Privacy Policy

The words whose initial letters are capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

For the purposes of this Privacy Policy:

When You create an account and use the Service, We collect:

• Email address
• First name (optional)
• Account password (stored only in hashed form; We never have access to Your plaintext password)
• Date of birth (used to confirm You are 18 or older and to calculate Your basal metabolic rate)

To provide the core functionality of the Service, We collect Health and Wellness Data that You voluntarily provide, including:

• Body weight and weight history
• Height
• Sex assigned at birth (used solely for metabolic rate calculations using the Mifflin-St Jeor equation; not used for advertising, profiling, or any other purpose)
• Activity level
• Fitness and body composition goals
• Macronutrient targets and intake (protein, carbohydrates, fat)
• Food log entries, including food descriptions, brands, and portion details
• Optional progress photos and food photos (only if You choose to provide them)
• Barcode scan data (if You use the barcode scanning feature)

We use this information solely to calculate Your personalized macro targets, display Your progress, and provide the core features of the Service.

When You use the Service, We automatically collect:

• Device type, operating system, and OS version
• Mobile device identifiers (such as the iOS Identifier for Vendors)
• IP address (used for security and approximate region detection only; We do not collect precise geolocation)
• App version and crash diagnostics
• Times and dates of access and feature usage
• General region or country (derived from IP address)

We do not collect precise geolocation data from Your device.

With Your prior permission, We may access Your Device's camera and photo library when You choose to take or upload a food photo or progress photo. You can enable or disable this access at any time through Your Device settings. Photos are stored as part of Your Account data and are not used for facial recognition, biometric identification, or advertising.

When You log a meal by photo, the photo image data and any optional text note You add are sent to Our AI Service Provider, Anthropic PBC, to estimate the ingredients and macronutrients in the meal. Anthropic processes the data to generate Your macro estimate and does not retain it beyond the immediate response. See Section 4.1 for the full list of AI Service Providers and links to their privacy policies.

We may receive limited information from Our Service Providers, such as confirmation from RevenueCat that a subscription payment was successfully processed by Apple or Google, and Your current subscription entitlement status. We do not receive Your full payment card details from any of these providers.

We do not collect:

• Social Security numbers, government-issued ID numbers, or passport numbers
• Precise geolocation data
• Biometric identifiers (such as fingerprints, faceprints, or voiceprints)
• Information about race, ethnicity, religious or philosophical beliefs, union membership, or sexual orientation
• Information from Apple HealthKit, Google Fit, or similar health platforms (unless and until We integrate with these, in which case We will update this Policy and obtain Your consent)
• Information about other apps installed on Your device

We share Personal Data with Service Providers who help Us operate the Service. These providers are contractually bound to protect Your data and use it only for the purposes We specify. Our current Service Providers are:

• Supabase Inc. (backend database, file storage, and authentication infrastructure). All Your Account data — profile, macro targets, food log entries, and meal photos — is stored on Supabase. Privacy Policy: https://supabase.com/privacy
• Anthropic PBC (AI vision and macro estimation from food photos). Each time You log a meal by photo, We send the photo image data and any optional text note (food description, restaurant) to Anthropic for analysis. Anthropic returns the estimated ingredient breakdown and does not retain the data beyond the immediate response. Privacy Policy: https://www.anthropic.com/legal/privacy
• OpenAI, L.L.C. (text embedding generation for food database lookup). When You search foods or log entries, We send short food description text to OpenAI to convert into numeric vectors that We match against the USDA food database. No photos and no personally identifying information are sent to OpenAI. Privacy Policy: https://openai.com/policies/privacy-policy
• RevenueCat, Inc. (subscription management and entitlement verification). RevenueCat receives a stable account identifier from Us to track Your subscription status and validate Your access to paid features. Privacy Policy: https://www.revenuecat.com/privacy
• Apple Inc. (payment processing for in-app purchases on iOS, and Sign in with Apple if You choose that sign-in method). Apple handles Your payment information directly; We do not receive Your full payment card details. Privacy Policy: https://www.apple.com/legal/privacy/en-ww/
• Google LLC (payment processing for in-app purchases on Android, when MacroBank is available there, and Google Sign-In if You choose that sign-in method). Google handles Your payment information directly; We do not receive Your full payment card details. Privacy Policy: https://policies.google.com/privacy

We will update this list when We engage additional Service Providers.

We may share Personal Data with Adcker's affiliates, if any exist in the future. As of the effective date, Adcker has no affiliates. Any future affiliates will be required to honor this Privacy Policy.

If Adcker is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of its assets, Your Personal Data may be transferred as part of that transaction. We will notify You by email and/or a prominent notice in the Service before Your Personal Data becomes subject to a different privacy policy.

We may disclose Personal Data when We believe in good faith that disclosure is necessary to:

• Comply with a legal obligation, court order, or valid request from a public authority
• Protect and defend the rights, property, or safety of Adcker, Our users, or the public
• Investigate or prevent suspected fraud, security incidents, or violations of Our Terms of Service
• Establish, exercise, or defend legal claims

We may disclose Personal Data for any other purpose with Your explicit consent.

We may share aggregated or de-identified information that cannot reasonably be used to identify You for any purpose, including for research and analytics.

In the event of a data breach affecting Your Personal Data, We will notify affected users and applicable regulatory authorities in accordance with applicable law (including, where applicable, within 72 hours under GDPR and as required by US state breach notification laws).

