Dietree LogoDietree

Privacy Policy

Last updated: May 27, 2025

This Privacy Notice for Rody Yaacoub (doing business as Dietree) (“we,” “us,” or “our”) explains how and why we collect, store, use, and share (“process”) your personal information when you rely on our services (“Services”), including:

  • Downloading and using our mobile application (Dietree) or any related application that refers to this Privacy Notice.
  • Using Dietree—a feature-rich AI-driven mobile app for nutrition and meal planning, which includes food inventory and expiry tracking, meal logging with macro tracking, personalized recipe suggestions (based on dietary goals and wearable device activity), automatic grocery list generation, and multilingual support, helping you eat healthier, reduce food waste, and stay on track with your fitness.
  • Interacting with us through other channels, such as marketing, support, events, or sales.

If you have questions or concerns, this Privacy Notice helps you understand your privacy rights and choices. We decide how your personal information is handled. If you disagree with any part of our practices, please do not use our Services. You can reach us anytime at support@dietree.app.

SUMMARY OF KEY POINTS

Below is a quick overview. For full details, see the linked sections or use the table of contents.

  • Personal information we collect: We gather data based on your interactions—what you choose to share and how you use our Services. Learn more.
  • Sensitive information: Certain data (health, dietary, or fitness details) is treated as sensitive and collected only with your explicit consent or when legally required. Learn more.
  • Data from third parties: We do not obtain personal data from external sources.
  • Processing your data: We use your data to run and improve our Services, handle support inquiries, maintain security, and meet legal requirements. We process data only for valid legal reasons. Learn more.
  • Sharing your information: We share data with specific service providers and in defined situations (e.g., business transfers, legal obligations). Learn more.
  • Security: We maintain administrative, technical, and organizational safeguards. While we strive for maximum protection, no system is infallible. Learn more.
  • Your rights: Depending on your location, you may have rights like access, correction, deletion, restriction, portability, and objection. Learn more.
  • Exercising your rights: The simplest way is by submitting a data subject access request or contacting us directly. We’ll respond in line with applicable laws.

TABLE OF CONTENTS

  1. WHAT INFORMATION DO WE COLLECT?
  2. HOW DO WE PROCESS YOUR INFORMATION?
  3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
  4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
  5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
  6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
  7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
  8. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
  9. HOW LONG DO WE KEEP YOUR INFORMATION?
  10. HOW DO WE KEEP YOUR INFORMATION SAFE?
  11. WHAT ARE YOUR PRIVACY RIGHTS?
  12. CONTROLS FOR DO-NOT-TRACK FEATURES
  13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
  14. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
  15. DO WE MAKE UPDATES TO THIS NOTICE?
  16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
  17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you provide

In Short: We collect data you voluntarily provide, such as your name, email, and any preferences or information you share when you register, log in, or engage with our Services.

When you register for an account, request information, participate in app features, or contact us directly, you may share personal details. The exact information depends on how you interact with our Services and choices you make.

Types of data you may provide:

  • Full name
  • Email address
  • Password hashes (never plain text)

Sensitive Data (with your consent):

  • Health-related data (e.g., medical conditions, lab results)
  • Dietary restrictions or allergy information
  • Fitness metrics (e.g., steps, workouts synced from wearables)

Social media login data: If you opt to sign in via Facebook, X, or another platform, we collect your public profile details (e.g., name, email, profile picture). We do not control how those platforms handle your data; review their privacy policies for more information.

Application data (if you grant permissions):

  • Device access: We may ask to use your camera or photo library to upload images or receipts. You can revoke these permissions at any time via your device’s settings.
  • Device metadata: We automatically record details such as your device model, operating system version, unique device identifier, network provider, and IP address. This helps us maintain app security, diagnose issues, and improve performance.
  • Push notifications: We may send notifications about account updates, meal reminders, or feature announcements. You can disable notifications within your device settings at any time.

Please ensure all provided personal information is accurate and notify us promptly if changes are needed.

