Updated On:
Privacy Policy
This Privacy Policy outlines how we collect, use, and safeguard your personal information when you interact with our website and services.
XALO LLC (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains what data we collect in SnackTrack!, how we use and share it, and your rights under applicable laws. It covers U.S. regulations (including HIPAA, FTC guidelines, and the California Consumer Privacy Act) and global rules like the EU’s General Data Protection Regulation (GDPR). By using SnackTrack!, you consent to the practices described herein.
1. Information We Collect
We collect information necessary to provide our health tracking features. This includes:
- Personal Identifiers: such as name, email, account information, and contact details.
- Health & Lifestyle Data: health metrics and habits (BMI, weight, height, age, activity levels), nutrition logs, scanned food items, dietary preferences, and any information you enter about your eating habits. (Health data are treated as “sensitive” under GDPR and require special care.).
- Device and Usage Data: device identifiers, log data, cookies, usage analytics (app interactions, crash logs) and performance metrics collected automatically. We use this data to improve and personalize your experience.
- Third-Party Data: information imported from services you connect, e.g. Apple HealthKit or Google Fit. For example, if you allow, we may read your weight or exercise data from these services to synchronize with SnackTrack!. We only access such third-party data with your permission.
- Food/Nutrition Database Data: when you scan or log food items, we may send relevant details (like barcode or food name) to an external nutrition database (e.g. USDA or partner APIs) to retrieve nutritional information. The privacy policies of those services apply to that data transfer.
2. How We Use Your Information
We use the collected data to operate and improve SnackTrack!, including to:
- Provide the Service: Enable core app functions (scanning foods, tracking BMI, calculating nutrients, displaying history).
- Personalization: Offer tailored recommendations (e.g. dietary suggestions) and custom settings (e.g. goal tracking based on your health data).
- Analytics and Improvements: Analyze app usage and aggregate health trends to improve features and fix issues. We use analytics tools (e.g. Google Firebase) to measure how SnackTrack! is used. These analytics are performed on anonymized or aggregated data to enhance the app experience.
- Security and Compliance: Monitor for fraud, spam, or abuse, and enforce our terms. We also use data to comply with legal obligations (for example, detecting illegal activity).
- Communications: Send you updates about the app (e.g. new features, bug fixes) and respond to your inquiries.
All processing of your data is governed by this Privacy Policy, your consents, and applicable laws. We do not use your sensitive health data for advertising or marketing without your explicit opt-in.
3. Sharing and Disclosure of Information
We do not sell your personal information to advertisers or data brokers. We only share data in the following limited cases:
- Service Providers: We share data with trusted third-party vendors who perform services on our behalf, such as cloud hosting, analytics, customer support, email delivery, and payment processing. These partners are authorized to use your data only as necessary to provide these services. For example, we may share anonymized usage data with analytics providers (not for advertising) to improve our product.
- Health/Fitness Partners: With your explicit consent, we may share certain health data with third parties that also provide health or fitness services (e.g. research studies or wellness programs). We will only do this if you opt in and we clearly explain the purpose. Under no circumstances will we share HealthKit or Fit data with advertisers, data brokers, or any non–health/fitness third party without your permission.
- Legal Requirements: If required by law or legal process (such as a court order), we may disclose information to comply with applicable regulations or to protect someone’s rights or safety. We will notify you unless prohibited by law.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred to the new owner, who will assume the obligations of this Privacy Policy. We will post notice of any such change on our website and in the app.
In all cases, shared data will be limited to what is necessary. For example, Google Fit’s policy forbids sharing sensitive health data for advertising or selling to third parties, and Apple’s HealthKit guidelines similarly prohibit using health data for ads and require user permission for any sharing. We adhere to those rules.
4. Third-Party Integrations
SnackTrack! integrates with several third-party services:
- Apple Health (HealthKit): If you connect SnackTrack! to Apple’s Health app, we will read/write data to your HealthKit store with your permission. We request access only to data necessary for app features. We will not use HealthKit data for advertising, and we will not share it with any other app or service unless you explicitly allow it. You remain in control of which Health data to share via iOS settings. Apple requires that we have a clear privacy policy (this document) explaining our use of HealthKit data.
- Google Fit: Similarly, if you opt to sync with Google Fit, we will access your Google Fit data (e.g. nutrition or activity) only for app functionality. We comply with Google Fit’s policies, including providing a detailed privacy policy and using Fit data only for authorized purposes. We do not share Fit data with advertisers or unauthorized parties.
- Nutrition/Food Databases: We may query third-party nutrition databases when you scan or log a food item. These databases may be located outside your region. We only send necessary data (e.g. food identifiers) to obtain nutrition information. You should review the privacy notices of those services as well, as we are not responsible for their policies.
- Analytics and Advertising Platforms: We use third-party analytics (e.g. Google Analytics for Firebase, crash reporting) to monitor app performance. These platforms receive user metrics (often pseudonymized) and are bound by their own privacy policies. We do not use these analytics for serving ads within SnackTrack!.
5. Legal Bases for Processing (GDPR)
If you are an EU/EEA user, GDPR requires us to identify lawful bases for processing your personal data. For the various uses above, we rely on:
1. Your Consent: We obtain your explicit, informed consent to process sensitive health data and other personal information. For example, you consent when you agree to share data via HealthKit or Google Fit or when you provide dietary and health information in the app. You can withdraw consent at any time by disabling permissions or deleting your account.
