Privacy Policy
Last updated: April 2026
DiabEats is a decision-support tool, not a medical service. We do not collect or store any personally identifiable health information on our servers.
1. What We Collect
We collect only what is necessary to operate the app:
- App preferences — diabetes type, insulin use, carb targets, and reminder settings are stored locally on your device using secure on-device storage. They are never uploaded to our servers.
- Usage events — anonymous, non-identifiable events (e.g., "restaurant viewed", "meal logged") to help us improve the app. No personal information is attached.
- AI Assistant messages — text questions you send to the AI Assistant are transmitted to OpenAI to generate a response. They are not stored by DiabEats after the session ends.
- Menu scan images — photos you submit through the Scan Menu feature are transmitted to OpenAI's vision API to identify and analyse menu items. Images are not stored by DiabEats after the analysis is returned.
- Subscription status — managed by RevenueCat. We receive a subscriber ID but never your payment details.
2. What We Do Not Collect
- Your name, email address, or any contact information
- Precise GPS location (we request approximate location only for nearby restaurant suggestions, and this is never stored)
- Photos or camera images beyond on-device processing for the menu scanner
- Health records, blood glucose readings, or medical history
3. How We Use Your Information
Anonymous usage data is used solely to:
- Understand which features are most helpful
- Fix bugs and improve app performance
- Prioritize new restaurant and menu additions
We do not sell, rent, or share any data with advertisers or third-party marketers.
4. Third-Party Services
DiabEats uses the following third-party services, each with their own privacy policies:
- OpenAI — powers the AI Assistant and Scan Menu feature. Text questions, menu photos, and your dietary preferences (e.g., diabetes type, carb targets) are sent to OpenAI solely to generate personalised nutrition guidance. No name, Apple ID, or health records are included. Data is processed under OpenAI's privacy policy. User consent is obtained in-app before any data is transmitted.
- RevenueCat — manages in-app subscriptions per RevenueCat's privacy policy.
- Apple / Google — push notification tokens are managed by Apple (APNs) and Google (FCM) for daily reminders.
5. Data Retention
Your health preferences live entirely on your device and are deleted when you uninstall the app. Anonymous usage events are retained for up to 12 months for analytics, then deleted.
6. Children's Privacy
DiabEats is not intended for use by children under 13. We do not knowingly collect information from children.
7. Your Rights
Because we do not collect personally identifiable information, there is no personal profile to access, correct, or delete. If you have questions, contact us at the address below.
8. Changes to This Policy
We may update this policy occasionally. Significant changes will be communicated via an in-app notice. Continued use of DiabEats after changes constitutes acceptance of the updated policy.
9. Contact
Questions or concerns about this privacy policy? Email us at support@diabeatsapp.com.