Food SecretFood Secret

Privacy Policy

Last updated: 28 May 2026

This Privacy Policy explains how D23 Ventures Ltd (“D23 Ventures,” “we,” “us”) collects, uses, and protects your personal data when you use the Food Secret mobile application (the “App”) and the food-secret.com website (the “Site”) (together, the “Service”).

Food Secret is a product operated by D23 Ventures Ltd, a company registered in the Republic of Cyprus (registration number HE 489062), with its registered office at Agiou Georgiou 52, 7737 Maroni, Cyprus. D23 Ventures operates several consumer software products; this Privacy Policy applies only to Food Secret.

For the purposes of the EU and UK General Data Protection Regulation (“GDPR”), D23 Ventures Ltd is the data controller of personal data processed through the Service.

1. Personal data we collect

We collect only the data we need to operate Food Secret. The categories below describe what we may collect, depending on how you use the App.

Account & profile data

  • Email address (used for sign-in and account recovery).
  • Display name (optional).
  • Unique user identifier (UUID) assigned at sign-up.
  • Body stats you choose to enter: sex, age, height, weight, activity level, and goal type.

Food & health activity

  • Food log entries — dish name, calories, macronutrients, portion size, timestamps, and any notes you add.
  • Meal photos that you choose to upload.
  • Weight logs and water-intake logs.
  • Barcode scan history.
  • Favorited foods and dishes.
  • Voice input — voice audio is transcribed on your device. Only the resulting text is transmitted to our servers; the audio itself is not uploaded or stored by us.

Apple HealthKit data

With your explicit permission, the App reads active energy burned from Apple HealthKit so that we can adjust your calorie targets. When you choose to enable nutrition write-back, the App writes calories and macronutrients from meals you log into HealthKit. HealthKit data is processed on your device. We do not transmit HealthKit data to our servers, we do not use HealthKit data for advertising, and we do not share HealthKit data with any third party.

Feedback & support

  • Bug reports, feature requests, and other feedback you submit from inside the App or by email.
  • Device metadata attached to feedback (device model, iOS version, App version).

Diagnostic data

  • Crash reports and performance telemetry collected through Sentry, which may include device model, operating-system version, App version, stack traces, and a pseudonymous device identifier. We do not use this data to advertise to you.

Purchase data

  • Subscription status, plan, and renewal state. Purchases are processed entirely by Apple; we do not receive or store your payment-card details.

Website data

  • IP address, browser type, device type, referring URL, and pages visited on food-secret.com. We may also use analytics and advertising cookies as described in our Cookie Notice.

2. How we collect your data

  • Directly from you — when you create an account, log meals, scan barcodes, enter body stats, upload photos, send feedback, or contact support.
  • Automatically — when you use the App or the Site (for example, crash reports, basic device metadata, cookies on the Site).
  • From Apple HealthKit — only after you grant the App explicit HealthKit permission. You can revoke HealthKit access at any time in the iOS Settings app.
  • From Apple — subscription receipts, renewal status, and refund events.

3. Why we process your data

Under EU/UK GDPR, we rely on the following legal bases:

  • Performance of a contract — to provide the Service, calculate scores and targets, sync data across your devices and to your widget, and process subscriptions.
  • Legitimate interests — to keep the Service secure, prevent fraud and abuse, debug crashes, and improve the App. We balance these interests against your privacy and limit data to what we actually need.
  • Consent — for Apple HealthKit access, push notifications, optional analytics, and marketing cookies on the Site. You can withdraw consent at any time.
  • Legal obligation — to comply with tax, accounting, and consumer-protection law.

4. How we use your data

  • Provide and operate Food Secret across iOS and the widget.
  • Generate the 0–100 food score, life-impact reading, and personalised calorie and macro targets.
  • Recognise foods and barcodes you scan.
  • Analyse trends in your meals, weight, and water intake.
  • Send local reminders and notifications you opt into.
  • Provide customer support and respond to feedback.
  • Diagnose crashes and improve reliability and performance.
  • Detect fraudulent or abusive use of the Service.
  • Comply with our legal obligations.

We do not sell your personal data. We do not share your personal data with third parties for their own advertising. We do not use HealthKit data for advertising or for purposes other than calculating and writing back nutrition.

5. Sub-processors and third parties

We use a small number of carefully chosen sub-processors to operate the Service. Each sub-processor is bound by a written data-processing agreement and may only process data on our instructions.

