Yes We Eat Privacy Policy
Last updated and effective: July 15, 2026
This Privacy Policy explains how Yes We Eat ("Yes We Eat," "we," "us," or "our") collects, uses, shares, and protects information when you use the Yes We Eat mobile application, website, and related services (collectively, the "Services").
By using the Services, you acknowledge the practices described in this Policy. If you do not agree, do not use the Services.
1. Summary
- We do not sell your personal information. We also do not share personal information for cross-context behavioral advertising.
- We use service providers to operate Yes We Eat, including third-party artificial intelligence providers. Information such as messages, meal photos, and relevant profile details may be sent to these providers to produce analyses and responses.
- Yes We Eat is an informational food and wellness tracking tool. It is not a substitute for professional medical or nutritional advice, diagnosis, or treatment.
- You may request access, correction, portability, or deletion by contacting us as described in Section 13.
2. Information we collect
Depending on how you use the Services, we may collect:
a. Account and authentication information
Your name, email address, profile image, user identifiers, sign-in method, and technical information needed to maintain your session and secure your account. If you use social sign-in or another identity provider, we receive the information you authorize that provider to share.
b. Profile, health, and wellness information
Age, sex, height, weight, activity level, stated or estimated energy expenditure, weight goal, calorie deficit or surplus, food preferences or restrictions, habits, routine, and other information you choose to provide.
Some of this information may be considered sensitive personal information or health data in certain jurisdictions. We process it only to provide requested features, with consent or another applicable legal basis.
c. Content you provide
Messages and chat responses, meal logs, custom foods, photos taken with your camera or selected from your library, nutritional information, notes, and other content you submit to the Services.
Photos may contain additional information visible in the image. Yes We Eat does not need photo location metadata to analyze meals and does not request your precise location for that purpose.
d. Usage, device, and diagnostic information
We may collect information about access to and use of the Services, such as IP address, device and operating system type and version, app version, language, session identifiers, access dates and times, and error, security, and performance logs.
e. Subscriptions and payments
Subscriptions are processed by the Apple App Store or Google Play and managed with the assistance of RevenueCat. We do not receive or store your full payment-card number. We may receive purchase, product, and plan identifiers; subscription status; renewal or expiration dates; store country or region; and information needed to validate access to paid features. Your email address and a user identifier may also be associated with the subscription record.
f. Information stored on your device
We may locally store authentication tokens, preferences, recent messages, and copies of photos used in your journal to maintain your session and support the app interface. This information may remain on your device until removed by the app, uninstallation, or your actions.
3. How we use information
We use information to:
- create, authenticate, and secure your account;
- provide and personalize goals, estimates, logs, summaries, protocols, and other app features;
- analyze text and images and generate artificial-intelligence responses;
- maintain your history and synchronize information across devices;
- process and manage subscriptions and restore purchases;
- provide support and respond to requests;
- detect, investigate, and prevent fraud, abuse, failures, and security incidents;
- monitor and improve the reliability, performance, accessibility, and experience of the Services;
- comply with legal obligations and enforce our terms; and
- send operational communications about your account, security, subscription, or material Service changes.
We do not use sensitive personal information for targeted advertising.
4. Third-party artificial intelligence
Some features rely on artificial intelligence models and services operated by third parties. To respond to a request, we may send these providers:
- text you submit;
- photos of meals, labels, or food;
- related nutritional data and logs;
- relevant portions of your profile, goals, habits, and history; and
- instructions and technical context needed to generate a response.
These providers process information on our behalf or under their own terms and policies, depending on the service and configuration. We limit transmission to what we consider necessary to provide the requested feature and require appropriate contractual safeguards when they act as our processors or service providers.
Content submitted to AI features may be retained temporarily by providers for safety, abuse prevention, support, and legal compliance. Retention and use for model improvement depend on the provider and contracted configuration. We do not authorize a provider to use your personal information for advertising. Do not submit information that is unnecessary to use the feature.
AI-generated responses may be inaccurate, incomplete, or inappropriate. Do not make medical decisions based solely on them. Seek a qualified professional for individual guidance and emergency services when needed.
