Privacy Protections

  • K-Anonymity Protection: No aggregate statistic derived from user data is ever based on fewer than 5 users. This threshold applies across all dimensions — geographic, demographic, temporal, or any combination. If a query would produce results from fewer than 5 users, that result is suppressed entirely. De-identified pricing intelligence (Section 5.1) is not subject to this threshold as it contains no user identifiers.
  • No Personal Information: Aggregated outputs and de-identified pricing data contain no personally identifiable information — no names, email addresses, individual transactions, payment details, or individual-level records.
  • Commercial Use: De-identified pricing intelligence and anonymized aggregate statistics may be used for commercial research, public health intelligence, academic research partnerships, and data licensing. These outputs cannot be traced to any individual user.
  • Legal Basis: The processing of your personal data to produce anonymized aggregates is carried out under our legitimate interest (GDPR Article 6(1)(f)) in generating population-level insights. We have conducted a Legitimate Interest Assessment confirming that this processing does not override your rights and freedoms, given that only aggregate statistics are produced, no individual data is ever exposed, and k-anonymity protections are enforced. You retain the right to object to this processing under Article 21 by contacting support@eatomate.co.uk; however, we may continue processing where we demonstrate compelling legitimate grounds.
  • Indefinite Retention: While individual receipt images are deleted after 30 days and raw store addresses are immediately discarded from user records, de-identified pricing data and anonymized aggregate statistics are retained indefinitely.

6. Data Storage and Security

We take data security seriously:

  • Data is encrypted in transit (TLS) and at rest (AES-256)
  • Stored on secure servers in the EU (GDPR compliant)
  • Access is restricted to authorized personnel only
  • Regular security audits and monitoring
  • Encrypted authentication tokens for web dashboard access

7. Data Retention

  • Active Accounts: Data retained while your account is active
  • Canceled Subscriptions: If you cancel your subscription (but don't delete your account), we retain your data for 90 days after subscription ends. You can re-subscribe within 90 days to restore full access to all your data.
  • Deleted Accounts: If you delete your account (Settings → Account → Delete Account), you get a 30-day grace period to cancel deletion. After 30 days, personal data is permanently deleted per GDPR. If you re-register within 30 days, your account is automatically restored with all data intact.
  • Trial Abuse Prevention: To prevent abuse of our free trial, we store a hashed version of your email address for 2 years. This hash cannot be reversed to identify you. After 2 years, or when you request account deletion, this hash is automatically deleted. You can re-register at any time, but may not be eligible for an additional free trial.
  • Financial Records: Payment information (Stripe customer IDs) retained for 7 years to comply with UK tax law. This data cannot be deleted even upon account deletion request (legal obligation under GDPR Article 17(3)(e)).
  • Legal Requirements: Some data retained longer if required by law

8. Your Rights (GDPR)

Under GDPR, you have the right to:

Access:

Request a copy of your personal data

Rectification:

Correct inaccurate data

Erasure:

Delete your account and data

Portability:

Export your data

Objection:

Object to processing of your personal data

Restriction:

Limit data processing

9. Cookies and Tracking

We use cookies and similar tracking technologies to provide and improve our Service. You can manage your cookie preferences at any time.

Cookie Categories

Necessary Cookies (Always Active)

Required for the website to function. These cannot be disabled.

  • • Cookie consent preferences (eatomate_consent_v1) - 180 days
  • • Authentication token (auth-token) - 30 days
  • • Refresh token (refresh-token) - 90 days
  • • Invite session (invite_session) - 15 minutes (temporary, used only during household invitations)
  • • Security features and CSRF protection

Analytics Cookies (Requires Consent)

Help us understand how visitors interact with our website.

  • • Google Analytics (_ga, _gid, _gat)
  • • Microsoft Clarity (_clck, _clsk)
  • • Duration: Up to 2 years

Marketing Cookies (Requires Consent)

Used to track visitors across websites for advertising purposes.

  • • Meta Pixel (_fbp, _fbc)
  • • Duration: Up to 90 days

Functional Cookies (Requires Consent)

Enable enhanced functionality like live chat support.

  • • Intercom (intercom-*)
  • • Duration: Up to 1 year

Manage Your Preferences: You can change your cookie preferences at any time by clicking the "Cookie Settings" link in the footer or by visiting your browser settings.

10. Children's Privacy

Eatomate can be used by families with children. For household accounts where children under 18 use the Service:

  • A parent or guardian must create and manage the household account
  • Parents/guardians are responsible for meal logging for children's meals
  • Children's meal data is associated with the household account, not individual child profiles
  • All data protection measures apply equally to children's meal data

If you believe we have collected data from a child without proper parental consent, contact us immediately for deletion.

11. International Transfers

Your data is stored and processed exclusively within the European Union. All services run on EU servers:

  • Railway: Backend infrastructure and database (EU region)
  • AWS S3: Receipt and data storage (eu-north-1 region)
  • Mistral: Receipt OCR processing (EU servers)

We do not transfer your personal data outside the European Union. All processing remains within EU jurisdiction for full GDPR compliance.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or in-app notification. Continued use after changes constitutes acceptance.

13. Contact Us

For privacy questions or to exercise your rights:

Data Protection Officer

dpo@eatomate.co.uk

Registered Address

71-75 Shelton Street
Covent Garden
London, WC2H 9JQ
United Kingdom