Privacy Policy

Effective date: May 24, 2026 · Last updated: May 24, 2026

This Privacy Policy explains how MacroChef collects, uses, and protects your personal data — including health and fitness data — inside the MacroChef mobile app on iOS and Android, on the macro-chef.app marketing site, and on any future web companion. We have tried to keep it short and human-readable. If anything is unclear, write to hello@macro-chef.app.

For cookies and storage used by the marketing website only (consent banner, Google Analytics 4 with consent), see the separate Cookie Policy.

On this page

Introduction & Identity of the Controller
Scope & Applicability
Definitions
Data We Collect
How We Use Your Data
Legal Basis (GDPR)
Third-Party Services & Sub-Processors
Health Data — Special Protections
Open Food Facts — Attribution
Data Retention
International Data Transfers
Your Rights
Account Deletion
Cookies & Similar Technologies
Security
Children's Privacy
Third-Party Content Rights
Changes to This Policy
Contact

1. Introduction & Identity of the Controller

MacroChef is a meal-prep and macro-tracking app for iOS, Android, and any future web companion. This policy explains what personal data we collect, why we collect it, how we use and protect it, and what choices you have.

Publisher (data controller): Codzilla Sàrl, Switzerland
Contact: hello@macro-chef.app
Data Protection Officer: as a small Swiss publisher, we are not required to formally appoint a Data Protection Officer under GDPR Article 37. For any privacy-related question or to exercise your rights, write to us at the address above.
Effective date: May 24, 2026
Last updated: May 24, 2026

This policy covers the MacroChef mobile app on iOS and Android, the marketing website at macro-chef.app, and any future web companion. Cookies and storage on the marketing website are detailed in our separate Cookie Policy.

2. Scope & Applicability

This policy applies to every user of MacroChef, anywhere in the world. We process the same categories of data wherever you live, but the rights and remedies available to you depend on your jurisdiction.

Regions explicitly covered:

European Union and European Economic Area — GDPR (Regulation (EU) 2016/679)
United Kingdom — UK GDPR and the Data Protection Act 2018
Switzerland — revised Federal Act on Data Protection (FADP / nLPD), in force since 1 September 2023
California, United States — CCPA / CPRA
Brazil — LGPD (we apply equivalent safeguards on request)
Other jurisdictions — we apply GDPR-grade protections as a global baseline. Local laws may grant additional rights, which we respect on request.

Out of scope:

Third-party websites or services linked from the app (such as Open Food Facts) — they operate under their own privacy policies.
App Store and Google Play purchase records and billing details — Apple and Google act as independent controllers for those transactions.
Anything that happens on your device but never leaves it (locally cached data that is never synced).

3. Definitions

Throughout this document:

"Personal data" — any information relating to an identified or identifiable individual.
"Processing" — any operation performed on personal data: collection, storage, use, transmission, deletion, and so on.
"Controller" — the entity that determines the purposes and means of processing. Here, Codzilla Sàrl.
"Processor" or "service provider" — a third party that processes personal data on our behalf under contract, following our instructions.
"Health data" or "special category data" — data revealing physical or mental health, defined in GDPR Article 9. In MacroChef this includes your weight, height, age, sex, activity level, and the calorie and macro targets derived from those inputs.
"You" or "User" — the individual using MacroChef.
"We", "us", or "MacroChef" — Codzilla Sàrl.
"Pro user" — a user with an active paid subscription. "Free user" — a user without a paid subscription.

4. Data We Collect

The categories below match what we declare on the App Store and Google Play. If we ever need to collect a new category, we will update this policy and (where required) ask for your consent before activating it.

4.1 Identity & account data

Email address, display name, optional first and last name, user UUID, optional avatar, and OAuth identifiers when you sign in with Apple or Google.

4.2 Health & fitness data (special category)

Weight, height, age, sex, activity level, goal (lose, maintain, gain), and the derived TDEE, daily calorie target, and macro targets. We process this category under your explicit consent obtained during onboarding (see §6 and §8).

4.3 User-generated content

Meal preps, custom recipes, favorited recipes, pantry items (including barcodes you scan), recipe customizations and notes.

4.4 Purchase data

Your subscription tier (Free or Pro) and the references needed to verify entitlement (via RevenueCat).

We never see your payment card details. Payments are handled entirely by Apple's and Google's billing systems.