5. When we share information
We may share information only in the following circumstances:
a. Service providers
With companies that help operate the Services, including hosting and infrastructure, authentication (including WorkOS), artificial intelligence and text or image analysis, subscription management (RevenueCat), app stores (Apple and Google), support, communications, security, storage, and diagnostics. They receive only the information needed to perform their services and are subject to applicable contractual or legal obligations.
b. Legal process and safety
When we believe in good faith that disclosure is necessary to comply with law, regulation, court order, or a valid government request; protect rights, safety, and property; investigate fraud or abuse; or respond to an emergency.
c. Business transactions
In a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of the transaction, subject to this Policy and applicable legal requirements.
d. At your direction
When you request, authorize, or direct the disclosure.
We do not sell, rent, or trade your personal information. If our practices change, we will update this Policy and obtain consent where legally required.
6. Legal bases
Where the law requires a legal basis, we process information as applicable to:
- perform our contract and provide the Services you request;
- pursue legitimate interests such as security, fraud prevention, support, and service improvement, where those interests are not overridden by your rights;
- comply with legal obligations;
- protect vital interests; or
- act with your consent, particularly where sensitive personal information requires consent.
You may withdraw consent at any time without affecting earlier processing. Withdrawal may prevent features that depend on the information from working.
7. Retention
We retain information while your account is active and as needed to provide the Services, comply with legal obligations, resolve disputes, establish or defend legal claims, and maintain security and integrity. Retention periods vary based on the type and purpose of the information.
After a valid deletion request, we delete or de-identify covered information unless retention is required or permitted by law, including for tax, accounting, anti-fraud, security, and transaction-record obligations. Residual copies may remain in backups for a limited period and will be isolated from ordinary use until deleted under our backup cycle.
Information stored only on your device may need to be removed by you, including by uninstalling the app.
8. Security
We use reasonable technical, administrative, and organizational measures designed to protect information from unauthorized access, alteration, disclosure, or destruction. These include encrypted connections, secure on-device credential storage, and access controls. No system is completely secure, and we cannot guarantee absolute security.
You are responsible for protecting your device and credentials and notifying us if you suspect unauthorized account use.
9. International transfers
We and our providers may process information in countries other than where you live, including the United States. Those countries may have different data-protection rules. Where required, we use appropriate safeguards such as contractual clauses, adequacy decisions, or other legally recognized mechanisms.
10. Your rights and choices
Depending on where you live, you may have the right to:
- confirm whether we process your data and access it;
- correct incomplete, inaccurate, or outdated data;
- request deletion, de-identification, or restriction of processing;
- receive a portable copy, where applicable;
- learn with whom we share information;
- withdraw consent and receive information about the consequences;
- object to certain processing;
- request review of decisions based solely on automated processing that affect your interests; and
- complain to a competent data-protection authority.
To exercise a right, use the contact information in Section 13. We may request reasonable information to verify your identity and protect your account. We will respond within the period required by applicable law. You may appeal a refusal by contacting us again and requesting review.
You can also manage camera and photo permissions in device settings and manage or cancel subscriptions through Apple App Store or Google Play settings. Deleting the app does not automatically cancel a subscription or delete your account.
11. Children and teens
The Services are not directed to children under 13. If local law requires a higher age to consent to data processing, anyone below that age may use the Services only with valid authorization from a parent or legal guardian. We do not knowingly collect children's data contrary to these requirements. If you believe a child improperly provided data, contact us so we can investigate and delete it.
12. Changes to this Policy
We may update this Policy to reflect changes in the Services, providers, or law. We will post the updated version and revise the date at the top. For material changes, we will provide additional notice in the app, by email, or through another appropriate channel and request renewed consent where required.
13. Contact and data controller
Yes We Eat is the controller of personal information described in this Policy unless stated otherwise. For questions, privacy requests, or complaints, contact:
Email: privacy@yesweeat.com
Website: https://yesweeat.com
If you are in Brazil, this channel may also be used to contact the person responsible for privacy and exercise rights under Brazil's General Data Protection Law (LGPD). You may also complain to Brazil's National Data Protection Authority (ANPD).