Effective date: April 24, 2026. Governing law: Province of Ontario, Canada.
When you create an account we collect your email address and, optionally, your first and last name.
To generate personalized nutrition targets we collect optional profile data including age, sex, height, weight, goal direction, activity level, and dietary restrictions. You may skip or update any of these at any time.
We collect food logs, meal photos (see below), workout logs, supplement entries, and in-app activity to power your insights and nudges.
With your permission, we read steps and sleep data from Apple Health (HealthKit). This data is transmitted to our servers solely to personalize your AI coach check-in. It is read at the time your daily message is generated and is not stored independently on our servers.
We store a push notification token for your device to deliver your daily AI coach check-in and reminders. You can disable notifications at any time in your device settings.
We may collect basic technical information such as device type, operating system version, and crash logs solely for the purpose of maintaining app stability.
Photos you capture are transmitted over an encrypted connection to our AI analysis providers (Anthropic and/or OpenAI) for the purpose of identifying food items and estimating nutritional content. Original full-resolution photos are not retained after analysis is complete. A compressed thumbnail is stored in our database linked to your food log entry for display purposes and is deleted when you delete the associated meal or your account.
We use your information to: (a) operate and improve the App; (b) generate personalized nutrition estimates, nudges, and insights; (c) calculate progress toward your stated health goals; (d) process subscription payments; (e) send you service-related and occasional product communications via email or push notification; and (f) comply with legal obligations.
We do not sell your personal information to third parties. We do not use your personal information for third-party advertising purposes.
We share data with the following processors only to the extent necessary to operate the App:
Each provider operates under its own privacy policy and data processing agreements. WhatYouAte is not responsible for the data practices of these third parties beyond the contractual safeguards in place.
We retain your data for as long as your account is active. You may delete your account and all associated data at any time using the "Delete account" option in your Profile. Upon deletion, your personal data is removed from our systems within a reasonable period, except where retention is required by law.
We use industry-standard security measures including encryption in transit (TLS) and encryption at rest to protect your data. No method of transmission over the internet is 100% secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security.
Depending on your location, you may have rights including: the right to access your personal data; the right to correct inaccurate data; the right to request deletion; the right to data portability; and the right to withdraw consent.
Canadian residents have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA). Residents of the European Economic Area have rights under the General Data Protection Regulation (GDPR). Residents of California have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information (we do not sell personal information). To exercise any of these rights, contact us using the information below.
WhatYouAte is operated from Canada. If you access the App from outside Canada, your information may be transferred to and processed in Canada. By using the App, you consent to this transfer. We take steps to ensure that data transferred internationally receives an adequate level of protection.
The App uses browser local storage to save preferences and cached data on your device. This data does not leave your device except as described in this policy. We do not use third-party tracking cookies or advertising trackers.
We may update this policy as the App evolves. Material changes will be communicated within the App. The effective date at the top of this page reflects the most recent revision. Continued use of the App after changes are posted constitutes acceptance of the revised policy.
For privacy inquiries, data requests, or any questions about this policy, contact us at: hello@minimul.app