Foddie
EN / FR

Legal

Privacy Policy

Last updated: April 22, 2026

Foddie handles sensitive health data. We collect only what is necessary to provide the service, we never sell your data, and you can delete everything at any time from the app settings.

1. Who We Are

Foddie is an independent application based in Portugal.
Contact: [email protected]

Foddie is a mobile application that helps people with IBS and SIBO track their meals, symptoms, and gut health patterns, and provides AI-powered analysis to identify dietary triggers.

2. Data We Collect

Account data

When you create an account: email address, hashed password, and preferred language.

Health and diary data

Data you actively enter into the app: meal logs, food items, symptoms (bloating, pain, transit), stress levels, and personal notes. This constitutes health data — a special category of personal data under GDPR Article 9 — and is processed only with your explicit consent.

Usage data

Anonymised technical data to improve the app: session duration, feature usage patterns, crash reports. No personal identifiers are attached to this data.

Subscription data

Subscription billing is handled entirely by Apple App Store or Google Play. We receive only an anonymised purchase confirmation token to verify your subscription status. We never see your payment card details.

3. How We Use Your Data

Purpose Legal basis (GDPR)
Providing the Foddie service (diary, analysis, programs) Contract performance — Art. 6(1)(b)
Processing health data for AI-powered insights Explicit consent — Art. 9(2)(a)
Improving the app via anonymised analytics Legitimate interest — Art. 6(1)(f)
Sending service notifications (if opted in) Consent — Art. 6(1)(a)
Legal compliance and fraud prevention Legal obligation — Art. 6(1)(c)

4. Third-Party Services

We use the following third-party providers to operate the service:

  • Supabase — Database and authentication. Your diary and account data is stored on Supabase infrastructure. Supabase Privacy Policy
  • RevenueCat — Subscription management. Processes anonymised purchase tokens to validate your subscription. RevenueCat Privacy Policy
  • Apple App Store / Google Play — Subscription billing. Payments are processed exclusively by Apple or Google under their respective privacy policies.
  • Anthropic — Powers the analysis engine. Health diary data shared for analysis is used solely to generate your personal insights and is not used to train third-party AI models.

5. Data Transfers Outside the EU

Some of our service providers (including Supabase and RevenueCat) may store or process data outside the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

6. Data Retention

  • Account and diary data is retained for as long as your account is active, then permanently deleted within 30 days of account deletion.
  • Anonymised analytics data is retained for up to 24 months.
  • You can delete your account and all associated data at any time from the app settings (Settings > Account > Delete account).

Important: Uninstalling the app does not delete your data from our servers. You must delete your account from within the app to remove your data.

7. Your Rights

As a resident of the European Union, you have the following rights regarding your personal data:

  • Access — request a copy of all data we hold about you
  • Rectification — correct any inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — ask us to limit how we process your data
  • Portability — receive your data in a portable, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Portuguese data protection authority, the CNPD (Comissão Nacional de Proteção de Dados): www.cnpd.pt

8. Children

Foddie is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via an in-app notification before they take effect. The "Last updated" date at the top of this page always reflects the most recent version.

10. Contact

For any privacy-related questions or requests:
Foddie
[email protected]