Supabase — database, authentication, storage, and serverless functions. Your account data, food logs, meal photos, and other application data are hosted on Supabase infrastructure in Frankfurt, Germany (aws-eu-central-1).

OpenAI — image and language analysis for barcode lookup and meal recognition. When you scan a meal or barcode, the relevant image or text may be sent to OpenAI for processing. We do not send your account identifiers to OpenAI, and OpenAI is contractually prohibited from using this data to train its models.

Sentry — crash reporting and performance telemetry. Sentry processes data in Frankfurt, Germany (EU region).

Apple— App distribution, in-app purchases, subscription management, and (with your permission) Apple HealthKit. Your use of Apple services is governed by Apple’s own privacy policy.

Vercel — hosting for the food-secret.com website. Vercel processes basic request data such as IP address and user agent for security and operational purposes.

Open Food Facts — publicly available food and barcode database used to look up product information. We send only the barcode you scan; no personal data.

Web analytics and marketing pixels — subject to your consent, the Site may use Plausible, Google Analytics 4, and the Meta, TikTok, and X advertising pixels. These tools are described in our Cookie Notice.

6. International data transfers

We host application data inside the European Union (Frankfurt, Germany). Some sub-processors — in particular OpenAI, Apple, and certain advertising pixels — may process data in the United States or in other jurisdictions outside the European Economic Area and the United Kingdom.

Where personal data is transferred outside the EEA or the UK, we rely on the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), together with supplementary technical measures, and where available on an adequacy decision.

7. How long we keep your data

  • Account and app data — kept for as long as your account is active. When you delete your account from the App, your personal data is deleted from our live systems immediately and purged from encrypted backups within thirty (30) days.
  • Crash and performance data — automatically deleted by Sentry after ninety (90) days.
  • Support correspondence — kept for up to two (2) years after the last interaction so that we can refer back to context if you contact us again.
  • Purchase records — kept for as long as required by applicable tax and accounting law (typically six to ten years in Cyprus).
  • Aggregated or anonymised data — may be kept indefinitely because it can no longer identify you.

8. Your rights

Depending on where you live, you may have the following rights in relation to your personal data:

  • Access — request a copy of the data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data, including by deleting your account from within the App.
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction or objection to certain processing.
  • Withdrawal of consent at any time, where we rely on consent.
  • For California residents under the CCPA/CPRA: the right to know, to delete, to correct, to limit the use of sensitive personal information, and to opt out of “sale” or “sharing” of personal data. We do not sell or share your personal data as those terms are defined under California law.
  • The right to lodge a complaint with a data-protection authority. In Cyprus, this is the Office of the Commissioner for Personal Data Protection (dataprotection.gov.cy). You may also contact the supervisory authority in your own EU member state.

To exercise any of these rights, delete your account from inside the App (Settings → Account → Delete Account) or email us at info@food-secret.com. We will respond within thirty (30) days. We will never charge you for exercising your privacy rights.

9. Security

We protect your data with industry-standard measures, including TLS encryption in transit, encryption at rest on Supabase infrastructure, hashed passwords managed by Supabase Auth, row-level security policies that ensure you can only access your own data, and the principle of least privilege for internal access. No system is perfectly secure; if you suspect your account has been compromised, contact us immediately.

10. Children

Food Secret is not directed at children under thirteen (13). We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact info@food-secret.com and we will delete it. If you are a resident of the European Economic Area or the United Kingdom and are under the age of consent for data processing in your country (which may be up to 16), please use the App only with the involvement of a parent or guardian.

11. Notifications

The App may send you local notifications (for example, meal reminders). These are scheduled on your device and require your permission via the iOS notification settings. You can disable notifications at any time in the iOS Settings app.

12. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the “Last updated” date at the top of this page and, where appropriate, notify you in the App or by email. Your continued use of the Service after the changes take effect means you accept the revised Policy.

13. Contact us

If you have any questions about this Privacy Policy or how we handle your data, contact us at:

D23 Ventures Ltd
Agiou Georgiou 52
7737 Maroni
Cyprus
Company registration: HE 489062
Email: info@food-secret.com

Ready when you are

Eat with
your eyes open.

Free for 3 days. No card up front. Built for iPhone, in SwiftUI.

Requires iOS 18 or later.