UseBite — Smart Nutrition Tracker
Last updated: 14 May 2026
UseBite is the data controller for the personal data described in this policy.
Contact for any privacy or data-protection request: support@usebite.app.
Where the UK or EU General Data Protection Regulation (UK GDPR / EU GDPR) applies to your use of UseBite, we rely on the following lawful bases under Article 6:
We collect only the minimum data required to deliver the service:
diagnostic_events table on Neon, retained for as long as needed for product debugging and periodically purged (see Section 13), accessed only by the developer. Web users are not subject to this stream. To opt out: sign out of the Android app, or delete your account (Settings → Account → Delete account), which removes all diagnostic_events rows by foreign-key cascade.If you attach a photo to a meal, the image is resized client-side (maximum 1024 px, JPEG quality 80) before any transmission, in line with the data-minimisation principle (Art. 5(1)(c)).
UseBite does not store food photos on its own servers. The image is streamed in-flight to one of our AI providers (see Section 5) for analysis, and the in-flight copy is discarded once the analysis is returned. We have no further access to that copy.
Our AI providers may briefly retain transmitted content for abuse-prevention, safety review, or quality-monitoring purposes per their own published terms. UseBite cannot delete content from a third-party provider's logs once transmitted; you can review each provider's retention practice directly:
UseBite relies on a small number of third-party processors. Where these processors are located outside the United Kingdom or European Economic Area, the transfer of personal data is covered by appropriate safeguards under Art. 46 GDPR (Standard Contractual Clauses, or, where applicable, the UK / EU−US Data Privacy Framework). Copies of the safeguards are available on request from support@usebite.app.
| Processor | Purpose | Country |
|---|---|---|
| xAI Inc. | Primary AI: meal & activity analysis, meal suggestions | USA (SCCs) |
| Google LLC | Secondary AI (Gemini, peer-review of estimates); Google Sign-In; AdMob (Android only); Google Play Billing (in-app credit-pack purchases on Android) | USA (DPF) |
| Anthropic PBC | Backup AI provider (used only on failover) | USA (SCCs) |
| Vercel Inc. | Web hosting, edge runtime, application logging | USA (DPF) |
| Neon Inc. | Postgres database (encrypted at rest) | USA (SCCs) |
| Hostinger International Ltd. | support@usebite.app mailbox | Lithuania (EU) |
| OpenStreetMap Foundation | Nominatim reverse-geocoding (only when you tap the optional “Use GPS” button) | UK |
| Stripe Inc. (planned — web) | Payment processing for credit-pack purchases on the web (not yet live; will be activated before any transaction). Android purchases are handled by Google Play Billing above. | USA (SCCs/DPF) |
Each provider operates under its own privacy policy and data-processing terms. We have data-processing agreements in place with each. We never sell, license, or share your meal, weight, activity or profile data with any third party for advertising or marketing purposes.
We may use the email address associated with your Google account to contact you about UseBite. Specifically:
All UseBite-related emails identify themselves as such, link back to this policy, and include clear instructions for opting out. To stop receiving any non-essential email (i.e. anything other than security and core-account notices), reply to any email or write to support@usebite.app; we will action your request without undue delay and at the latest within seven days. You may also delete your account at any time via Section 9 below, which removes you from all communications.
UseBite uses a small set of strictly necessary cookies for authentication and CSRF protection (set by NextAuth.js and, on the sign-in journey, by Google). These keep you signed in and prevent request forgery. Under the GDPR / ePrivacy Directive these are exempt from the consent requirement. We do not use analytics, advertising, or tracking cookies on the website.
If you are in the UK or EEA, you have the following rights under the UK / EU GDPR:
UseBite calculates your basal metabolic rate, total daily energy expenditure, daily calorie target, and projected weight change automatically from your profile and weight history. These calculations are suggestions, not decisions: you remain free to ignore, override, or use them alongside professional advice at any time. The optional minimum-calorie floor (default 700 kcal/day) is a configurable safety bound and not a recommendation.
We do not consider these calculations “solely automated decision-making” for the purposes of Art. 22 GDPR, because they produce no legal or similarly significant effect on you. If you disagree with this characterisation in your individual case, contact us and we will review.
The Android app uses Google AdMob to show a single optional rewarded video ad: when your in-app credits run out you can choose to watch an ad in exchange for additional credits. The ad is never auto-played, never appears anywhere else in the app, and watching it is always optional — you can also continue without ads by purchasing a credit pack.
When you choose to watch a rewarded ad, AdMob may collect on Google's side, in accordance with Google's ad-platform privacy policy:
In the EU, UK and Switzerland, the Android app shows a Google-provided consent form on first launch (using the User Messaging Platform) so you can choose between personalised and non-personalised ads. You can change this choice at any time by contacting support@usebite.app; an in-app re-prompt is on the planned roadmap. UseBite itself never sees the AAID, IP, or any ad-targeting signals — Google handles all of it. We only receive a confirmation that an ad was watched, which we use to credit your account.
The web version of UseBite (usebite.app) shows no advertising of any kind.
When you use the optional “Use GPS” button (in the meal logging flow on Android, or in Account → Settings on web), the device's coordinates (latitude / longitude) are sent server-side to OpenStreetMap Nominatim (about) to resolve them to a city / country name. Coordinates are not persisted by UseBite; only the lookup result (e.g. “Singapore, Singapore”) is stored. Don't want to send your coordinates? Don't press the GPS button — typing a country / city name into the Location field uses the AI-only path with no coordinates leaving the device.
Retention periods, by category:
Personal data is stored in an encrypted Postgres database hosted by Neon Inc. on dedicated infrastructure. Transport is encrypted via HTTPS. Authentication uses Google Sign-In with short-lived JWTs. We deploy security patches as upstream updates land. We will notify affected users and the relevant supervisory authority of any personal-data breach in accordance with Art. 33 / 34 GDPR.
UseBite is a personal nutrition-tracking tool, not a medical device. Calorie estimates, macro breakdowns, and weight projections are AI-generated approximations; they may be materially inaccurate and should not be relied on as a substitute for advice from a qualified medical or dietetic professional. AI cannot reliably detect allergens; never rely on UseBite to identify allergens or assess allergy-related risks.
UseBite is not suitable for, and should not be used by: anyone under the age of 18; anyone with a current or past eating disorder; anyone who is pregnant or breastfeeding; anyone with diabetes or another condition affecting metabolism; or anyone recovering from disordered eating. If any of these apply to you, please use a clinically supervised tool instead.
If you are struggling with food, weight, or body image, please speak to a doctor. Useful contacts: Beat (UK) 0808 801 0677, NEDA (US) text “NEDA” to 741741 (Crisis Text Line), Singapore SAMH 1800-283-7019.
UseBite is intended for adults aged 18 or over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has registered an account, please contact support@usebite.app and we will delete the account.
Use of UseBite is also governed by our Terms of Service, which sets out the licence to use the app, acceptable-use rules, AI-output disclaimer, limitation of liability, governing law, and refund policy. By using UseBite you agree to both this Privacy Policy and the Terms of Service.
We may update this Privacy Policy from time to time. Material changes will be notified through the app or by email; non-material changes will be reflected on this page with an updated date. We maintain an internal version identifier for each iteration of the policy, and each version you accept at onboarding is recorded against your account, so you have an audit trail of what you agreed to and when.
For questions, concerns, or any request relating to your data or privacy, please contact us at support@usebite.app. We aim to respond within 48 hours.