2. Contract Performance: Processing is necessary to provide the services you requested (e.g. storing and retrieving your logged meals, generating recommendations).
3. Legitimate Interest: We may process non-sensitive data for our legitimate business interests (like app improvement or fraud prevention), provided this does not override your rights.
4. Legal Obligation: In rare cases (e.g. responding to law enforcement requests), we process data to comply with laws and legal obligations.
For health and other “special category” data under GDPR, explicit consent is required unless another strict condition applies. We will always ask for permission before collecting or using your sensitive health data.
6. Data Rention
We retain your personal information only as long as needed for the purposes described here (and as required by law). Once data is no longer necessary, we securely delete or anonymize it. For example, if you delete your account, we remove your personal and health data from our active database (though some residual copies may remain in backup storage for a limited time). Aggregate, anonymized analytics data may be retained indefinitely for improving our services. Under GDPR’s “storage limitation” principle, we do not keep personal data longer than necessary.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your data:
Access and Portability: You can request a copy of the personal data we hold about you (e.g. your profile and logs) and in some cases obtain it in a portable format.
Rectification: You can correct inaccurate or incomplete data (for example, update your profile or health information).
Deletion (“Right to be Forgotten”): You can request that we delete your personal data. Upon such request, we will erase your account and data except as needed to comply with legal obligations.
Restriction of Processing: You may ask us to limit how we use your data (e.g. for certain analytics) under specific conditions.
Objection: You can object to certain processing activities, such as personalized recommendations or direct marketing, at any time.
Withdraw Consent: For processing based on consent, you may withdraw consent at any time without affecting processing done before withdrawal.
Right to Complain: Under the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU.
California Residents: The California Consumer Privacy Act (CCPA) grants California users additional rights. You have the right to:
- Know the categories of personal information we collect, use, and share (we collect identifiers, health information, device data, etc.).
- Request access to the specific pieces of personal data we have collected about you.
- Request deletion of your personal information (subject to certain exceptions).
- Opt out of the “sale” of personal information. We do not sell your personal information, as broadly defined by the CCPA.
- Be free from discrimination for exercising these rights (we will not deny you service or charge different prices if you invoke your privacy rights).
To exercise any rights, please contact us at hello@snacktrack.io. We will verify your identity and respond according to the law. We aim to respond to requests within applicable deadlines.
8. Children’s Privacy
Our Services are not directed to children. SnackTrack! is intended for users 13 years or older (or the age of consent in your country). We do not knowingly collect personal data from children under 13 (in the U.S.) or under the applicable age of consent in the EU (typically 13–16 years). If we learn that we have inadvertently obtained personal data from a child in violation of these rules, we will promptly delete that information.
For Parents: If you believe we have collected information from your child without consent, please contact us at hello@snacktrack.io so we can delete the data.
9. Data Security
We employ reasonable technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. For example, we use encryption (SSL/TLS) for data in transit and store sensitive data in encrypted form. Access to personal data is limited to authorized personnel and service providers who need it to perform their duties. While no security system is perfect, we follow industry standards (such as ISO 27001 and OWASP guidelines) and regularly update our security practices.
10. Data Transfers
Your data may be stored and processed in the United States or other countries where our servers or service providers are located. The GDPR requires that transfers of personal data outside the EU/EEA occur only to countries with adequate protection or with safeguards like Standard Contractual Clauses. When we transfer EU personal data internationally (for example, to AWS servers or analytics providers in the US), we use such safeguards or rely on an adequacy decision (such as the EU-U.S. Data Privacy Framework, if applicable). We are committed to protecting your data no matter where it’s processed.
11. Apple HealthKit and Google Fit Disclosures
Apple HealthKit: As required by Apple, we clearly disclose why we request access to your HealthKit data. We only ask for data needed for app features (e.g. weight or nutrition logs) and use it solely to enhance SnackTrack!. Per Apple’s rules, we do not use HealthKit data for advertising, and we will not share it with third parties (except as described above) without your consent. Our privacy policy (this document) is provided to you as mandated by Apple for any app that accesses Health data.
Google Fit: In accordance with Google’s policies, our app’s Google Play listing and this privacy policy explain how we use Google Fit data. We abide by Google’s requirements to limit use of Fit data to improving the user’s health experience, and we do not share Fit data for advertising or sell it. We request Google Fit permissions only when needed and clearly notify you why.
12. Updates to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will post the revised policy here with a new effective date. We encourage you to review this policy periodically. The “Last Updated” date above indicates when this version took effect.
13. Contact Us
If you have any questions, concerns, or requests regarding this policy or your data, please contact XALO LLC at hello@snacktrack.io. We will respond to your inquiry in accordance with applicable law.
By using SnackTrack!, you acknowledge that you have read and understood this Privacy Policy, and you agree to its terms and to our processing of your information as described above.
14. Sources
This policy is based on applicable regulations and best practices, including Apple’s HealthKit guidelines, Google Fit privacy rules, FTC and HIPAA guidance, GDPR requirements, CCPA standards, and COPPA/GDPR provisions for children.