We process Personal Data under the following legal bases:

• Performance of a contract: To provide the Service You requested.
• Consent: Where We rely on Your consent (for example, for marketing emails or for processing of certain Health and Wellness Data as required by local law).
• Legitimate interests: For service improvement, security, fraud prevention, and analytics, where Our interests are not overridden by Your fundamental rights and freedoms.
• Legal obligation: Where processing is necessary to comply with applicable law.

The Service uses algorithmic calculations (such as the Mifflin-St Jeor equation) to generate macronutrient recommendations based on the information You provide. These calculations are advisory and do not produce legal or similarly significant effects on You. You can always adjust Your targets manually or stop using the Service at any time.

To exercise any of these rights, contact Us at help@macrobank.app. We will respond within one month, which We may extend by up to two additional months where necessary, in accordance with GDPR.

In the past 12 months, We have collected the following categories of Personal Information:

We collect the following categories of Sensitive Personal Information:

• Account login credentials (password hashes)
• Health and Wellness Data (body measurements, food intake, activity level)

We use Sensitive Personal Information only for the purposes set out in Section 8 of the California Consumer Privacy Act Regulations, including to provide the Service You requested and to ensure security and integrity. You have the right to limit Our use and disclosure of Sensitive Personal Information, but because We already limit Our use of this information to these permitted purposes, no additional action is required.

We do not sell Personal Information for monetary consideration, and We do not share Personal Information for cross-context behavioral advertising. We have not sold or shared Personal Information in the past 12 months.

You have the right to:

• Know what Personal Information We collect, use, disclose, and (if applicable) sell or share about You
• Access the specific pieces of Personal Information We have collected
• Delete Your Personal Information, subject to certain exceptions
• Correct inaccurate Personal Information
• Opt out of the sale or sharing of Personal Information (not applicable to Us as We do not sell or share)
• Limit the use of Sensitive Personal Information (We already limit such use; see Section 11.2)
• Non-discrimination for exercising Your rights

To exercise any of these rights, contact Us at help@macrobank.app with "California Privacy Request" in the subject line.

We will verify Your request by confirming Your identity (typically by matching information You provide against information associated with Your Account). We will respond within 45 days, which We may extend by an additional 45 days where reasonably necessary.

You may use an authorized agent to submit a request. Your agent must provide proof of authorization, and We may require You to verify Your identity directly.

We do not offer financial incentives in exchange for the collection, sale, or sharing of Personal Information.

We collect the following categories of Consumer Health Data from Washington residents:

• Body measurements (weight, height)
• Biological information used for metabolic calculations (age, sex assigned at birth)
• Fitness and exercise data (activity level, fitness goals)
• Nutritional and dietary information (food logs, macronutrient intake)
• Inferences derived from the above (such as recommended macronutrient targets)

We collect Consumer Health Data directly from You when You provide it through the App.

We collect and process Consumer Health Data solely to:

• Provide the macro tracking and wellness features of the Service
• Calculate personalized macronutrient targets
• Display Your progress and history
• Improve and maintain the Service
• Comply with legal obligations

We share Consumer Health Data only with Our backend Service Provider (Supabase) to store and retrieve Your data, and only as necessary to provide the Service.

As a Washington resident, You have the right to:

• Confirm whether We are collecting, sharing, or selling Your Consumer Health Data
• Access Your Consumer Health Data, including a list of all third parties with whom We have shared it
• Withdraw consent for Our collection and sharing of Your Consumer Health Data
• Delete Your Consumer Health Data

We do not sell Consumer Health Data and have never sold Consumer Health Data.

To exercise these rights, contact Us at help@macrobank.app with "Washington Health Data Request" in the subject line. We will respond within 45 days.

You also have the right to appeal Our decision regarding Your request. If We deny Your request, You may appeal by replying to Our response with "Appeal" in the subject line. We will respond to Your appeal within 45 days. If Your appeal is denied, You may contact the Washington State Attorney General at https://www.atg.wa.gov/file-complaint.

A direct link to this Washington Consumer Health Data Privacy Notice is available on Our website homepage and within the App settings, labeled "Your Washington Privacy Rights."

Nevada residents have the right to opt out of the "sale" of certain personal information as defined under Nevada SB 220. We do not sell personal information as defined under Nevada law. If You have questions, contact Us at help@macrobank.app.

The MacroBank mobile App does not use cookies. The App uses local storage on Your Device to maintain Your session and store cached data (such as Your food log entries) to ensure the App functions properly offline. This local storage data remains on Your Device and is not shared with third parties.

If You visit macrobank.app or related Adcker websites, We may use cookies and similar technologies. We use only strictly necessary cookies (required for site functionality and security) by default. We do not use advertising, marketing, or analytics cookies that require consent unless You opt in.

If We add cookies that require consent in the future, We will update this Privacy Policy and provide a cookie banner allowing You to manage Your preferences.

Our Service does not currently respond to "Do Not Track" browser signals. We honor Global Privacy Control (GPC) signals from California residents and other US state residents whose laws require it, where applicable.

Our Apple App Store "Privacy Nutrition Labels" describe the types of data collected by the App. Those disclosures are consistent with this Privacy Policy. If there is any inconsistency, this Privacy Policy controls.

The MacroBank App does not track You across other apps or websites and does not request the App Tracking Transparency permission.

The App requests the following Device permissions:

• Camera and Photo Library (optional): To allow You to add food photos or progress photos
• Notifications (optional): To send You reminders and updates You have opted into

You can manage these permissions at any time through Your Device settings.