Yes We Eat

Yes We Eat Privacy Policy

Last updated and effective: July 15, 2026

This Privacy Policy explains how Yes We Eat ("Yes We Eat," "we," "us," or "our") collects, uses, shares, and protects information when you use the Yes We Eat mobile application, website, and related services (collectively, the "Services").

By using the Services, you acknowledge the practices described in this Policy. If you do not agree, do not use the Services.

1. Summary

2. Information we collect

Depending on how you use the Services, we may collect:

a. Account and authentication information

Your name, email address, profile image, user identifiers, sign-in method, and technical information needed to maintain your session and secure your account. If you use social sign-in or another identity provider, we receive the information you authorize that provider to share.

b. Profile, health, and wellness information

Age, sex, height, weight, activity level, stated or estimated energy expenditure, weight goal, calorie deficit or surplus, food preferences or restrictions, habits, routine, and other information you choose to provide.

Some of this information may be considered sensitive personal information or health data in certain jurisdictions. We process it only to provide requested features, with consent or another applicable legal basis.

c. Content you provide

Messages and chat responses, meal logs, custom foods, photos taken with your camera or selected from your library, nutritional information, notes, and other content you submit to the Services.

Photos may contain additional information visible in the image. Yes We Eat does not need photo location metadata to analyze meals and does not request your precise location for that purpose.

d. Usage, device, and diagnostic information

We may collect information about access to and use of the Services, such as IP address, device and operating system type and version, app version, language, session identifiers, access dates and times, and error, security, and performance logs.

e. Subscriptions and payments

Subscriptions are processed by the Apple App Store or Google Play and managed with the assistance of RevenueCat. We do not receive or store your full payment-card number. We may receive purchase, product, and plan identifiers; subscription status; renewal or expiration dates; store country or region; and information needed to validate access to paid features. Your email address and a user identifier may also be associated with the subscription record.

f. Information stored on your device

We may locally store authentication tokens, preferences, recent messages, and copies of photos used in your journal to maintain your session and support the app interface. This information may remain on your device until removed by the app, uninstallation, or your actions.

3. How we use information

We use information to:

We do not use sensitive personal information for targeted advertising.

4. Third-party artificial intelligence

Some features rely on artificial intelligence models and services operated by third parties. To respond to a request, we may send these providers:

These providers process information on our behalf or under their own terms and policies, depending on the service and configuration. We limit transmission to what we consider necessary to provide the requested feature and require appropriate contractual safeguards when they act as our processors or service providers.

Content submitted to AI features may be retained temporarily by providers for safety, abuse prevention, support, and legal compliance. Retention and use for model improvement depend on the provider and contracted configuration. We do not authorize a provider to use your personal information for advertising. Do not submit information that is unnecessary to use the feature.

AI-generated responses may be inaccurate, incomplete, or inappropriate. Do not make medical decisions based solely on them. Seek a qualified professional for individual guidance and emergency services when needed.

5. When we share information

We may share information only in the following circumstances:

a. Service providers

With companies that help operate the Services, including hosting and infrastructure, authentication (including WorkOS), artificial intelligence and text or image analysis, subscription management (RevenueCat), app stores (Apple and Google), support, communications, security, storage, and diagnostics. They receive only the information needed to perform their services and are subject to applicable contractual or legal obligations.

b. Legal process and safety

When we believe in good faith that disclosure is necessary to comply with law, regulation, court order, or a valid government request; protect rights, safety, and property; investigate fraud or abuse; or respond to an emergency.

c. Business transactions

In a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of the transaction, subject to this Policy and applicable legal requirements.

d. At your direction

When you request, authorize, or direct the disclosure.

We do not sell, rent, or trade your personal information. If our practices change, we will update this Policy and obtain consent where legally required.

6. Legal bases

Where the law requires a legal basis, we process information as applicable to:

You may withdraw consent at any time without affecting earlier processing. Withdrawal may prevent features that depend on the information from working.

7. Retention

We retain information while your account is active and as needed to provide the Services, comply with legal obligations, resolve disputes, establish or defend legal claims, and maintain security and integrity. Retention periods vary based on the type and purpose of the information.

After a valid deletion request, we delete or de-identify covered information unless retention is required or permitted by law, including for tax, accounting, anti-fraud, security, and transaction-record obligations. Residual copies may remain in backups for a limited period and will be isolated from ordinary use until deleted under our backup cycle.

Information stored only on your device may need to be removed by you, including by uninstalling the app.

8. Security

We use reasonable technical, administrative, and organizational measures designed to protect information from unauthorized access, alteration, disclosure, or destruction. These include encrypted connections, secure on-device credential storage, and access controls. No system is completely secure, and we cannot guarantee absolute security.

You are responsible for protecting your device and credentials and notifying us if you suspect unauthorized account use.

9. International transfers

We and our providers may process information in countries other than where you live, including the United States. Those countries may have different data-protection rules. Where required, we use appropriate safeguards such as contractual clauses, adequacy decisions, or other legally recognized mechanisms.

10. Your rights and choices

Depending on where you live, you may have the right to:

To exercise a right, use the contact information in Section 13. We may request reasonable information to verify your identity and protect your account. We will respond within the period required by applicable law. You may appeal a refusal by contacting us again and requesting review.

You can also manage camera and photo permissions in device settings and manage or cancel subscriptions through Apple App Store or Google Play settings. Deleting the app does not automatically cancel a subscription or delete your account.

11. Children and teens

The Services are not directed to children under 13. If local law requires a higher age to consent to data processing, anyone below that age may use the Services only with valid authorization from a parent or legal guardian. We do not knowingly collect children's data contrary to these requirements. If you believe a child improperly provided data, contact us so we can investigate and delete it.

12. Changes to this Policy

We may update this Policy to reflect changes in the Services, providers, or law. We will post the updated version and revise the date at the top. For material changes, we will provide additional notice in the app, by email, or through another appropriate channel and request renewed consent where required.

13. Contact and data controller

Yes We Eat is the controller of personal information described in this Policy unless stated otherwise. For questions, privacy requests, or complaints, contact:

Email: privacy@yesweeat.com

Website: https://yesweeat.com

If you are in Brazil, this channel may also be used to contact the person responsible for privacy and exercise rights under Brazil's General Data Protection Law (LGPD). You may also complain to Brazil's National Data Protection Authority (ANPD).