Privacy Policy

1.1 Information you provide - **Account information:** Email address used to create your account - **Profile information:** Display name, cuisine preferences, fitness goals, health goals (optional wellness preferences, e.g. gut friendly, heart healthy, diabetic friendly), dietary preferences, food allergies, and cooking time preferences you set during onboarding - **Scan data:** Photos you submit for ingredient scanning and the resulting ingredient lists - **Recipe interactions:** Recipes you save, rate, swap, or mark as cooked - **Meal planner entries:** Planned meals, manual meal logs (including calorie and macro information you choose to enter) - **Nutrition goals:** Daily targets you set for calories, protein, carbohydrates, and fat - **Shopping list items:** Items generated from your meal plan or added manually — synced to our servers so they persist across reinstalls and device changes - **Cooking activity:** Streak count and milestones reached - **Dietary preferences and swap history** - **Barcode scan history:** A record of each packaged food barcode you scan, including the barcode string, whether the product was found in our database, and the timestamp - **Community product contributions:** If you contribute a product to our community database (name, brand, per-100g macros, serving size), your account is associated with that contribution while your account is active. Contributed products are shared data — if you delete your account, your name is disassociated from the contribution but the product data remains for the benefit of other users - **Weekly cooking plans:** The batch-cook schedule generated when you use Generate Weekly Meal Plan, stored so it persists across app restarts

Nutrition goals and manual meal macro entries are health-adjacent data processed solely to provide personalised meal planning features and are not shared with third parties except as outlined in this policy.

1.2 Information collected automatically - **Usage data:** Features you use, screens you view, and actions you take in the app - **Device information:** Device type, operating system version, and app version - **Crash reports:** Technical error data collected via Sentry to help us fix bugs - **Scan telemetry (abuse prevention):** For each scan, we automatically record a device identifier (generated once per install), an anonymised image hash, and the scan timestamp. This data is used solely to detect and prevent abuse of our AI services (e.g. automated scanning). It is stored for a maximum of 90 days and is never used for advertising or profiling - **Device push token:** A device push notification token may be stored to support future notification features. This is infrastructure only and is not used to send notifications in the current version of the app

1.3 Information we do NOT collect - We do not store the photos you scan beyond what is needed to process your request - We do not access your camera roll outside of the specific photos you choose to share - We do not sell your data to third parties - **We do not collect or store biometric data** — see Section 1.4 below

1.4 BMR/TDEE Calculator

The in-app calorie calculator collects biological sex, age, weight, and height inputs solely to compute a calorie and macro estimate. These inputs are never transmitted, stored in our database, or retained in any form. They exist only in device memory for the duration of the calculation and are permanently discarded when the calculator is closed. Frittu does not store any biometric data.

We use your information to:

• Provide the core service — ingredient scanning and recipe generation
• Personalise recipe suggestions based on your cuisine preferences, fitness goals, and dietary restrictions
• Enforce allergen safety — your allergy data is included in every AI recipe generation request to prevent unsafe suggestions
• Track your scan quota and subscription status
• Send you service-related notifications (inactivity nudges, weekly cooking summaries, scan quota resets, meal planning reminders, and post-scan follow-ups)
• Improve the app through aggregated, anonymised analytics
• Respond to support requests

Recipe Sharing

When you choose to share a recipe using Frittu's share feature, the recipe name, ingredient list, cooking steps, and nutritional information are published to a publicly accessible URL at frittu.app. This content is derived from your scan session but is not linked to your account or personal identity on the public page. You control sharing — nothing is published without you tapping Share.

Shared recipe content is treated as a separate data category in our App Privacy disclosure: Shared recipe content — not linked to user identity.

We treat your allergy and dietary restriction data as sensitive health information.

• Your allergen list is transmitted to our AI systems solely to exclude unsafe ingredients from recipe suggestions
• It is not used for advertising, analytics profiling, or shared with third parties
• You can update or delete your allergy data at any time from your profile settings

Frittu uses AI services to analyse food photos and generate recipes. When you submit a photo or request recipes:

• Your photo (compressed and processed locally on your device) is sent to our secure servers
• Your profile data, including allergens and dietary preferences, is included in the request
• AI processing is performed by our sub-processors under data processing agreements
• We do not permit our AI sub-processors to train on your personal data

• Your data is stored in Supabase (PostgreSQL), hosted in Australia and the United States
• All data is encrypted in transit (TLS) and at rest
• Access to your data is restricted by row-level security — only you can read or modify your own data
• We use industry-standard security practices including authentication tokens and rate limiting

We do not sell your personal information. We share data only with:

• Supabase — database and authentication infrastructure
• AI services — AI processing of ingredient photos and recipe generation
• RevenueCat — subscription and payment management (no payment card data is stored by us)
• PostHog — anonymised product analytics
• Sentry — crash reporting (no personal data in error reports)
• Google Play — app distribution and payment processing (Android)

Under Australian Privacy Act 1988 and, where applicable, GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your account and all associated data (available directly in the app via Profile → Settings → Account → Delete Account)
• Request a portable copy of your data by emailing privacy@frittu.app — we will respond within 30 days
• Object to processing in certain circumstances

To exercise these rights, contact us at privacy@frittu.app or use the "Delete Account" option in the app.

Account deletion: Deleting your account permanently removes all your personal data — including your profile, saved recipes, scan history, meal plans, shopping lists, nutrition goals, and streak data — from our systems within 30 days of your deletion request. If you signed up with Apple Sign In, your Apple authorisation token is also revoked at Apple at the time of deletion.

Scan history retention: Scan history is retained for the duration of your account. All scan data is permanently deleted when you delete your account.

Frittu is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us immediately at privacy@frittu.app.

This app is not intended for children under 13. If you are under 13, please do not use Frittu.

We may update this Privacy Policy from time to time. We will notify you of significant changes via the app or email. The "Last updated" date at the top of this page reflects the most recent revision.

For privacy questions, data requests, or concerns:

Email: privacy@frittu.app Website: frittu.app Location: Australia