Information collected automatically

In Short: When you open or use our Services, we automatically collect certain data—like your IP address, device model, browser type, and in-app usage metrics—to help keep our Services secure and running smoothly.

This automatically gathered data never directly reveals your identity (e.g., your name) but includes:

  • Log and Usage Data: Server logs record actions such as pages viewed, time stamps, searches, features clicked, and any error reports (“crash dumps”). This data helps us monitor performance and fix bugs.
  • Device Data: Details about your device (IP address, device/browser identifiers, operating system, hardware model, and system settings) help us optimize compatibility, detect fraud, and personalize your experience.
  • Application performance & crash reports: We collect stack traces, error codes, and performance logs when the app encounters issues, allowing our engineers to troubleshoot quickly.

Google API compliance: Any information obtained via Google APIs (e.g., Maps, authentication) adheres strictly to Google’s API Services User Data Policy, including the Limited Use requirements.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We use your personal data to deliver and maintain our Services, communicate with you, protect against threats, and fulfill legal obligations. We only process data when we have a valid legal reason or your explicit consent.

Depending on your interaction with Dietree, we may process your data for:

  • Account management: Creating and authenticating your user account, and keeping it in good order.
  • Service delivery: Providing requested features (e.g., tracking meals, generating grocery lists, personalized recipe suggestions) and any associated support.
  • Customer support: Responding to inquiries, troubleshooting issues, and offering guidance.
  • Administrative communication: Sending updates about our app (new features, policy changes, security alerts).
  • Feedback collection: Requesting your input to improve the app and contact you about your experience.
  • Security and fraud prevention: Monitoring activity to detect and prevent unauthorized access or abuse.
  • Usage analytics: Analyzing how you use Dietree to refine features and enhance usability.
  • Vital interests: In rare circumstances (e.g., to prevent imminent harm), we may process data to protect you or others.
  • Personalization: Tailoring meal plans, recipe prompts, and in-app suggestions based on your logged data, preferences, and wearable activity.
  • Performance optimization: Adjusting UI flows and features according to usage patterns and device performance metrics.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

In Short: We only process your personal data when we have a valid legal basis—such as consent, fulfilling a contract, legitimate interests, complying with the law, or protecting vital interests.

(Applies if you reside in the EU or UK.)

Under GDPR and UK GDPR, we rely on:

  • Consent: You explicitly agree to certain data uses. You can withdraw this at any time.
  • Performance of a contract: We process data to fulfill our obligations to you (e.g., delivering paid features).
  • Legitimate interests: When necessary for our business goals (e.g., improving app usability, preventing fraud) as long as this does not override your rights.
  • Legal obligations: We process data to comply with laws or cooperate with authorities (e.g., responding to valid subpoenas).
  • Vital interests: In emergencies (e.g., to prevent serious harm), we may process your data without explicit consent.

We are typically the “data controller” for data described here. If we ever act as a “data processor” on behalf of another organization (e.g., integrating Dietree into a corporate wellness program), that organization is responsible for informing you how they process your data.

(Applies if you reside in Canada.)

Under PIPEDA, we process your data with:

  • Express or implied consent: We ask for your permission when necessary, and you can withdraw anytime.
  • Limited exceptions: In certain situations (e.g., to investigate fraud or comply with legal orders), we may process data without consent.

We only disclose anonymized data for research or statistics, subject to ethics oversight.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We share your data only in specific situations described below, always under contractual safeguards.

Vendors, Contractors, and Service Providers: We may share your data with trusted partners who help us run Dietree. These partners are bound by contract to protect your information and only use it for the purposes we specify.

