At Mindroot Ltd, we value your privacy and are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable international data protection laws. This Privacy Policy explains how we collect, use, store, and protect your data when you use our AskBite app, which helps you analyze foods based on prompts, including glycemic index and calorie tracking. AskBite is available worldwide, and we ensure compliance with data protection standards globally.

—

1. Who We Are

We are Mindroot Ltd, a company registered in England and Wales with registration number 16543299 and registered office at 71-75 Shelton Street, London, England, WC2H 9JQ. We are registered with the Information Commissioner’s Office (ICO) with registration reference ZB958997. You can contact us at [email protected].

2. What Data We Collect

We collect the following personal data when you use AskBite:

• Email Address: To create and manage your account, send service-related communications, and process subscriptions.
• Password: Stored securely using Argon2 hashing to authenticate your account.
• Food Tracking Data: Information you input about foods (e.g., prompts for glycemic index and calorie analysis), stored to provide personalized tracking features.
• Payment Information: When you subscribe to AskBite, our third-party payment processors (RevenueCat, Stripe, Apple In-App Purchase, or Google In-App Purchase) collect and process your payment details (e.g., card information or app store account details). We do not store your payment details ourselves.
• Usage Data: Automatically collected data, such as your IP address, device type, browser, and how you interact with AskBite, to improve our services.
• AI Interaction Data: Data processed by our third-party AI technology providers to analyze food prompts and generate results (e.g., glycemic index, calories). This data is processed securely and not stored by the AI provider for training purposes.

3. How We Use Your Data

We use your data to:

• Provide and maintain the AskBite app, including analyzing food prompts and tracking glycemic index and calories.
• Authenticate your account and ensure its security.
• Process subscription payments via RevenueCat, Stripe, Apple In-App Purchase, or Google In-App Purchase.
• Send you service-related updates (e.g., account confirmation, password reset).
• Improve AskBite’s functionality and user experience through usage data analysis.
• Comply with legal obligations, such as responding to ICO or other regulatory requests.

4. Our Lawful Basis for Using Your Data

We process your data based on the following lawful bases under UK GDPR:

• Contract: To provide the AskBite service as per our agreement with you (e.g., account management, food tracking, payment processing).
• Consent: For optional features, such as marketing emails (you can opt out at any time).
• Legitimate Interests: To improve our app and ensure its security (e.g., analyzing usage data).
• Legal Obligation: To comply with laws, such as maintaining records for ICO compliance or global data protection regulations.

5. How We Store and Protect Your Data

• Storage: Your data is stored securely on Supabase, a PostgreSQL-based database hosted in [Insert Supabase Region, e.g., EU, if known]. Passwords are hashed using Argon2, a secure hashing algorithm.
• Third Parties: We use the following third-party services:
  • RevenueCat: Manages subscriptions and integrates with Stripe, Apple In-App Purchase, and Google In-App Purchase for payment processing. These providers comply with UK GDPR, PCI-DSS, and app store data protection standards. We do not store payment details ourselves.
  • Database Provider: Stores your email, hashed passwords, and food tracking data securely.
  • AI Technology Providers: Process food prompts to generate analysis results. We ensure these providers do not use your data for training or other purposes beyond providing the service.
  • We do not share your personal data with other third parties unless required by law.
• Retention: We keep your email address and food tracking data for as long as your account is active. If you delete your account, we retain data for up to 12 months to comply with legal obligations, after which it is securely deleted. Payment data handled by RevenueCat, Stripe, Apple, or Google is retained per their respective policies.
• Security: We use industry-standard encryption and security measures to protect your data from unauthorized access, loss, or misuse. Supabase and our AI providers adhere to strict security standards.

6. International Data Transfers

AskBite is available worldwide. If you use AskBite from outside the UK, your data may be transferred to servers in the UK or other regions (e.g., EU for Supabase). We ensure that any international data transfers comply with UK GDPR through appropriate safeguards, such as Standard Contractual Clauses or adequacy decisions, where applicable.

7. Your Rights

Under UK GDPR and applicable international laws, you have the following rights regarding your personal data:

• Access: Request a copy of the data we hold about you.
• Rectification: Ask us to correct inaccurate data.
• Erasure: Request deletion of your data (subject to legal obligations).
• Restriction: Ask us to limit how we use your data.
• Portability: Request your data in a machine-readable format.
• Object: Object to certain uses of your data (e.g., marketing).
• Withdraw Consent: Withdraw consent for data processing where applicable.

To exercise these rights, contact us at [email protected]. We will respond within one month, as required by UK GDPR. If you’re unhappy with our response, you can lodge a complaint with the ICO (www.ico.org.uk) or your local data protection authority.

8. Cookies and Tracking

AskBite uses cookies to improve your experience (e.g., remembering your login). You can manage cookie preferences via your browser settings. We do not use cookies for advertising or third-party tracking.

9. Third-Party Links

AskBite may include links to third-party services (e.g., RevenueCat, Stripe, Apple, Google). We are not responsible for their privacy practices. Please review their policies before providing personal data.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or within the app.

11. Contact Us

For questions or concerns about this Privacy Policy, contact us at [email protected] or write to 71-75 Shelton Street, London, England, WC2H 9JQ.