Skip to content

Privacy Policy

BiteSense Privacy Policy

Last updated: November 7, 2025

BiteSense (“BiteSense”, “we”, “us”, or “our”) provides a mobile app and related services that help people with food-related health conditions track what they eat and how they feel, and discover possible patterns between meals and symptoms.

This Privacy Policy explains how we collect, use, share, and protect your information when you use the BiteSense app, our website, and related services (collectively, the “Services”).

By using BiteSense, you agree to the collection and use of information in accordance with this Privacy Policy.

Important: BiteSense is not a medical device and does not provide medical diagnosis or treatment. The app is intended for informational and self-tracking purposes only and should not replace professional medical advice, diagnosis, or treatment.

1. Information We Collect

We collect several types of information to provide and improve BiteSense.

1.1 Account & Profile Information

When you create an account or update your profile, we may collect:

  • Email address
  • Password (stored as a secure hash via Supabase Auth)
  • Name
  • Gender
  • Birthdate or age range
  • Primary health condition(s) (e.g., EoE, IBS, celiac, etc.)
  • Condition frequency and severity context
  • Health goals and preferences
  • Known trigger foods
  • Suspected trigger foods
  • Flags for onboarding and tutorials (e.g., whether you completed app or premium tutorials)
  • Records of accepting our Terms of Service and Privacy Policy (timestamps and status)

1.2 Health & Usage Data You Log

Because BiteSense is a health-tracking app, we collect data that may be considered sensitive or health-related, including:

Meal Logs

  • Foods consumed (free-text food names)
  • Meal time and date
  • Location (as free text, not GPS)
  • Hunger level and/or fullness
  • Whether you ate with others
  • Meal grouping (e.g., breakfast, lunch, dinner, snack)
  • Nutritional information (calories, protein, carbs, fat) when available
  • Source of the log (e.g., quick log, full form, AI-assisted)

Symptom Records

  • Symptom descriptions
  • Severity (e.g., 1–5 scale)
  • Duration
  • Date and time of symptom
  • Optional link to a specific meal you believe may have caused the symptom

Elimination Diet & Goals

  • Foods or items you are eliminating (e.g., dairy, gluten, specific dishes)
  • Type of elimination (food, supplement, product)
  • Start and end dates
  • Duration and progress
  • Key symptoms you’re monitoring

Settings & Preferences

  • Daily calorie and meal goals
  • Notification preferences (e.g., reminders, streak motivation)
  • Reminder times and whether reminders are enabled
  • Various in-app settings (e.g., whether certain tutorials or tooltips have been completed)

1.3 AI Insights & Analysis Data

To power features like Trigger Finder, Safe Foods, Progress insights, and Doctor Reports, we collect and generate:

  • Aggregated meal and symptom history relevant to each analysis run
  • AI insight run metadata (date/time run, type of insight, status)
  • AI-generated analysis results and summary texts (e.g., possible trigger foods, likely safe foods, trends)
  • Embeddings and traits derived from your data (for example, vectors representing meals or symptoms, and trait labels such as “dairy”, “gluten”, “fried”, “ultra_processed”)

This information is stored in our database to show you insights over time and avoid recomputing everything from scratch on each run.

1.4 Images & Menu Scans

If you use camera or photo-based features, we may collect:

  • Photos of meals for food recognition and nutrition estimation
  • Photos of restaurant menus for menu analysis
  • AI-generated interpretations (e.g., identified foods, nutritional estimates, or safety flags)

Images may be sent to our AI provider (OpenAI) for analysis and, in some cases, temporarily stored or cached for performance or debugging. We do not use these images for marketing without your explicit consent.

1.5 Subscription & Billing Data

Paid/premium features are managed via Apple App Store / Google Play and RevenueCat. We do not store your full payment card information.

We receive from these services:

  • An app-specific user ID
  • Subscription status (active, trial, canceled, etc.)
  • Product identifiers and purchase history relevant to your subscription
  • Platform information (iOS/Android)

This allows us to determine whether you have access to premium features (such as doctor reports and advanced insights).

1.6 Device & Technical Information

Through our app infrastructure and third-party services (such as Supabase, Sentry, and Expo), we may collect:

  • Device type and model
  • Operating system and version
  • App version and build number
  • IP address and general network information
  • Error logs and crash data (stack traces, performance metrics)
  • Update/OTA check data

This information is primarily used for security, debugging, and ensuring compatibility.

