Privacy Policy for Macroni

Last updated: 13 June 2026

This Privacy Policy explains what personal data the Macroni app ("Macroni", "the app", "we", "us") collects, why, how it is processed, who processes it on our behalf, and the choices and rights you have.

Macroni is a calorie- and macronutrient-tracking app. It is offered in English only and is available worldwide. Our core infrastructure is hosted in Europe.

1. Who we are

Data controller: Florin-Ciprian Savu

Contact: macroni@florinsavu.com

If you have any questions about this policy or want to exercise your privacy rights, write to us at the email above.

2. The short version

• You create an account with an email address and password.
• You log food entries, calorie and macro targets, and an optional display name. This is the data you put into the app, and it is stored on our database backend.
• We use a crash- and error-reporting service to keep the app stable. It is on by default, and you can turn it off in Settings → Privacy & Data.
• When you search foods or scan a barcode, the search term or barcode is sent to the Open Food Facts public food database. It is not linked to your identity.
• We do not sell your data, we do not show ads, and we do not use any marketing or tracking SDKs.
• You can export all your data and delete your account from within the app.

3. Data we collect

Account data

• Email address — to sign you in, confirm your account, reset your password, and let you change your email.
• Password — stored only in hashed form by our authentication provider. We never see or store your plaintext password.
• User ID — an internal unique identifier for your account.
• Account timestamps — when your account and records were created or updated.

Profile data

• Display name (optional) — shown in the app.

We do not collect a birthdate, and we do not collect a profile photo. Avatars are generated from your initials on your device; no image is uploaded or stored.

Food and nutrition data

For each food entry: calories, protein, carbs, fat, a food name or note, the entry mode, unit, serving count, per-unit macro values, and the date and time you logged it. We also store your daily macro goals (calories, protein, carbs, fat).

Operational records

• Export events — we record the time of each data export, only to enforce a rate limit (up to 3 exports per 24 hours) and to protect the service from abuse. We do not store the contents of exports.
• Disclaimer acceptances — when you accept the in-app "not medical advice" disclaimer, we record which version you accepted and when.

Diagnostics and crash reports (you can turn this off)

If crash reporting is enabled (it is on by default), our error-monitoring provider may collect error and crash details including stack traces and the state of the app when an error occurred, device and operating-system information, the app version, anonymous performance samples, and a session replay only at the moment an error occurs. We do not run always-on session recording, and we configure this provider not to attach default personal identifiers.

You can disable crash reporting at any time in Settings → Privacy & Data. Turning it off stops collection immediately.

Feedback you choose to send

If you use Settings → Send Feedback, we collect the message you write, along with your email address and display name so we can understand the context and reply. This is sent to our error-monitoring provider. Sending feedback is entirely voluntary.

Food search and barcode lookups

When you search for a food or scan a barcode, the search text or barcode number is sent to the Open Food Facts public database to look up nutrition information. These requests are not associated with your account. Only the query or barcode is sent, along with your device's IP address (inherent to any internet request) and a generic app identifier in the request. Public product results are stored in a shared, non-personal cache on our backend so lookups are faster for everyone; this cache holds product information only, never your personal data.

What we do not do

• No advertising or ad networks.
• No marketing, product-analytics, or tracking SDKs.
• No push notifications.
• No sale or sharing of personal data for behavioral advertising.
• No location tracking, no contacts access, no microphone access. The camera is used only to scan barcodes, on your device; no photos are captured or stored.

4. Why we process your data and our legal bases

Under the GDPR, we rely on the following legal bases:

• Providing your account and the core tracking features (account, profile, food log, macro goals) — performance of a contract (Art. 6(1)(b)).
• Sending account and security emails such as confirmation, password reset, and email change (email address) — performance of a contract (Art. 6(1)(b)).
• Keeping the app stable and fixing crashes (diagnostics) — our legitimate interest in a working product (Art. 6(1)(f)); you can opt out.
• Responding to feedback you send (message, email, name) — your consent and our legitimate interest (Art. 6(1)(a)/(f)).
• Looking up nutrition information you request (search term or barcode) — performance of a contract and legitimate interest.
• Enforcing export rate limits and protecting the service (export timestamps) — legitimate interest (Art. 6(1)(f)).
• Recording acceptance of legal disclaimers — legitimate interest and, where applicable, legal obligation.

5. Service providers

We use the following third-party services to run the app. Each processes data only as needed for its function.

• Supabase — authentication, database, and account/security emails. Processes your email, hashed password, user ID, profile, food log, macro goals, export timestamps, and disclaimer acceptances. Hosted in Zurich, Switzerland.
• Sentry — crash and error reporting, performance monitoring, and in-app feedback. Processes the diagnostics described in Section 3, and your feedback message, email, and name if you send feedback. Hosted in the European Union (Sentry's EU data region).
• Open Food Facts — public food and barcode database. Receives the search term or barcode plus your device's IP address, with no account identifier. Operated by a French non-profit association.
• Expo / EAS (Expo, Inc.) — app delivery and over-the-air updates. Update checks include your device IP, platform, and app version, with no account data. Operated from the United States via a content delivery network.
• Apple (TestFlight / App Store) — beta distribution and app delivery, handled under Apple's own privacy policy, which may include TestFlight feedback and any crash data you allow Apple to collect.

Account and security emails are sent through Supabase's built-in email service. We do not use a separate email provider.

6. International data transfers

The app is available worldwide, but our core infrastructure is hosted in Switzerland (database and authentication) and the European Union (error monitoring). If you use the app from elsewhere, your data is transferred to and processed in those regions. Where data is transferred to providers in other countries, such as the United States for app delivery, we rely on appropriate safeguards such as adequacy decisions or the providers' standard contractual clauses.

7. How long we keep your data

• Account, profile, food log, and macro goals: kept until you delete them or delete your account.
• Export timestamps: used only for a rolling 24-hour rate limit.
• Crash reports and feedback: retained by our error-monitoring provider according to its standard retention settings.
• Shared food and barcode cache: non-personal public product data only.

When you delete your account, your account and all data linked to your user ID (profile, food log, macro goals, export events, disclaimer acceptances) are removed through cascading deletion.

8. Your rights

Depending on where you live, including under the EU and UK GDPR, you have the right to:

• Access the personal data we hold about you.
• Export and portability — download all your data at any time via Settings → Privacy & Data → Export my data (JSON format).
• Rectification — correct inaccurate data.
• Erasure — delete your account and data from within the app via Settings → Delete account.
• Restriction and objection — including objecting to crash reporting using the toggle in Settings → Privacy & Data.
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with your local data-protection authority.

To exercise any right that is not self-service in the app, contact us at the address in Section 1.

9. Security

Passwords are hashed by our authentication provider and are never stored or visible in plaintext. Access to your records is enforced at the database level by row-level security, so each user can read and write only their own data. All data is transmitted over encrypted connections (HTTPS/TLS).

10. Children's privacy

Macroni is not directed at children and is intended for users aged 16 and over. We do not knowingly collect personal data from children under that age. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, by an in-app notice.