4.5 Device & technical data

Anonymous device identifier (used by PostHog), operating system and version, device type, app version and build number, screen dimensions, and locale.

4.6 Usage & interaction data

Anonymous, aggregated events about how the app is used — launches, screen views, key actions in the prep builder, paywall views, subscription events, and similar. We maintain an internal analytics taxonomy of roughly two dozen event types; the full list is available on request at hello@macro-chef.app.

4.7 Camera data — barcode only

When you scan a product barcode, the camera processes the barcode in real time on your device. We do not store frames, photos, or video. Only the resulting barcode number is sent to look up the product in Open Food Facts (see §9).

4.8 What we do NOT collect

For clarity, MacroChef does not collect: precise location, contacts, microphone audio, biometrics, advertising identifiers (IDFA / AAID) for ad tracking, persistent search history, or crash reports tied to your identity. We do not currently use third-party crash reporting services such as Sentry or Crashlytics.

5. How We Use Your Data

5.1 App functionality

Account creation and authentication, profile management, meal-prep building, calorie and macro calculations, gating Pro-only features.

5.2 Personalization

Adjusting portion sizes to your TDEE and generating daily macro recommendations tailored to your personal targets.

5.3 Analytics & product improvement

Understanding which features are used, where users get stuck, and retention metrics — processed in PostHog Cloud (EU region).

No personal health values are ever sent to analytics. This is enforced architecturally in our codebase via an allow-list of analytics property keys that excludes every health field by construction.

5.4 Account management

Persisting your profile and syncing your subscription state across devices.

5.5 Security & fraud prevention

Row-Level Security at the database level, server-side receipt validation via RevenueCat, account recovery.

5.6 Legal compliance

Retention of purchase records for tax and accounting obligations (see §10).

5.7 Developer communications

We send only transactional emails — email verification, password reset, account deletion confirmation, critical security notices. We do not send marketing emails. If we ever introduce marketing communications, they will be strictly opt-in and you will be able to unsubscribe in one click.

6. Legal Basis (GDPR — EU / EEA / UK Users)

For users in the EU, EEA, and UK, each category of data is processed under a specific legal basis:

Data category	Legal basis
Account & identity (4.1)	Contract performance — Art. 6(1)(b) GDPR
Health & fitness data (4.2)	Explicit consent — Art. 9(2)(a) GDPR
User-generated content (4.3)	Contract performance — Art. 6(1)(b) GDPR
Purchase data (4.4)	Contract performance + Legal obligation — Art. 6(1)(b) and (c)
Device & technical (4.5)	Legitimate interest (security, stability) — Art. 6(1)(f)
Usage & interaction (4.6)	Legitimate interest (product improvement) — Art. 6(1)(f). You may object at any time — see §12.
Camera / barcode (4.7)	Contract performance — Art. 6(1)(b). Processed only when you actively scan.

Future marketing communications, if any, will be based on your separate opt-in consent under Art. 6(1)(a).

7. Third-Party Services & Sub-Processors

We use a small, carefully selected set of third parties to operate the service. Each acts under a Data Processing Agreement (DPA), except where they act as independent controllers (Apple and Google for billing).

Service	Role	Region	Privacy policy
Supabase	Authentication, Postgres database, storage, edge functions	EU	supabase.com/privacy
RevenueCat	Subscription management, receipt validation	United States	revenuecat.com/privacy
PostHog Cloud	Product analytics (anonymous)	EU (Frankfurt)	posthog.com/privacy
Apple	Sign in with Apple + App Store billing	Various — independent controller for billing	apple.com/legal/privacy
Google	Sign in with Google + Google Play billing	Various — independent controller for billing	policies.google.com/privacy
Open Food Facts	Barcode product lookup	Europe (France)	openfoodfacts.org/privacy
Marketing hosting & transactional email	Static site hosting and transactional emails	EU	Linked from macro-chef.app

These third parties are sub-processors acting on our behalf under DPAs, with the exception of Apple and Google for billing, who act as independent controllers for your purchase data.

8. Health Data — Special Category Protections (GDPR Art. 9)

Health and fitness data is given heightened protection by law and by us.

8.1 Why we collect it

We collect health and fitness data for one purpose only: to calculate your daily energy needs (TDEE) and the calorie and macro targets that drive the meal-prep recommendations. Without these inputs, the core function of the app cannot work.