1.7 Website Cookies & Web Tracking

On our website, we use cookies and similar technologies to:

  • Remember your preferences (e.g., cookie consent, language)
  • Understand how visitors use our site
  • Improve performance and user experience

Where required by law, we present a cookie banner and allow you to accept or manage non-essential cookies before they are used.

2. How We Use Your Information

We use your information to provide, maintain, and improve BiteSense. Specifically, we use it to:

Provide core app functionality

  • Create and manage your account
  • Log meals, symptoms, eliminations, and health context
  • Synchronize your data across sessions and devices

Generate AI-powered insights

  • Analyze correlations between meals and symptoms
  • Suggest possible trigger foods or patterns (e.g., “fried foods”, “French fries”, “dairy”)
  • Identify likely safe foods that appear well tolerated
  • Track elimination diet progress and effectiveness
  • Generate summary text for insights and doctor-friendly reports

Enable premium features

  • Validate subscription status via RevenueCat and app stores
  • Unlock premium logging, AI features, menu scanner, and doctor reports
  • Allow export or generation of summarized reports for your healthcare provider (for paying/premium users)

Improve and secure the Services

  • Monitor app performance and fix bugs
  • Detect, investigate, and prevent fraudulent or abusive behavior
  • Conduct analytics to understand feature usage and improve the user experience

Communicate with you

  • Send app notifications and reminders (if enabled)
  • Send important service updates or policy changes
  • Respond to your support requests and feedback

Comply with legal obligations

  • Maintain appropriate records
  • Respond to lawful requests by public authorities

3. AI and Data Processing

BiteSense relies heavily on AI to provide insights. We use OpenAI’s API and related services to process your data.

3.1 What We Send to AI Services

Depending on the feature, we may send to OpenAI:

  • Meal descriptions and food names
  • Symptom descriptions, severity, and timing
  • Links between meals and symptoms (e.g., “this meal was associated with this symptom”)
  • Elimination and trigger context (e.g., “user is avoiding dairy and gluten”)
  • Your health condition label (e.g., “EoE”, “IBS”)
  • Images you upload (meal photos, menu photos)
  • Derived data, such as nutritional information or trait labels

We do not send your email address or password to OpenAI. We only send the minimum data needed to generate the requested insight or analysis.

3.2 How AI Outputs Are Used

AI outputs may be:

  • Stored as insight results (e.g., trigger finder results, safe foods results)
  • Stored as embeddings or trait classifications (for better future analysis)
  • Used transiently to generate short narrative explanations (e.g., AI-generated text for your insights)

These outputs are used to power the app’s features and improve the quality of future analyses for you.

3.3 Third-Party AI Provider Terms

We use OpenAI’s API under their terms and policies. As of this policy’s date, OpenAI states that data sent via the API is not used to train their models by default. However, their policies can change, so we recommend reviewing OpenAI’s current Privacy Policy and Terms of Use if you have concerns.

4. Legal Basis for Processing (Where Applicable)

Where privacy laws such as the GDPR apply, we rely on one or more of the following legal bases:

  • Consent: When you provide health information and enable AI analysis features, you consent to our processing of that data to provide insights.
  • Contract: We process data necessary to provide the Services under our agreement with you (e.g., basic account, logging, and subscription features).
  • Legitimate Interests: We process certain data (e.g., aggregated analytics, app performance logs) to improve BiteSense, maintain security, and understand usage, in ways that do not override your rights and freedoms.
  • Legal Obligations: We may process or retain some information as required by law.

You can withdraw your consent for specific processing (e.g., AI insights) at any time by adjusting app settings or contacting us (subject to technical limitations).

5. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information. We share your data only in the following circumstances:

5.1 Service Providers

We use trusted third-party providers to operate BiteSense:

  • Supabase – Database, authentication, edge functions, and storage.
  • OpenAI – AI analysis and natural language processing.
  • RevenueCat – Subscription and entitlement management.
  • Sentry – Error tracking, crash reporting, and performance monitoring.
  • Expo / Apple / Google – App framework, build system, updates, and app distribution.

These providers process data on our behalf and are contractually obligated to protect your data and use it only for the services we request.

5.2 Aggregated & Anonymized Data

We may use your information in an aggregated and anonymized form (that does not identify you personally) to:

  • Analyze how people use BiteSense
  • Improve our features, algorithms, and user experience
  • Support research on food-related conditions and symptom patterns

In some cases, we may share such aggregated and anonymized information with trusted research partners (for example, universities or medical research institutions). This information does not include your name, email, or other direct identifiers and is not intended to identify any individual user.