We currently share data with:

  • AI Service Providers:
    • OpenAI (for recipe text generation, NLP)
    • Google Cloud AI (for image analysis and machine‐learning models)
  • Social Login Providers:
    • Google (for “Sign in with Google” option)
  • Cloud Infrastructure & Database:
    • Supabase (database, authentication, and data backups)
  • Analytics & Performance:
    • Google Analytics for Firebase (app usage metrics)
    • Firebase Performance Monitoring & Crashlytics (performance and crash reporting)
  • Hosting & Deployment:
    • Vercel (hosting the web portions of our platform)
  • Testing & QA:
    • Google Play Console & TestFlight (beta and internal testing)

We may also share data if:

  • Business transfers: If Dietree is sold, merged, acquired, or undergoes another type of business restructure, your data may be moved to new owners, with notice and required safeguards.
  • Legal requirements: We may disclose data to comply with laws, court orders, or protect vital interests (e.g., in an emergency or when required by a valid subpoena).

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may place cookies and similar trackers on our website to help secure the site, maintain user preferences, and gather analytics. The mobile app itself does not set persistent cookies—webview components may use session-only cookies from third parties.

Our website (dietree.app) may employ:

  • Cookies or browser cookies: Small files saved by your browser to remember your preferences (e.g., language) or keep you logged in. You can disable or clear cookies via your browser, but some features may not work properly afterward.
  • Web beacons, tags, and pixels: Tiny images or code snippets embedded in web pages or emails that help us count visits, track openings, and monitor performance.

Third‐party analytics and advertising partners may also use cookies (e.g., Google Analytics). To opt‐out of Google Analytics tracking, visit https://tools.google.com/dlpage/gaoptout. More details about our tracking practices are in our dedicated Cookie Notice.

If any tracking is considered a “sale” or “sharing” under applicable U.S. state laws (e.g., CCPA), you can opt out via the methods described in Section 13.

6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

In Short: We provide AI-powered tools and features (recipe generation, image analysis, NLP) using third-party AI providers.

Dietree’s AI capabilities enhance your experience by generating personalized recipes, analyzing meal photos, and offering smart suggestions. All AI processing is performed by external AI service providers under strict data‐handling agreements.

Use of AI technologies

We leverage third-party AI platforms—OpenAI and Google Cloud AI—to power features such as:

  • Image analysis (e.g., automatic food recognition)
  • Machine learning models for personalized meal planning
  • Natural language processing for recipe instructions

Data processing by AI providers

Any personal information sent to AI providers (like meal photos or text prompts) is managed according to our agreements with those providers, ensuring encryption in transit and at rest. You must not use AI features in ways that violate any AI provider’s terms.

7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In Short: If you sign in with a social media account (e.g., Facebook, X, Google), we receive only the profile information you allow (often name, email, and avatar). We do not store or announce any additional personal data from those providers.

When you choose a social login, we request basic profile details to create or match your Dietree account. The exact fields (e.g., email, display name, profile picture) depend on the social platform’s sharing settings. We use this data only to manage your login and personalize your experience in Dietree.

We do not control how social platforms use your data. Review their privacy policies to understand their data‐collection and sharing practices.

8. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

In Short: We may transfer, store, and process your information across borders, including Germany (our primary server location) and the United States. When we share data with third-party providers, they too may process it in various regions.

If you access Dietree from outside Germany, your data may move to Germany and to any country where our service providers operate (e.g., U.S., Canada, etc.). We take steps—such as Standard Contractual Clauses—to ensure your data remains protected in accordance with EU/UK requirements.

European Commission’s Standard Contractual Clauses

We implement SCCs for personal data transfers from the EEA/UK to our partners. These clauses obligate recipients to handle EEA/UK data under GDPR‐equivalent protections. You can request a copy of these clauses at any time.

9. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We retain your data only for as long as necessary to fulfill the purposes described in this Notice, unless legal obligations require longer retention.

We determine retention based on data type and purpose. Generally:

  • Account Data: Retained while your account is active. After you deactivate, we delete or anonymize it within 30 days; backups may remain for up to 120 days, inaccessible for processing until deletion.
  • Usage & Log Data: Retained for 12 months to support performance analysis and security auditing.

Once we no longer need data for its original purpose (e.g., account no longer exists), we securely delete or anonymize it. If deletion is impossible (e.g., system backups), the data is isolated until removal is feasible.

10. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We employ organizational and technical measures—encryption, access controls, regular audits—to safeguard your personal information. However, no system is 100% secure, so risk remains.

Our security practices include:

  • Encryption in transit: We use TLS to encrypt data sent between your device and our servers.
  • Encryption at rest: Sensitive data is stored using AES-256 encryption on our cloud databases.
  • Access controls: Role-based permissions limit who in our organization can access your data.
  • Audits & testing: We conduct quarterly security assessments and annual third‐party penetration tests.

While we strive for top‐tier safeguards, no electronic system can be guaranteed fully secure. Always access Dietree from a secure network.

11. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on where you live, you may have rights such as access, correction, deletion, restriction, portability, or objection to profiling. You may also withdraw consent and opt out of certain data uses.

In jurisdictions like the EEA, UK, Switzerland, and Canada, you can:

  • Request access to and receive a copy of your personal data
  • Ask us to correct or delete inaccurate information
  • Request restriction of processing or data portability
  • Object to automated decision-making (including profiling)
  • Lodge a complaint with your local data protection authority

Under certain U.S. state laws (CCPA/CPRA, etc.), you can:

  • Know what personal data is being processed
  • Access and obtain a copy of your personal data
  • Correct inaccuracies in your data
  • Request deletion of your personal data
  • Receive a copy of personal data you provided
  • Opt out of “sale” or “sharing” for targeted advertising
  • Not be discriminated against for exercising these rights
  • Additional state‐specific rights (e.g., profiling details, third‐party lists)

We process all requests in line with applicable laws and verify your identity to ensure we deliver data to the correct person. If you reside in the EEA or UK, you may also file a complaint with your supervisory authority if you believe we mishandled your data.

Withdrawing consent: If we rely on your consent, you can withdraw it at any time by contacting us (see Section 16). This withdrawal does not affect processing done before the withdrawal.

Opting out of marketing: You can opt out of promotional emails or push notifications by clicking “unsubscribe” in emails or adjusting your notification preferences within the app. Even if you opt out of marketing, we may still send you service‐related messages (e.g., security updates, account information).

Account management: To update or delete your account, log into your account settings. Upon request, we will deactivate or delete your account from active databases. However, we may retain certain information for legal compliance, fraud prevention, or dispute resolution.

For any questions about your rights, email us at support@dietree.app.

12. CONTROLS FOR DO-NOT-TRACK FEATURES

Many browsers and mobile platforms include a Do-Not-Track (DNT) option to signal that you don’t want your browsing activity tracked. At present, there’s no industry‐wide standard for honoring these signals, so we do not actively respond to DNT requests. If a recognized standard emerges that we must follow, we will update this Privacy Notice accordingly.

Under California law, we must disclose our DNT policy. Since there’s no uniform approach, we do not respond to DNT signals at this time.

13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you live in California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have additional rights under your state’s privacy laws.

Categories of Personal Information We Collect

Below is a summary of personal data categories we collected in the past 12 months. For a full list, see Section 1.

CategoryExamplesCollected
A. IdentifiersContact details (name, alias, postal address, phone, unique identifiers, IP address, email, account name)YES
B. Customer RecordsName, contact info, education, employment history, financial detailsYES
C. Protected Classification CharacteristicsGender, age, date of birth, race/ethnicity, national origin, marital status, demographicsYES
D. Commercial InformationPurchase history, transaction details, payment infoNO
E. Biometric InfoFingerprints, voiceprintsNO
F. Internet/Network ActivityBrowsing/search history, online behavior, interactions with adsNO
G. Geolocation DataDevice locationNO
H. Audio/Electronic/Sensory InfoPhotos, audio/video recordings created during app useNO
I. Professional/Employment InfoBusiness contact details, job title, work history (if you apply for a role)NO
J. Education InfoStudent records, directory informationNO
K. InferencesProfiles or summaries drawn from collected data (preferences, characteristics)YES
L. Sensitive Personal InfoAccount credentials, health-related dataYES

We only collect sensitive personal information when necessary or with your explicit consent. You may have the right to limit its use or disclosure.

