Privacy Policy

In short: Mealgram has no servers, doesn't track, doesn't sell. Your data stays with you.

Last updated: May 18, 2026 · Version 1.0

1. Who we are

Mealgram is an independent iOS app published by the Mealgram team. Contact: hello@mealgram.xyz.

Under GDPR, the data controller is you — Mealgram does not process your data on its own servers.

2. What data we handle

Data you enter

• Profile: name, email (via Sign in with Apple or direct), height, weight, date of birth, sex, activity level, goals
• Meals: photos, dish names, nutrition values, ratings, notes, tags
• Activity: weight entries, water intake, cooked recipes, achievements

System permissions (when you grant them)

• Camera: to scan meals in photos. Photos stay on your device.
• Photo library: to analyse meals from existing photos.
• Microphone + speech recognition: to add meals by voice. Apple processes speech locally on-device.
• Apple Health: optional weight import from Health and saving calories back to Health. We don't read anything beyond weight.
• Notifications: local meal reminders. All generated on your iPhone, never sent through a server.

3. Where your data lives

Mealgram uses SwiftData (Apple's local database) to store everything on your iPhone.

If you enable iCloud Drive, your data is synced via a private CloudKit container (iCloud.app.mealgram.ios.bashyrov) between your devices (iPhone, iPad, Apple Watch). Only you have access — Apple encrypts it and Mealgram never sees it.

Mealgram has no servers of its own. No data leaves your devices or the Apple ecosystem.

4. What we do NOT do

• ❌ No usage analytics
• ❌ No tracking SDKs (Facebook Pixel, Google Analytics, AppsFlyer, …)
• ❌ No ads — neither ours nor third-party networks
• ❌ No selling or sharing of data with third parties
• ❌ We don't read your meal photos on a server (AI scanning runs locally + via a private proxy)
• ❌ We don't request location
• ❌ No IDFA (Apple Tracking Transparency)

5. What happens when you scan a photo (AI)

When you scan a meal photo on the Premium plan with AI enabled, the image is:

1. Temporarily sent to our proxy (Cloudflare Worker — not a Mealgram server) as an intermediary
2. The proxy forwards the image to Google Gemini API (covered by Google's privacy policy)
3. The result (detected items + kcal) returns immediately — the image is not retained, neither by the proxy nor by Mealgram

The free plan uses fully local recognition (Apple Vision) — the photo never leaves your iPhone.

6. Sign in

Mealgram supports Sign in with Apple. Your Apple ID doesn't share your real email with us (unless you choose to) — instead we get an anonymous alias.

7. Payments

Premium subscriptions are handled by the App Store. Mealgram has no access to your card, payment details or billing address — Apple handles all of it.

8. Your rights (GDPR)

Because Mealgram doesn't keep your data on servers, you can exercise most GDPR rights instantly and yourself:

• Access: Profile → Your data → Download JSON/CSV/ZIP export
• Deletion: Profile → Account → Delete account (clears local DB + iCloud) or simply uninstall the app
• Rectification: all fields are editable directly in the app
• Portability: JSON/CSV export gives you full data in open formats
• Objection / withdraw consent: revoke permissions in iOS Settings → Mealgram

If you have privacy questions or a complaint, email hello@mealgram.xyz — we reply within 24-48 hours.

9. Children

Mealgram is intended for users aged 13+. It is not directed at children and we don't knowingly collect data from anyone under 13.

10. Changes to this policy

When this policy is updated, you'll see the new date at "Last updated" above. Material changes (e.g., new partners) will be communicated in-app via the "What's new" screen.

11. Contact and supervisory authority

Questions, suggestions, GDPR requests: hello@mealgram.xyz

Polish supervisory authority: President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.