If we ever wish to share information that could reasonably identify you, or involve you directly in a research study, we will ask for your explicit consent at that time.

5.3 With Your Explicit Consent

We may share your data with third parties when you explicitly ask us to do so, for example:

  • Generating and sending a doctor report that you choose to share with a health professional.
  • Exporting your data in a format that you then share.

We do not share your data with healthcare providers or anyone else unless you choose to do so.

5.4 Legal and Safety Requirements

We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to:

  • Comply with a legal obligation or valid legal process
  • Protect and defend our rights or property
  • Protect the personal safety of BiteSense users or the public
  • Protect against legal liability or prevent fraud/abuse

6. Data Security

We take data security seriously and implement reasonable technical and organizational measures to protect your information, including:

  • Encryption of data in transit and at rest where supported by our providers (e.g., Supabase)
  • Secure authentication and session management via Supabase Auth
  • Limited access to personal data by authorized team members only
  • Use of reputable third-party infrastructure providers with strong security practices
  • Regular updates and monitoring to mitigate security vulnerabilities

No method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security, but we aim to follow industry best practices.

7. Data Retention and Deletion

7.1 Retention

We retain your personal and health data for as long as your account is active and as necessary to provide the Services.

We may retain certain information for a limited period after account deletion:

  • To comply with legal, tax, or regulatory requirements
  • To investigate or resolve disputes
  • In backup or archived copies that are difficult to remove immediately

Where possible, we will either delete or anonymize your data when it is no longer needed.

7.2 Account Deletion

You can request deletion of your account and associated data via the app or by contacting us.

When we delete your account:

  • Your authentication record (email and login credentials) are removed from our auth provider.
  • Core health and usage data tied to your user ID (meals, symptoms, eliminations, profile, and related embeddings/traits) are scheduled for deletion from our primary database.
  • Some technical logs, backups, or anonymized/aggregated data may remain for a limited time but are no longer linked to your identity.

We are continually improving our data deletion processes to ensure that personal data is removed comprehensively and safely.

8. Your Rights and Choices

Depending on your location and applicable laws, you may have the following rights:

  • Access – Request a copy of the personal data we hold about you.
  • Correction – Ask us to correct inaccurate or incomplete information.
  • Deletion – Request deletion of your personal data (subject to our legal obligations).
  • Restriction – Ask us to restrict processing of your data in certain circumstances.
  • Portability – Request your data in a structured, commonly used, and machine-readable format.
  • Objection – Object to certain types of processing (e.g., direct marketing or some forms of analytics).
  • Withdraw Consent – If processing is based on your consent, you can withdraw that consent at any time.

You can exercise many of these rights directly in the app (for example, by editing your profile, updating settings, or requesting account deletion). For other requests, please contact us at info@bitesense.app.

We may need to verify your identity before responding to certain requests.

9. Children’s Privacy

BiteSense is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you believe that a child under 13 has provided us with personal information, please contact us at info@bitesense.app, and we will take steps to delete such information.

10. International Data Transfers

We are based in Ontario, Canada, but we may store and process your information in other countries where our service providers operate.

These countries may have different data protection laws than your country of residence. Where required, we take steps to ensure that appropriate safeguards are in place for such transfers (for example, contractual commitments).

By using BiteSense, you understand that your information may be transferred to and processed in countries outside of your own.

11. Permissions on Your Device

The BiteSense app may request certain permissions from your device, including:

  • Camera – To take photos of meals and menus for AI analysis.
  • Photo Library / Media – To select existing images for meal or menu analysis.
  • Notifications – To send reminders, streak motivation, and important updates.

You can control these permissions in your device settings at any time. Denying permissions may limit the functionality of certain features (for example, camera-based menu scanning).

We do not request or use GPS location, contacts, or microphone access for core app functionality.

12. Not a Medical Device / No Medical Advice

BiteSense is designed to help you log data and observe potential patterns between foods and symptoms. However:

  • BiteSense is not a medical device.
  • BiteSense does not provide medical diagnosis, treatment, or cure.
  • AI insights and patterns suggested by the app may be incomplete, approximate, or incorrect.

You should always consult a qualified healthcare provider before making any medical decisions, changing your treatment, or starting/stopping medications or elimination diets based on information from the app.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make changes:

  • We will update the “Last updated” date at the top of this page.
  • In some cases, we may notify you in the app or by email.

Your continued use of BiteSense after any changes to this Privacy Policy constitutes your acceptance of the revised Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: info@bitesense.app

Jurisdiction: This Privacy Policy is governed by the laws of the Province of Ontario, Canada.