We may also collect data outside these categories when you:

  • Contact customer support
  • Participate in surveys or promotions
  • Interact via phone, mail, or in person regarding our Services

We retain this data as follows:

  • Category A, B, C, K, L: As long as you maintain an account

How We Use & Share Personal Information

See Section 2 for how we use your data and Section 4 for who we share it with.

We have not sold or shared any personal information to third parties for commercial purposes in the past 12 months. For a list of any disclosures we’ve made, see Section 4.

Your Rights (U.S. States)

Under certain U.S. state laws, you may have:

  • Right to know if we’re processing your personal data
  • Right to access your personal data
  • Right to correct inaccurate personal data
  • Right to request deletion of personal data
  • Right to receive a copy of data you provided
  • Right to non-discrimination when exercising rights
  • Right to opt out of data used for targeted advertising, “sale,” or profiling with significant effects

Depending on your state, you may also have:

  • Right to know categories of data processed (in Minnesota, etc.)
  • Right to obtain categories or specific lists of third parties we shared data with (California, Delaware, Maryland, Minnesota, Oregon)
  • Right to review profiling details (Minnesota)
  • Right to limit use/disclosure of sensitive data (California)
  • Right to opt out of biometric or similar data collection (Florida)

To exercise these rights, submit a data subject access request or email support@dietree.app. Under some state laws, you can designate an authorized agent, but they must provide proof of your permission.

Upon receiving a request, we’ll verify your identity to ensure we provide data only to you (or your authorized agent). We may ask for additional info if our existing records aren’t sufficient.

If we decline your request, you can appeal by emailing us at support@dietree.app. If the appeal is denied, you may lodge a complaint with your state attorney general.

California “Shine the Light” Law: California residents can request details of any personal data shared for direct marketing with third parties, once per year at no charge. To request, contact us as described in Section 16.

14. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: You may have extra rights depending on your country of residence.

Australia & New Zealand

We adhere to Australia’s Privacy Act 1988 and New Zealand’s Privacy Act 2020. This Notice meets their requirements by describing what data we collect, from where, why, and who else might receive it.

If you choose not to provide required data, it may impact our ability to deliver services (e.g., personalized meal plans, support).

You have the right to access and correct your personal information at any time by contacting us (see Section 17).

If you suspect we’re unlawfully processing your data, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or the Office of the New Zealand Privacy Commissioner.

Republic of South Africa

Under POPIA and PAIA, you can request access to or correction of your personal data at any time by contacting us (see Section 17).

If you’re not satisfied with our response, you can contact:

The Information Regulator (South Africa)
General enquiries: enquiries@inforegulator.org.za
Complaints (POPIA/PAIA form 5): PAIAComplaints@inforegulator.org.za & POPIAComplaints@inforegulator.org.za

15. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we update this Notice when necessary to comply with new laws or to reflect changes in our practices.

We’ll update the “Last updated” date at the top. If there are material changes, we may notify you via email or a prominent notice in the app or on our website. Please review this Notice periodically to stay informed.

16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions, comments, or requests about this Privacy Notice, you can reach us by email at support@dietree.app or by mail at:

Rody Yaacoub
Aalbersestraat
Amsterdam, Noord Holland 1067GM
Netherlands

European Economic Area (EEA): We are the “data controller” for your personal information. We have appointed Rody Yaacoub as our EEA representative. Contact them at support@dietree.app, visit www.dietree.app, or write to:

Aalbersestraat
Amsterdam, Noord Holland 1067GM
Netherlands

United Kingdom: We are the “data controller” for your personal information. We have appointed __________ as our UK representative. Contact them at:

__________
__________ __________
United Kingdom

17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Depending on local laws, you can request access to, correction of, or deletion of your personal information. You may also withdraw consent or object to certain processing. Submit a data subject access request via our online form or contact us (see Section 16). We’ll respond per applicable law.