Privacy Policy

1. Introduction

Welcome to FoodTrack. This Privacy Policy explains how Helihool Tech OÜ ("we," "our," or "us"), an Estonian company (registration number 16769286), collects, uses, discloses, and safeguards your information when you use our FoodTrack application and related services.

By using FoodTrack, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy and ensuring the security of your personal information.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Name and email address (for account creation)
• Profile information (age, height, weight, fitness goals)
• Contact information for customer support
• Payment information (processed securely through third-party providers)

2.2 Nutrition and Health Data

• Food photos and meal information
• Nutritional intake data
• Weight and body metrics (if provided)
• Dietary preferences and restrictions
• Exercise data (through Strava integration, with your consent)

2.3 Technical Information

• Device information (type, operating system, app version)
• Usage data (features used, session duration, crash reports)
• IP address and location data (for service optimization)
• Cookies and similar tracking technologies

3. How We Use Your Information

We use your information to:

• Provide and maintain our nutrition tracking services
• Process food photos using AI for nutritional analysis
• Generate personalized nutrition insights and recommendations
• Sync with third-party fitness apps (like Strava) with your consent
• Improve our AI algorithms and service quality
• Send you service updates and important notifications
• Provide customer support and respond to inquiries
• Detect and prevent fraud or unauthorized access
• Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

4.1 Service Providers

We work with trusted third-party service providers who help us operate our services:

• Cloud hosting providers (for secure data storage)
• AI processing services (for food photo analysis)
• Payment processors (for subscription management)
• Analytics providers (for service improvement)

4.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal processes.

4.3 Third-Party Integrations

With your explicit consent, we may share relevant data with fitness apps like Strava to provide integrated nutrition and fitness tracking.

5. Data Security

We implement enterprise-grade security measures to protect your information:

• End-to-end encryption for data transmission
• Encrypted storage of sensitive information
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements
• Secure data centers with physical security measures

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to using industry-standard practices.

6. Your Rights and Choices

Under GDPR and other applicable privacy laws, you have the following rights:

6.1 Access and Portability

• Request a copy of your personal data
• Export your nutrition data in a portable format

6.2 Correction and Updates

• Update your profile information in the app
• Request correction of inaccurate data

6.3 Deletion

• Delete your account and associated data
• Request deletion of specific information

6.4 Consent Management

• Withdraw consent for data processing
• Opt-out of marketing communications
• Manage third-party integrations

7. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Account data: Until account deletion or 3 years of inactivity
• Nutrition data: Until account deletion or as requested by you
• Payment records: As required by tax and financial regulations
• Technical logs: Up to 2 years for security and service improvement

8. International Data Transfers

As an Estonian company, we primarily process data within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure adequate protection through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for certain countries
• Other appropriate safeguards as required by GDPR

9. Children's Privacy

FoodTrack is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy in the app and updating the "Last Updated" date. Your continued use of FoodTrack after changes become effective constitutes acceptance of the revised policy.

11. Contact Information

If you have questions about this Privacy Policy or want to exercise your rights, please contact us:

For GDPR-related requests, please include "GDPR Request" in your subject line and specify the nature of your request (access, correction, deletion, etc.).

12. Supervisory Authority

If you have concerns about our data processing practices, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate or your local data protection authority.