Privacy Policy for Diet Watch

Effective Date: March 20, 2026

Ascend Data LLC ("Ascend Data," "we," "our," or "us") operates the Diet Watch mobile application (the "App"). This Privacy Policy explains how we collect, use, store, and protect information when you use the App.

By using Diet Watch, you agree to the practices described in this Privacy Policy.

1. Information We Collect

a. Account Information

An account is required to use Diet Watch.

When you create an account, we collect:

- Email address (required)

- Authentication credentials, stored securely using access and refresh tokens

We do not collect names, phone numbers, profile photos, or other personal profile information.

b. Health & Dietary Preference Data

You may provide:

- Dietary restriction preferences, entered using structured fields (e.g., Low-FODMAP, SCD, Low-Residue)

- AI analysis results, including which menu items are rated as safe, caution, or avoid, along with identified trigger ingredients

Dietary preferences and AI results are associated with your account and are visible only to you. While this data relates to dietary health, it is treated as user-provided preference data and is not classified as protected health information under HIPAA.

c. Photos

When you use the menu scanning feature, you provide:

- Images of restaurant menus captured via your device camera or selected from your photo library

Images are resized and compressed on your device before being transmitted for analysis. Menu images are stored on our servers as part of your scan history so you can review past analyses.

d. Location Data

If you grant location permission, we collect:

- Precise location (GPS coordinates) to identify nearby restaurants and provide location-based restaurant suggestions

Location access is optional. The App will request your permission before accessing location data. You can revoke this permission at any time through your device settings. If you decline, you can still use the App by searching for restaurants manually.

Location coordinates are transmitted to our servers to retrieve nearby restaurant data and are cached locally on your device for performance. Location data is also sent to Google Places API to retrieve restaurant information (see Section 3).

e. Restaurant and Community Data

When you link a menu scan to a restaurant:

- The restaurant name and identifier are associated with your scan

- Analysis results may be used to indicate to other users that a restaurant has menu data available

- Your personal identity is not shared with other users

f. Usage Data

We collect basic usage data, including:

- Feature usage and interaction timestamps

- Scan history metadata (date, restaurant name, protocols used)

g. Identifiers

We assign and store:

- A unique user ID (UUID) linked to your account

- Authentication tokens stored securely in your device's Keychain

2. Information We Do Not Collect

We do not collect:

- Names or physical addresses

- Phone numbers

- Payment or financial information

- Advertising identifiers

- Cross-app or third-party tracking data

- Crash reports or diagnostics

- Contacts, browsing history, or search history outside the App

3. Third-Party Services and Data Sharing

Diet Watch uses the following third-party services to provide core functionality:

a. Anthropic Claude API (AI Analysis)

When you scan a menu, we transmit the following to Anthropic's API:

- Menu images (base64-encoded)

- Your selected dietary restriction protocols

Anthropic processes this data to generate menu item analysis results. We have configured our usage so that:

- Data is not used to train Anthropic's models

- Data is processed transiently by Anthropic and not retained by them

For more information, see Anthropic's privacy policy at https://www.anthropic.com/privacy.

b. Google Places API (Restaurant Discovery)

When you search for or browse nearby restaurants, we transmit the following to Google:

- Your GPS coordinates (if location permission is granted)

- Restaurant search queries

Google returns restaurant information including names, addresses, ratings, and place identifiers. For more information, see Google's privacy policy at https://policies.google.com/privacy.

c. Amazon Web Services (AWS)

Our backend infrastructure, including databases and servers, is hosted on AWS. All user data described in this policy is stored on AWS infrastructure.

We do not sell, rent, or share your personal data with third parties for advertising, marketing, or data brokerage purposes.

4. How We Use Your Information

We use collected information solely to:

- Authenticate and manage your account

- Analyze menu images using artificial intelligence

- Compare menu items against your dietary preferences

- Display analysis results and scan history

- Provide location-based restaurant suggestions

- Enable community restaurant data contributions

- Maintain, secure, and improve the App

We do not use your data for advertising, profiling, or marketing purposes.

5. App Store Privacy Label (Apple App Privacy Details)

In accordance with Apple's requirements, the following summarizes our data practices:

Data Linked to You:

- Contact Info: Email address

- Health & Fitness: Dietary restriction preferences

- Location: Precise location (optional, with permission)

- User Content: Photos (menu images)

- Identifiers: User ID

Data Not Linked to You:

- Usage Data: Product interaction timestamps

Data Used to Track You:

- None. We do not track users across third-party apps or websites.

6. Data Storage and Retention

- Menu images: Stored on our servers as part of your scan history for as long as your account is active. You may delete individual scans at any time.

- Dietary preferences and analysis results: Stored while your account is active.

- Location data: Cached temporarily on your device for performance. Not permanently stored on our servers.

- Scan history: Stored while your account is active. Individual scans can be deleted by you at any time.

- Account data: Hosted on AWS infrastructure.

Data is retained for as long as your account remains active or as needed to provide the service.

7. Data Deletion

You may:

- Delete individual scan history records within the App

- Delete individual bookmarks within the App

- Edit or remove dietary preferences at any time

- Delete your account at any time

When an account is deleted, all associated user data -- including scan history, preferences, bookmarks, and analysis results -- is permanently deleted from our systems.

8. Data Security

We implement the following security measures:

- Authentication tokens are stored in your device's secure Keychain

- Passwords are hashed before storage (never stored in plain text)

- Refresh tokens are rotated and can be revoked

- Token expiration is enforced

We use reasonable administrative, technical, and organizational safeguards to protect user data. However, no method of electronic transmission or storage is completely secure.

9. Health & Medical Disclaimer

Diet Watch is not a medical device, service, or diagnostic tool and does not provide medical advice, diagnosis, or treatment.

- Dietary restriction data is treated as user-provided preference data

- AI analysis results are inferences and may not be 100% accurate

- Always verify with restaurant staff before consuming food, especially for severe allergies

- The App does not replace professional medical or dietary guidance

- Consult a qualified healthcare professional for medical advice

The App is not subject to HIPAA and does not store protected health information (PHI) as defined under HIPAA.

10. Children's Privacy

Diet Watch is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

11. Your Privacy Rights

a. GDPR (EEA Users)

If you are located in the European Economic Area, you have the right to:

- Access your personal data

- Request correction of inaccurate data

- Request deletion of your data

- Restrict or object to processing

- Data portability

b. CCPA / CPRA (California Residents)

If you are a California resident, you have the right to:

- Know what personal data is collected and how it is used

- Request deletion of your data

- Opt out of the sale or sharing of personal data

We do not sell or share personal data as defined under the CCPA/CPRA.

c. How to Exercise Your Rights

To exercise any of the above rights, contact us at support@ascenddata.net. We will respond to verified requests within the timeframes required by applicable law.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the App or posted on our website with a revised effective date. Your continued use of the App after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, contact:

Ascend Data LLC

Email: support@ascenddata.net

(c) Ascend Data LLC. All rights reserved.