Privacy Policy

This Privacy Policy describes how Fuel AI ("Fuel," "we," "us," or "our") collects, uses, stores, and shares information about you when you use the Fuel AI mobile application and website at fuelit.ai (collectively, the "Service").

We handle your data responsibly and in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and Apple's HealthKit and App Store privacy requirements.

We use the information we collect to:

• Create and manage your account;
• Personalise your calorie budget, macro targets, and nutritional recommendations;
• Power the AI meal scanning feature;
• Calculate "Fuel Earned" from your Apple Health activity data;
• Display your meal history, streak, and progress analytics;
• Enable social features including the feed, reactions, and friend connections;
• Send transactional emails (e.g., account confirmation, password reset);
• Monitor app performance, diagnose bugs, and fix crashes;
• Detect and prevent fraud or abuse of the Service;
• Comply with legal obligations;
• Improve the Service based on anonymised usage patterns.

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal grounds:

• Contract performance — Processing necessary to provide you the Service you signed up for (account management, meal logging, calorie tracking);
• Legitimate interests — Analytics, fraud prevention, app improvement, and security, where these do not override your rights;
• Consent — Apple HealthKit integration and any optional marketing communications (you may withdraw consent at any time);
• Legal obligation — Where required to comply with applicable law.

We do not sell your personal data. We share data only with the following service providers who process it on our behalf, under strict data processing agreements:

We may also disclose your information if required by law, court order, or government authority, or to protect the rights, property, or safety of Fuel AI, our users, or the public.

Fuel AI accesses Apple HealthKit data solely to calculate activity-based calorie adjustments within the app. We are committed to Apple's HealthKit guidelines and the following rules apply without exception:

• HealthKit data is never used for advertising or marketing purposes;
• HealthKit data is never sold or shared with data brokers or advertisers;
• HealthKit data is never used to build profiles for third parties;
• HealthKit data is only used for the health and fitness features you explicitly use within Fuel AI.

When you use the AI meal scanning feature, your food photo is sent to Google's Gemini API to generate a nutritional estimate. Photos are processed in real time and are not stored by Google for training purposes under our usage agreement. We store the resulting meal entry (name, calories, macros) in your meal log, but do not permanently store the raw photo on our servers beyond what is needed for your meal history display.

You can delete any meal log entry — and its associated photo — at any time from within the app.

Your username and any meals you choose to share are visible to your followers and may appear in the social feed. Reactions you receive are associated with your profile. Exercise caution about the personal information you include in meal names, notes, or photos you post socially.

You can control your social visibility in your account settings.

We retain your personal data for as long as your account is active or as needed to provide the Service. Specific retention periods:

When you delete your account, we delete or anonymise your personal data within 30 days, except where we are required by law to retain it.

We implement industry-standard security measures to protect your data, including:

• Encryption of data in transit (TLS/HTTPS) and at rest;
• Row-Level Security (RLS) on our Supabase database, ensuring users can only access their own data;
• Regular security reviews and dependency updates.

No internet-based service can guarantee perfect security. You are responsible for maintaining the confidentiality of your account credentials. Notify us immediately at support@fuelit.ai if you suspect any unauthorised access.

Depending on your location, you may have the following rights regarding your personal data:

• Right to Access — Request a copy of the personal data we hold about you.
• Right to Rectification — Request correction of inaccurate or incomplete data.
• Right to Erasure — Request deletion of your personal data ("right to be forgotten"). You can delete your account directly from the app's Profile screen.
• Right to Restrict Processing — Request that we limit how we process your data in certain circumstances.
• Right to Data Portability — Request an export of your data in a structured, machine-readable format.
• Right to Object — Object to processing based on legitimate interests.
• Right to Withdraw Consent — Where processing is based on your consent (e.g., HealthKit), you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at support@fuelit.ai with the subject line "Privacy Request." We will respond within 30 days. We may need to verify your identity before processing your request.

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know — The categories and specific pieces of personal information we collect, use, and share;
• Right to Delete — Request deletion of your personal information, subject to certain exceptions;
• Right to Opt-Out of Sale — We do not sell personal information, so this right does not apply;
• Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.

Categories of personal information collected in the past 12 months: Identifiers (email, username), internet or network activity (app usage), health and fitness data (meal logs, weight, HealthKit data), photos.

To submit a California privacy rights request, contact us at support@fuelit.ai.

Fuel AI is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@fuelit.ai.

Fuel AI is operated globally and your data may be stored and processed in countries outside your own, including the United States, where our infrastructure providers (including Supabase) operate. When transferring data from the EEA or UK to countries that do not have an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs).

We may update this Privacy Policy from time to time. For material changes, we will update the effective date at the top of this page and notify you via in-app notification or email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Email: support@fuelit.ai
• Website: fuelit.ai

For EEA/UK users, if you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your national data protection authority in the EU).