Privacy Policy

Last Updated: May 4, 2026

Enchanting Labs Pte Ltd ("we," "us," or "our") operates the beforeibite mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not use the App.

1. Information We Collect

1.1 Account Information

When you create an account using Apple Sign-In, we collect:

  • Your email address (or relay address, if you choose to hide it)
  • Your name (if provided)
  • A unique authentication identifier from Apple

1.2 Health Data

With your explicit permission, the App reads and writes data through Apple HealthKit.

Data the App reads from HealthKit:

  • Date of Birth
  • Sex
  • Height
  • Weight
  • Active Energy (calories burned)
  • Resting Energy (basal metabolic rate)

Data the App writes to HealthKit:

  • Dietary Energy / Calories (from logged meals)
  • Protein (from logged meals)
  • Carbohydrates (from logged meals)
  • Total Fat (from logged meals)

We also collect profile data you provide during onboarding, such as your fitness goal (lose, maintain, gain) and activity level, to calculate daily nutrition targets.

1.3 Nutrition and Meal Data

When you use beforeibite's tracking features, the following data is created and stored locally on your device (and synced via iCloud if enabled). This data is not uploaded to or stored on our servers:

  • Photos of your meals (captured via camera or selected from your photo library), stored as thumbnails on-device
  • Food item details including name, portion size, calories, protein, carbohydrates, and fat
  • Meal timestamps and notes
  • Daily nutrition goals you set

When you analyze a meal, the photo or text description is sent to Google's Gemini API for nutritional estimation (see Section 3.1), but it is not stored on our servers. Barcode scan queries are sent to third-party food databases (see Section 3.1) but are likewise not stored by us.

1.4 Usage Data

We collect data about how you use the App's API services, including daily request counts for photo analysis, barcode lookups, label scans, and text food queries. This is used to enforce usage limits and monitor service health.

1.5 Crash and Performance Data

We use Firebase Crashlytics to collect crash reports, stack traces, and app performance metrics. This data helps us identify and fix bugs. Crashlytics may collect your device model, operating system version, and app state at the time of a crash.

1.6 Advertising Data

The free version of the App may display advertisements. Our advertising partners may collect device identifiers, advertising IDs, and general usage information to serve relevant ads. You can limit ad tracking through your device's privacy settings (Settings > Privacy & Security > Tracking on iOS).

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the App's core features, including calorie tracking and health data integration
  • Authenticate your identity and secure your account
  • Analyze meal photos and nutrition labels using AI to estimate nutritional content
  • Look up food items by barcode or text search
  • Sync your data across your Apple devices via iCloud
  • Enforce daily API usage limits
  • Display advertisements in the free version of the App
  • Monitor app stability and fix crashes
  • Improve and optimize the App

3. How We Share Your Information

3.1 Third-Party Service Providers

We share specific data with the following third-party services to provide App functionality:

  • Google Gemini API — When you photograph or describe a meal, or capture a nutrition label, we send the image (as encoded data) or text description to Google's Gemini API for nutritional analysis. Google's privacy policy governs their handling of this data.
  • Open Food Facts — When you scan a barcode, we query the Open Food Facts database. Our request includes the barcode number and a user-agent string.
  • USDA FoodData Central — As a fallback for barcode lookups, we query the USDA FoodData Central API with the barcode number.
  • Firebase Crashlytics (Google) — Crash reports and performance data are sent to Firebase Crashlytics. Google's privacy policy governs this data.
  • Apple CloudKit / iCloud — Your App data (profile, meal logs, nutrition goals) is synced through Apple's CloudKit service if iCloud is enabled on your device. Apple's privacy policy governs their handling of this data.
  • Advertising Partners — In the free version of the App, third-party ad networks may collect and use data as described in their respective privacy policies to display ads.

3.2 Authentication Providers

When you sign in with Apple, those providers process your authentication data according to their own privacy policies. We receive only the information listed in Section 1.1.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, such as a court order or government request.

3.4 No Sale of Personal Data

We do not sell your personal information to third parties.

4. Data Storage and Security

4.1 Where Your Data Is Stored

  • On your device: Health data, meal logs, nutrition goals, and meal photo thumbnails are stored locally using Apple's SwiftData framework within the App's sandboxed storage.
  • iCloud: If iCloud is enabled, local data is synced across your devices through Apple CloudKit.
  • Our servers: Account information (email, name) and API usage logs are stored on Cloudflare's infrastructure. Your authentication token is signed and verified server-side.
  • iOS Keychain: Your authentication token is stored securely in the iOS Keychain.

4.2 Security Measures

We use the following measures to protect your data:

  • All network communication uses HTTPS/TLS encryption, enforced by iOS App Transport Security
  • Authentication tokens are signed using HMAC-SHA256 and stored securely in the iOS Keychain
  • Server-side data is hosted on Cloudflare's edge infrastructure with their platform-level security protections
  • Each user can only access their own data through authenticated API requests with per-user database isolation
  • API endpoints enforce per-user daily rate limits and validate all input (file type, size, and query length)
  • The App runs within iOS's application sandbox, preventing other apps from accessing your data

4.3 Data Retention

  • Account data is retained on our servers for as long as your account is active.
  • Local App data (meal logs, nutrition goals) is retained on your device and in iCloud until you delete it.
  • API usage logs are retained for service monitoring and rate-limiting purposes.
  • Crash reports are retained according to Firebase Crashlytics' retention policies.

5. Your Rights and Choices

5.1 General Rights

You have the right to:

  • Access the personal data we hold about you
  • Delete your local App data using the "Reset Everything" option in the App's Settings
  • Control HealthKit access through your device's Settings > Health > beforeibite
  • Disable iCloud sync through your device's iCloud settings
  • Limit ad tracking through Settings > Privacy & Security > Tracking

5.2 Rights for European Economic Area (EEA) Residents

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR), including:

  • The right to request rectification of inaccurate personal data
  • The right to request erasure of your personal data ("right to be forgotten")
  • The right to restrict or object to processing of your personal data
  • The right to data portability
  • The right to withdraw consent at any time
  • The right to lodge a complaint with a supervisory authority

Our legal basis for processing your data is: (a) your consent (e.g., granting HealthKit or camera access), (b) performance of a contract (providing the App's services), and (c) our legitimate interests (improving the App, preventing abuse).

5.3 Rights for California Residents

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale of your personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

5.4 Exercising Your Rights

To exercise any of these rights, please contact us at the email address listed in Section 9. We will respond to verified requests within 30 days (or within the timeframe required by applicable law).

6. Apple HealthKit Data

We treat HealthKit data with special care in accordance with Apple's requirements:

  • HealthKit data is used solely to provide the App's nutrition tracking features.
  • We do not use HealthKit data for advertising or marketing purposes.
  • We do not share HealthKit data with third parties for advertising or marketing.
  • We do not sell HealthKit data.
  • HealthKit data is not sent to our servers. It is accessed and processed locally on your device.
  • You can revoke HealthKit access at any time through your device's Health settings.

7. Camera and Photo Library

The App requests access to your camera and photo library solely for the purpose of photographing or selecting images of your meals and nutrition labels for analysis. Meal photos are:

  • Processed locally to create thumbnail images
  • Sent to Google's Gemini API in encoded form for nutritional analysis
  • Stored locally as thumbnails within the App's data
  • Never shared publicly or with other users

You can revoke camera or photo library access at any time through your device's Settings.

8. Children's Privacy

The App is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete such information.

9. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Enchanting Labs Pte Ltd
Email: [email protected]

For data protection inquiries from the EEA, you may also contact your local data protection authority.