Privacy Policy
Effective date: March 28, 2026
CraveBuddy (“we”, “our”, “us”) is a health and fitness recipe application. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use CraveBuddy (the “App”). By using the App, you agree to the practices described in this policy.
1. Information We Collect
We collect the following categories of personal information:
Account & Profile Data
- Name and email address (collected via our authentication provider, Clerk)
- Authentication data such as hashed passwords, OAuth tokens, and session information
Health & Fitness Data
- Weight, height, and age
- Dietary preferences and health/fitness goals
Usage Data
- App feature usage and interaction events (e.g., which features you use, whether you completed onboarding)
- Device and technical information such as IP address, approximate location (postal code), device type, operating system, and browser/app version — collected automatically by our analytics provider, PostHog
Device Permissions
- Camera: We request access to your device's camera to allow you to take photos within the App (e.g., food photos). Images are only accessed when you explicitly grant permission.
- Photo Library / Gallery: We request access to your device's photo library to allow you to select existing images for use within the App (e.g., for AI-powered picture generation). We do not access, scan, or upload photos beyond those you explicitly select.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the App and its features
- Personalize your experience, including tailoring recipes and meal plans to your dietary preferences, health goals, and body metrics
- Authenticate your identity and manage your account
- Manage subscriptions and in-app purchases
- Analyze usage patterns to improve the App's features and user experience
- Monitor and improve App performance and stability
- Communicate with you regarding your account, updates, or support requests
- Comply with legal obligations
3. Third-Party Service Providers
We use the following third-party services to operate the App. These providers act as data processors on our behalf and process your data only as necessary to provide their services:
| Provider | Purpose | Data Processed | Privacy Policy |
|---|---|---|---|
| Clerk | Authentication & user management | Name, email, password (hashed), OAuth tokens, session data | clerk.com/legal/privacy |
| PostHog | Product analytics | Feature usage events, IP address, approximate location, device information | posthog.com/privacy |
| RevenueCat | Subscription & in-app purchase management | Purchase history, subscription status, anonymous user identifiers | revenuecat.com/privacy |
| Apple App Store | Payment processing (iOS) | Payment and transaction data (handled entirely by Apple) | apple.com/legal/privacy |
| Google Play Store | Payment processing (Android) | Payment and transaction data (handled entirely by Google) | policies.google.com/privacy |
| Amazon Web Services (AWS) | Cloud hosting & data storage | All App data is stored on AWS infrastructure | aws.amazon.com/privacy |
We do not sell your personal data to any third party. We do not use your data for advertising or tracking across other apps or websites.
4. Data Storage & Security
Your data is stored on servers provided by Amazon Web Services (AWS). We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, and regular security reviews.
While we take reasonable steps to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with the App's services. If you delete your account, we will delete or anonymize your personal data within 30 days, unless we are required by law to retain it for a longer period.
Analytics data collected by PostHog is retained in accordance with PostHog's data retention policies and our configured retention settings.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data.
- Restriction: Request that we limit the processing of your data.
- Data Portability: Request a copy of your data in a structured, machine-readable format.
- Objection: Object to the processing of your data for certain purposes.
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, please contact us at support@cravebuddy.org. We will respond to your request within 30 days.
7. European Economic Area (EEA) & GDPR
If you are located in the European Economic Area, we process your personal data based on the following legal grounds:
- Contract performance: Processing necessary to provide the App's services to you (e.g., account management, personalized recipes).
- Legitimate interest: Processing necessary for our legitimate interests, such as improving the App and analyzing usage, where those interests are not overridden by your rights.
- Consent: Where we rely on your consent (e.g., for optional analytics or device permissions like Camera and Photo Library), you may withdraw consent at any time.
Some of our third-party service providers may transfer and process data outside the EEA (for example, in the United States). Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, in compliance with GDPR.
8. Children's Privacy
CraveBuddy is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information as soon as possible. If you believe a child has provided us with personal data, please contact us at support@cravebuddy.org.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the “Effective date” at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the App after any changes constitutes your acceptance of the updated policy.
10. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
CraveBuddy
Email: support@cravebuddy.org
Website: cravebuddy.org