8.2 Explicit consent

During onboarding, we ask for your explicit consent before collecting any health and fitness data. The consent is granular, separate from acceptance of the Terms of Use, and freely revocable.

8.3 How it is protected

TLS encryption for all data in transit
Encryption at rest, managed by Supabase
Row-Level Security in Postgres — your records are only readable by your own account
Health values are never sent to analytics — our codebase enforces an allow-list of analytics property keys that excludes every health field by construction

8.4 Not a medical device

MacroChef is a wellness app. It is not a medical device and provides no diagnosis, treatment, or therapeutic advice. The calculations are based on standard scientific formulas (such as Mifflin–St Jeor) but are not a substitute for professional medical or nutritional guidance.

8.5 Withdrawing consent

You can withdraw your consent at any time by deleting your account (see §13). Because health and fitness data is required for the app to function, partial removal isn't supported — withdrawing consent means closing the account.

9. Open Food Facts — Attribution & Data Source

Product information shown when you scan a barcode is provided by the Open Food Facts community database (world.openfoodfacts.org), an open project we are proud to rely on.

Source: Open Food Facts contributors
Licenses: product data is licensed under the Open Database License (ODbL); individual record contents under the Database Contents License (DbCL); product photographs under Creative Commons Attribution-ShareAlike 3.0
Terms: terms-of-use and legal
Accuracy disclaimer: OFF data is contributed by volunteers and may be incomplete or inaccurate. MacroChef does not guarantee accuracy. We encourage users to verify product information and contribute corrections directly through the Open Food Facts app or website.
No reverse data flow: MacroChef sends no user data to Open Food Facts. We only issue outbound GET requests with the barcode number to retrieve product information.

10. Data Retention

We keep your data for the shortest reasonable time consistent with the purpose:

Data	Retention period
Account profile and health data	While the account is active; deleted on account deletion
User-generated content (preps, recipes, pantry)	While the account is active; deleted on account deletion
Purchase records	10 years after the transaction, as required by Swiss accounting law (art. 958f Swiss Code of Obligations). After account deletion, kept as anonymized references.
Analytics events (PostHog)	24 months. Your `distinct_id` is reset (`posthog.reset()`) on account deletion, severing the link between past events and your identity.
Server logs and audit logs	30 days, then automatic rotation
Database backups	Per Supabase's standard policy (typically 7–30 days), then purged automatically

11. International Data Transfers

The primary processing region is the European Union: Supabase (EU) and PostHog Cloud (EU / Frankfurt) host your data inside the EU.

Some sub-processors operate in the United States (RevenueCat) or globally (Apple, Google). Transfers to these countries are protected by:

Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable
The EU–US Data Privacy Framework (adequacy decision of July 2023), where the receiving entity is certified
Contractual Data Processing Agreements with each sub-processor
TLS encryption in transit and encryption at rest

For users in Switzerland, equivalent safeguards apply under the revised FADP / nLPD, including the Swiss extension of the EU–US Data Privacy Framework where the recipient is enrolled.

12. Your Rights

You have the following rights regarding your personal data. To exercise any of them, write to hello@macro-chef.app. We respond within 30 days, as required by GDPR Article 12(3).

12.1 Right of access (Art. 15)

Request a copy of the personal data we hold about you.

12.2 Right to rectification (Art. 16)

Correct inaccurate data. Most fields can also be edited directly in the app (Profile → Edit).

12.3 Right to erasure (Art. 17)

Delete your account and the personal data associated with it — see §13.

12.4 Right to restriction (Art. 18)

Restrict how we process your data in certain situations.

12.5 Right to data portability (Art. 20)

Receive your data in a structured, machine-readable format (we export as JSON).

12.6 Right to object (Art. 21)

Object to processing based on legitimate interest — in particular, our use of usage analytics.

12.7 Right to withdraw consent (Art. 7(3))

Withdraw consent for health-data processing at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

12.8 Automated decision-making (Art. 22)

MacroChef's calorie and macro calculations are deterministic mathematical formulas, not "automated decision-making producing legal effects or similarly significantly affecting you" within the meaning of Art. 22. You can review every number the app shows; nothing is hidden behind an algorithm with binding effects.

