FoodLore Privacy Policy

1. App Overview

FoodLore is an iOS health and nutrition application that combines artificial intelligence, Traditional Chinese Medicine (TCM) food wisdom, and modern nutritional science. The app helps users understand the health properties of foods through AI-powered food recognition and personalized analysis.

FoodLore is designed with privacy as a core principle. We collect minimal data, store health information on your device by default, and only transmit sensitive information to trusted AI providers when you explicitly consent.

2. Data We Collect

2.1 Photos You Take in the App

When you use FoodLore's food scanning feature, we collect:

Food photos: Images of food you want to analyze. These are sent to our AI provider (OpenAI) for food recognition and nutritional analysis. After processing, photos are discarded from our servers.
Tongue photos: Images of your tongue for TCM constitution analysis. These are sent only to approved US-based AI providers (OpenAI or Anthropic) with your explicit consent. Photos are not retained after analysis.

Important: Photos are never stored on our servers for training purposes. We do not train our models on your images.

2.2 Health Kit Data

FoodLore can read the following health metrics from Apple HealthKit (if you grant permission):

Heart Rate Variability (HRV)
Resting Heart Rate
Sleep Duration
Step Count

On-Device Storage: HealthKit data remains on your device and is never sent to third-party servers unless you explicitly consent to share it for personalized health analysis.

Personalized Analysis: When you request personalized health insights that incorporate HealthKit data, this information may be sent to approved US providers (OpenAI or Anthropic only) along with your constitution and symptom data. DeepSeek will never receive your health data.

2.3 Constitution Quiz Responses

When you take the TCM constitution quiz, your responses are stored on your device. This data is used to determine your constitutional type and is only sent to AI providers when you request personalized analysis and explicitly consent.

2.4 Symptom Tracking

FoodLore's wellness tracker allows you to log daily symptoms and health observations:

Energy levels
Sleep quality
Digestion
Mood
Temperature/body sensation

All symptom data is stored on your device. This data is only sent to AI providers when you explicitly request personalized health analysis.

2.5 Food Scan History & Favorites

FoodLore maintains a local history of foods you've scanned and your favorite items. This data is stored only on your device and is never transmitted to external servers.

2.6 Subscription Status

FoodLore uses Apple's StoreKit 2 for in-app purchases and subscription management. Apple handles all subscription data through their secure systems. We do not receive or store your payment information.

2.7 Automatically Collected Data

We do not use analytics SDKs, advertising networks, or tracking pixels. FoodLore does not automatically collect:

Device identifiers (IDFA, IDFV)
App usage analytics
Advertising data
Crash reports with personal information

3. Third-Party Services & Data Sharing

3.1 OpenAI API

Use Cases:

Food photo analysis for nutritional information
Tongue photo analysis for TCM constitution assessment
Personalized health insights (with explicit user consent)

Data Sharing: Food photos, tongue photos, constitution data, and health metrics may be sent to OpenAI for analysis. OpenAI does not train on API data per their data usage policy.

Data Retention: OpenAI retains API request data for 30 days to detect abuse; images are discarded after processing.

3.2 DeepSeek API

Use Cases:

General TCM food property lookups (e.g., "what are the TCM properties of ginger?")
Ingredient analysis without personal health context

Important Restriction: NO personal health data (constitution, symptoms, biometrics, tongue photos) is ever sent to DeepSeek. DeepSeek operates under Chinese data jurisdiction, and health data is restricted to approved US providers only.

Data Sent: Only food names, ingredients, and general nutritional queries with no identifying information.

3.3 Open Food Facts

For barcode lookups on packaged foods, FoodLore queries Open Food Facts—a public, crowdsourced food database. Only the barcode (UPC code) is transmitted; no personal user data is shared.

3.4 Apple HealthKit

FoodLore reads (but never writes to) HealthKit data with your permission. HealthKit remains under Apple's privacy protections and is not shared with third parties unless you explicitly consent to sharing it for personalized analysis with approved US providers.

3.5 No Other Data Sharing

                    Key Privacy Commitments
                    We do not sell user data to advertisers or data brokers
We do not share data with marketing agencies
We do not use data aggregators or analytics platforms
We do not share health data with non-approved providers

                

4. How We Protect Your Data

4.1 On-Device Storage

FoodLore stores quiz responses, symptom logs, and food history on your device using Apple's secure UserDefaults framework. This data is encrypted by iOS and protected by your device's passcode or biometric authentication.

4.2 Transmission Security

All data transmitted to third-party APIs (OpenAI, DeepSeek) is encrypted in transit using TLS 1.2 or higher.

4.3 No Accounts or Passwords

FoodLore does not require you to create an account or login. This eliminates account breach risk and password compromise exposure.

4.4 No Personal Identifiers

We do not request or store your name, email address, phone number, or other personally identifiable information (unless you voluntarily provide your email to contact us).

5. Your Rights & Choices

5.1 Data Deletion

You can delete all data stored by FoodLore simply by deleting the app from your device. Uninstalling FoodLore removes all locally stored quiz responses, symptom logs, food history, and preferences from your iPhone.

5.2 Permission Controls

You have full control over app permissions:

Camera: Grant permission only when using food or tongue scanning
HealthKit: Selectively choose which health metrics to share
Cloud AI Consent: FoodLore always asks before sending data to external APIs

5.3 Opting Out of Cloud Analysis

You can use FoodLore entirely offline. Constitution assessment, symptom tracking, and food history features work without connecting to external services. Only food/tongue photo recognition requires API access.

5.4 California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

Know: What personal information FoodLore collects (see Section 2)
Delete: Request deletion of your data by uninstalling the app
Opt-out: FoodLore does not sell or share personal information for marketing purposes
Non-discrimination: We will not discriminate against you for exercising your privacy rights

5.5 International Users (GDPR & Similar Laws)

If you are in the European Union or other jurisdictions with strict data protection laws:

FoodLore's data collection is minimal and on-device by default
Cloud processing is optional and requires explicit consent
You can delete all data by uninstalling the app
We comply with Apple's data protection standards, which meet GDPR requirements

For specific GDPR-related requests (data access, correction, deletion), contact us at support@foodlore.app.

6. Children's Privacy

FoodLore is not directed at children under 13 years old. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided personal information, we will take steps to delete such information promptly.

Parents or guardians who believe their child has used FoodLore and provided personal information should contact us immediately at support@foodlore.app.

7. Legal Compliance

7.1 Apple App Store Requirements

FoodLore complies with Apple's App Store guidelines, including the App Privacy Policy requirements. This privacy policy is provided to Apple and users as required.

7.2 HIPAA Disclaimer

FoodLore is a wellness and information tool, not a medical device. It does not replace professional medical advice, diagnosis, or treatment. Always consult a qualified healthcare provider before making health decisions.

FoodLore does not store health information in a manner that triggers HIPAA obligations; your data remains on your device and you control what you share.

7.3 Limitation of Liability

FoodLore is provided "as is." We are not liable for unauthorized access to your data beyond our reasonable security measures, data loss due to device failure, or third-party API breaches beyond our control.

7.4 Policy Updates

We may update this privacy policy to reflect changes in our practices, third-party services, or legal requirements. Continued use of FoodLore after updates constitutes acceptance of the revised policy. We will notify you of material changes.

8. Contact Us

If you have questions about this privacy policy, your data, or our privacy practices, please contact us:

Developer: FoodLore
Email: support@foodlore.app
App: FoodLore (iOS)

We will respond to privacy inquiries within 30 days.