Privacy Policy

Effective Date: January 21, 2026
Last Updated: January 21, 2026

1. Introduction

Welcome to Intolerance.app ("we," "our," or "us"). We are committed to protecting your privacy and handling your personal information with care. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, password
  • Profile Information: Dietary preferences, allergies, health goals
  • Authentication Data: OAuth tokens from Google/Apple

2.2 Health Data

With your explicit consent, we collect and process health-related information, including:

  • Food and Meal Logs: Ingredients, portions, timestamps
  • Symptom Logs: Type, severity, timing, descriptions
  • Analysis Results: Intolerance detection data and AI-generated insights
  • Photos of Meals: If you choose to upload them

2.3 Usage Data

  • Device Information: Type, operating system, unique identifiers
  • Usage Patterns: Features accessed, time spent, interactions
  • Log Data: IP address, browser type, access times
  • Analytics Data: Aggregated usage statistics

3. How We Use Your Information

  • Provide Services: Analyze your food and symptom data to identify potential food intolerances
  • Personalization: Customize your experience and provide personalized recommendations
  • Communication: Send you service updates, security alerts, and support messages
  • Improvement: Analyze usage patterns to improve our Service and develop new features
  • Security: Detect, prevent, and address technical issues and fraudulent activity
  • Compliance: Comply with legal obligations and enforce our terms

4. Data Processing and AI Analysis

We use artificial intelligence (AI) and machine learning technologies to analyze your food and symptom data. This processing includes:

  • Automated pattern recognition to identify potential food-symptom correlations
  • Natural language processing to understand meal descriptions and symptom reports
  • Image analysis to identify ingredients from meal photos (if provided)
  • Statistical analysis to calculate confidence scores for intolerance detection

All AI processing is performed in accordance with GDPR Article 22 requirements for automated decision-making. You have the right to request human review of any automated analysis results.

5. Data Sharing and Disclosure

We DO NOT sell your personal data to third parties.

We may share your information only in the following circumstances:

  • Service Providers: Third-party vendors who perform services on our behalf (cloud hosting, analytics, payment processing)
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share your information

We ensure all third-party service providers are contractually bound to protect your data and use it only for the purposes we specify.

6. Legal Basis for Processing (GDPR)

  • Consent (Article 6(1)(a) & Article 9(2)(a)): For processing health data and optional features
  • Contract Performance (Article 6(1)(b)): To provide our core services
  • Legitimate Interests (Article 6(1)(f)): For service improvement and security

For sensitive health data (Article 9 GDPR), we rely on your explicit consent obtained during registration.

7. Data Security

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Application-Level Encryption: Sensitive health data receives an additional encryption layer
  • Access Controls: Role-based access with multi-factor authentication
  • Regular Audits: Security assessments and vulnerability testing
  • Secure Backup: Disaster recovery procedures in place

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

8. Your Privacy Rights

8.1 GDPR Rights (EU/EEA Users)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for data processing at any time

8.2 CCPA Rights (California Users)

  • Know what personal information we collect and how it's used
  • Request deletion of your personal information
  • Opt-out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

How to Exercise Your Rights

  • In-App: Use account settings and privacy controls
  • Email: Contact us at the address below
  • Response Time: We respond within 30 days (GDPR) or 45 days (CCPA)

9. Data Retention

  • Active Accounts: Data retained while your account is active
  • Inactive Accounts: Data retained for 6 months after last activity, then archived
  • Deleted Accounts: Data permanently deleted within 30 days of account deletion request
  • Legal Requirements: Some data may be retained longer to comply with legal obligations

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection laws

11. Children's Privacy

Our Service is not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete such information.

12. Medical Disclaimer

IMPORTANT MEDICAL DISCLAIMER

  • This app is for informational purposes only and is not a substitute for professional medical advice
  • Always consult healthcare providers for medical concerns
  • Do not ignore or delay seeking medical advice based on app information
  • In medical emergencies, contact emergency services immediately

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last Updated" date, sending you an email notification, and displaying an in-app notification. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Privacy:

Support:

For EU/EEA users, you also have the right to lodge a complaint with your local data protection authority.