12.9 Right to lodge a complaint

You can lodge a complaint with your local supervisory authority. Examples:

France — CNIL
Switzerland — FDPIC / PFPDT
United Kingdom — ICO
EU directory — EDPB members

12.10 California residents (CCPA / CPRA)

California residents have the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of "sale" or "sharing".

MacroChef does not sell or share personal information for cross-context behavioral advertising.

To exercise CCPA rights, email hello@macro-chef.app.

12.11 How to exercise your rights

Email hello@macro-chef.app from the address associated with your account, or provide other reasonable proof of identity. We respond within 30 days.

13. Account Deletion

You can delete your account at any time. This page mirrors the dedicated account-deletion information we publish for the App Store and Google Play.

13.1 In-app deletion

Profile → Settings → Delete account. The action is irreversible after a short confirmation step.

13.2 Email-based deletion

If for any reason the in-app flow is unavailable, email hello@macro-chef.app from the address tied to your account. We process the request within 30 days.

13.3 What gets deleted

Profile (email, name, avatar)
Health and fitness data
All meal preps, custom recipes, favorites, and pantry entries
Your avatar file from storage
PostHog identity is reset (posthog.reset())
RevenueCat profile is anonymized

13.4 What is retained (and why)

Purchase records — retained for 10 years as required by Swiss accounting law (art. 958f Swiss Code of Obligations), stored as anonymized references
Audit logs — retained 30 days for security and abuse investigation
Database backups — retained per Supabase's backup policy (typically 7–30 days), then purged automatically

13.5 Effect on subscriptions

Deleting your MacroChef account does not automatically cancel an active subscription on the App Store or Google Play. Cancel the subscription from your device's subscription settings before deleting your account.

14. Cookies & Similar Technologies

14.1 Mobile app

MacroChef does not use traditional cookies inside the app. Local persistence relies on AsyncStorage on iOS and Android for session tokens. PostHog uses a device-scoped $device_id for anonymous analytics; this identifier is reset when you delete your account.

14.2 Marketing website

For cookies used on the macro-chef.app website (consent banner, Google Analytics 4 with consent), see our separate Cookie Policy.

14.3 Opt-out

A future app setting will let you disable in-app analytics independently of account deletion. Until then, you can ask us to exclude your account from analytics by emailing hello@macro-chef.app.

15. Security

Security is taken seriously. Our current practices include:

In transit: TLS for all client–server communication
At rest: encryption managed by Supabase
Access control: Row-Level Security in PostgreSQL — each user's records are isolated at the database level
Authentication: Supabase Auth with bcrypt password hashing; OAuth via Apple and Google
Receipt validation: server-side, via RevenueCat
Architectural safeguard: analytics events pass through an allow-list that excludes every health field by construction

No system is perfectly secure. If we become aware of a personal data breach likely to result in a risk to your rights and freedoms, we will notify you within 72 hours, as required by GDPR Article 33.

16. Children's Privacy

MacroChef is intended for users aged 16 and over, consistent with the age ratings we declared on the App Store and Google Play.

We do not knowingly collect data from anyone under 16. If you believe a child under 16 has provided us with personal data, please contact hello@macro-chef.app and we will delete the account and associated data without undue delay.

For US users: COPPA forbids us from knowingly collecting data from children under 13 without verifiable parental consent. MacroChef is not directed at children and does not target users under 13.

17. Third-Party Content Rights

Recipes, ingredient catalog, and educational content in the app are created in-house or properly licensed; nothing is scraped from third-party recipe websites.
Ingredient illustrations and photographs are created in-house or licensed from declared sources.
Open Food Facts attribution is covered in §9.
User-uploaded avatars: you retain all rights to your image. By uploading, you grant MacroChef a limited, non-exclusive, revocable license to display the image within your account on your devices. The license terminates when you delete the avatar or your account.

18. Changes to This Policy

We may update this policy as the product evolves. The Last updated date at the top of this page reflects the latest revision. We will notify you in-app, and by email for material changes, before the change takes effect. Continued use after the effective date constitutes acceptance of the revised policy. Previous versions are available on request at hello@macro-chef.app.

19. Contact

For any privacy question, to exercise a right, or to reach us about anything in this policy:

Email — hello@macro-chef.app
Publisher — Codzilla Sàrl, Switzerland

← Back to MacroChef