Privacy Policy

Effective date: 2 May 2026

Last updated: 29 June 2026

This Privacy Policy describes how Envy Applications (ABN 95 927 268 876) (“we”, “us”, “our”) handles personal information when you use the Feed Me mobile application (“the App”). We handle personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). By using the App you agree to the practices described below.

If you have any questions, contact us at support@envyapplications.com.

1. Who we are

Feed Me is published by Envy Applications (ABN 95 927 268 876), based in Western Australia, Australia. This policy applies to the Feed Me iOS and Android apps and any related services we provide.

2. What we collect

We only collect what the App needs to work for you. We do not sell your personal data, and we do not run advertising or third-party tracking SDKs.

a. Account information

When you create an account we collect:

If you sign in with Apple’s “Hide My Email” option, we only ever see Apple’s private relay address. We never receive your real email in that case.

b. Profile and preferences

To personalise the experience you may provide:

These are stored under your account so they persist across devices.

c. App content you create

d. Photos you choose to use

If you take a photo to scan calories or upload a recipe image, that photo is:

  1. Resized and compressed on-device,
  2. Sent to our AI provider for analysis (calorie scanning, or reading a recipe from a screenshot you import) or stored in Firebase Storage under your account (recipe images), and
  3. Linked to your account so the data appears on your devices.

We never access your photo library in the background. You explicitly pick or capture each image.

e. Subscription information

If you subscribe to Feed Me Pro:

f. Diagnostic information

When the App encounters a crash or error we may send a report to Sentry that includes:

We do not capture your inputs, screen contents, or images in crash reports. You can request deletion of your error reports by emailing us.

g. Notifications

If you enable meal and activity reminders, we schedule those on your device only — they do not involve our servers.

Separately, if you opt in to Announcements & offers (off by default, under Settings → Notifications), we capture your device’s push notification token once you have granted notification permission, so we can send you occasional product news and offers. These announcements are delivered through the Expo push notification service, which relays them to Apple’s and Google’s push networks. You can switch announcements off at any time in Settings → Notifications, and your push token is removed when you delete your account.

h. Apple Health (HealthKit) — iOS only

If you connect Apple Health (an optional step you control), Feed Me, on your device:

Health data read from Apple Health is used only on your device to compute your calorie ring — it is never uploaded to our servers, shared with any third party, used for advertising or marketing, or sold. You can revoke Feed Me’s Health access at any time in iOS Settings → Health → Data Access & Devices, or turn the connection off inside the app (Settings → Apple Health).

i. Sensitive and health information

Some of the data above is sensitive information (also called special-category data in the UK and EU): your body metrics and weight log, your nutrition targets, your dietary preference (which can reveal a philosophical or religious belief), and the ingredients you choose to avoid (which can imply an allergy or medical condition). We collect this only with your consent — you provide it during onboarding or in Settings, and you can edit or remove it at any time. We use it only to run the App for you (calculating targets, filtering recipes and shopping lists). We never use it for advertising or marketing, and we never sell it. Apple Health data is handled separately and stays on your device (see 2h).

3. How we use your information

We use the data above to:

We do not sell your data, run third-party advertising or ad-tracking SDKs, or build advertising profiles about you. The only marketing we do is our own product announcements, which we send solely to people who have opted in.

4. Who we share data with

We share data only with the service providers required to run the App:

Provider Purpose Data shared
Google (Firebase) Authentication, database, storage Account info, app content, photos
Anthropic, PBC AI calorie scanning, recipe import, and recipe suggestions The image or text you submit for that request
Google Cloud (Vertex AI / Gemini) Transcribing a public cooking video when you import a recipe from a video link The video link you choose to import
A speech-to-text provider Transcribing the audio of a social post you import (when this feature is enabled) The media from the post you choose to import
A media-resolution provider Turning a social-post link into its media and caption for import (when this feature is enabled) The post link you choose to import
Social platforms (TikTok, YouTube, Meta) Retrieving a post’s public caption, title, and thumbnail when you import from them The post link you choose to import
Open Food Facts (France) Looking up a product when you scan a barcode The barcode you scan
RevenueCat, Inc. Subscription management Anonymised user ID, purchase events
Apple App Store / Google Play Subscription billing Handled directly by Apple or Google
Expo Delivering opt-in announcements Your push token and the announcement content
Sentry (Functional Software, Inc.) Crash and error reporting Anonymised user ID, error metadata

Each provider processes data under their own privacy policy and is contractually bound to use it only to provide the service to us. Several of the AI and social-import providers above are used only for the relevant import method, and some only when that feature is switched on.

We do not sell, rent, or trade personal data with anyone else. For the purposes of the California Consumer Privacy Act (CCPA/CPRA), we do not “sell” or “share” your personal information; the providers listed above act as our service providers under contract and may use your data only to perform services for us.

5. Where data is stored and overseas disclosure

Because most of our service providers are based in the United States (and one, Open Food Facts, in the European Union), your personal information is disclosed overseas. Under Australian Privacy Principle 8 we take reasonable steps to ensure these overseas recipients handle your personal information in line with the APPs. Each provider is contractually bound to use the data only to provide the service to us.

If you are in the UK, EU, or another region with cross-border transfer rules, your data may be transferred outside that region for the purposes above. We rely on equivalent safeguards (such as Standard Contractual Clauses) where required.

6. How long we keep data

When you delete your account from inside the app (Settings → Delete account), we immediately remove your profile, recipes, week plan, shopping list, nutrition and weight logs, meal and scanned-product history, cookbooks, push token, referral codes, and subscription entitlement record from Firebase, along with your authentication record. Backups are rotated within 30 days.

7. Your rights

Under the Australian Privacy Principles you have the right to:

To exercise any of these rights email support@envyapplications.com. We will respond within 30 days.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Users in the UK, EU, California, and other regions with their own privacy laws may have additional rights (including the right to object, restrict processing, or port data to another service). We honour those rights where they apply — email us using the address above.

8. Children

Feed Me is not directed at children under 13. We do not knowingly collect personal information from children under 13. Where local law sets a higher age of digital consent (for example, 16 in parts of the EU), we rely on that age instead. If you believe a child has created an account, contact us and we will delete it.

9. Security

We use industry-standard measures to protect your data:

No system is completely secure, so we cannot guarantee absolute security, but we work to reduce risk and respond quickly to any incident. If a data breach is likely to cause you serious harm, we will notify you and the Office of the Australian Information Commissioner as required by Australia’s Notifiable Data Breaches scheme (and, for users in the UK or EU, the relevant authority without undue delay).

10. Changes to this policy

If we change this policy materially we will notify you in-app and update the “Last updated” date above. Continued use of the App after a change means you accept the updated policy.

11. Contact

Envy Applications (ABN 95 927 268 876)
Western Australia, Australia
Email: support@envyapplications.com