Skip to main content

    Privacy Policy For BitEat

    Last Updated: 24th April 2025

    In case of discrepancies between language versions, the Polish version is the authoritative version.

    1. Introduction

    Welcome to BitEat! This Privacy Policy explains how BitEat ("we," "us," or "our") collects, uses, shares, and protects information about users ("you") when you use the BitEat mobile application ("App"), our API (BitEat-Service), and related services (collectively, the "Service").

    We are committed to protecting your privacy. By using BitEat, you agree to the practices described in this Privacy Policy. Please read this policy carefully.

    Data Controller:
    BitEat Team (BitEat platform operator)
    Contact: [email protected]
    Registered address and full legal entity information are provided upon request and in contractual/legal communications.

    2. Information We Collect

    We collect information to provide, operate, and improve our Service. The types of information we collect include:

    Information You Provide Directly:

    • Account Information: When you create an account, we collect your email address and password. If you sign up using Google or Apple, we receive your email, name (first and last), and the respective service's user ID (Google ID or Apple ID). We may ask you to provide or confirm your first and last name during onboarding or in settings. If not provided initially, placeholder names might be generated.
    • User Content / Recipe Data: Recipes you create, import, or share (including text, URLs, images), ingredients, instructions, nutritional information, liked meals, shopping list items, and notes.
    • Profile Information: Optional profile picture you may upload.
    • Household Information: Household names you create or join, and associated members.
    • Customer Support / Communications: Information you provide when you contact us for support or other communications.

    Information Collected Automatically:

    • Device and Usage Data: Technical data such as device type, operating system, app usage statistics, features used, meals viewed or liked, and interactions within households.
    • Log Data: Standard log information, which may include your IP address, browser type, operating system, access times, and referring website addresses. This may be used for security, analytics, and rate limiting.
    • Cookies and Similar Technologies: We use cookies and similar technologies on our website and services for authentication, session management, functionality, consent management, and analytics. This includes CookieYes (consent manager) and Google Analytics where enabled by consent. You may manage cookie choices through the cookie banner/settings.

    3. How We Use Your Information

    We use the information we collect for various purposes, including:

    • Providing and Managing the Service: To operate, maintain, personalize, and improve BitEat features, authenticate users, manage user accounts and households, and facilitate recipe sharing.
    • Communication: To send you service-related communications, such as account verification emails, notifications (if enabled in settings), updates, and support responses.
    • Marketing Communications: To send you promotional or marketing materials about BitEat features, updates, or offers via in-app messages or email. You can control these communications as described in Section 8.
    • AI-Powered Features: To enable features like recipe import, creation, or generation using AI (e.g., from URLs, text, images). This involves processing the content you provide (and potentially other inputs) using third-party AI services (see Section 5) to generate results and improve user experience.
    • Security and Compliance: To protect the security and integrity of our Service, prevent fraud, enforce our terms, and comply with legal obligations.
    • Analytics and Improvement: To understand how users interact with our Service, perform analytics, and develop new features.

    4. Legal Basis For Processing (For GDPR Applicability)

    If you are in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

    • Contractual Necessity: To provide the BitEat Service to you according to our Terms of Service.
    • Legitimate Interests: For purposes like service improvement, security, fraud prevention, analytics, and communication (including marketing, subject to opt-out rights), provided these interests are not overridden by your data protection rights.
    • Consent: Where required by law, such as for certain types of cookies or optional data sharing, we will obtain your consent. You can withdraw consent at any time.
    • Legal Obligation: To comply with applicable laws and regulations.

    5. Data Sharing And Third Parties

    We do not sell your personal data. We may share your information with third-party service providers who help us operate our Service (e.g., cloud hosting, analytics, AI processing, email delivery), subject to strict confidentiality obligations. These include:

    • Google:
      • Authentication: If you use Google Sign-In, we share authentication requests and receive profile information (email, name, Google ID).
      • AI Services (Google Cloud – Gemini/Vertex AI): When you use AI-powered features, we send the relevant content (URLs, HTML content, images, text, existing recipe data, etc.) along with anonymized or internal data like product and category lists from our database to Google's AI Platform for processing. Google's use of this data is governed by their terms and privacy policies. We use the europe-west3 region for these services.
    • Apple:
      • Authentication: If you use Sign in with Apple, we share authentication requests and receive profile information (email, name, Apple ID).
    • Cloudflare:
      • Data Storage (R2): User-uploaded images (profile pictures, recipe images) are stored on Cloudflare R2. We use a European Union endpoint (eu.r2.cloudflarestorage.com).
    • Mailgun:
      • Email Delivery: We use Mailgun to send transactional and marketing emails. Your email address and the email content are shared with Mailgun for this purpose.
    • Hosting and Infrastructure Providers: (e.g., potentially AWS/GCP/Hetzner for Kubernetes/other infrastructure components besides R2 object storage).
    • Aggregated and Anonymized Data: We may share anonymized, aggregated usage data with third parties for research, analytics, or business insights. This data does not include personally identifiable information.
    • Legal Requirements: We may disclose your information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

    6. Data Storage And Security

    We implement reasonable technical and organizational measures to protect your data from unauthorized access, use, alteration, loss, or destruction. These measures include secure authentication, encryption in transit (HTTPS assumed), access controls, and using reputable third-party providers. However, no method of transmission or storage is 100% secure.

    Your data is stored primarily on servers located within the European Union (e.g., Google Cloud europe-west3, Cloudflare R2 EU endpoint). However, some third-party providers may process data outside the EU under appropriate safeguards (e.g., Standard Contractual Clauses).

    7. Data Retention

    We retain your personal information for as long as your account is active or as needed to provide you with the Service and fulfill the purposes outlined in this policy, including for marketing unless you opt-out.

    When you delete your account (see Section 8), we will anonymize or delete your directly identifying personal information as described below. Non-identifiable data or data associated with shared features (like recipes you created or household data) may be retained in an anonymized or aggregated form for service operation, analytics, or legal compliance. We will delete or anonymize your information sooner if we no longer need it.

    8. Your Privacy Rights And Account Deletion

    Depending on your location, you may have certain rights regarding your personal information:

    • Right to Access: Request access to the personal information we hold about you.
    • Right to Rectification: Request correction of inaccurate or incomplete information (You can update your name via app settings).
    • Right to Erasure (Deletion): Request deletion of your personal information (See Account Deletion below).
    • Right to Restrict Processing: Request restriction of how we process your information in certain circumstances.
    • Right to Data Portability: Request a copy of your data in a machine-readable format.
    • Right to Object: Object to processing based on legitimate interests (including marketing).
    • Right to Withdraw Consent: Withdraw consent where processing is based on consent.
    • Right to Lodge a Complaint: Lodge a complaint with your local supervisory authority (for Poland: President of the Personal Data Protection Office, UODO).

    Opt-Out Choices:

    • You may disable certain cookies or tracking technologies via your device settings.
    • Marketing Communications: You can opt-out of receiving marketing communications from us by adjusting your preferences in the app's settings.

    To exercise these rights (other than account deletion initiated via the app or managing marketing preferences in settings), please contact us at [email protected]. We will respond to your request in accordance with applicable law.

    How to Delete Your Account

    You can request the deletion of your BitEat account using one of the following methods:

    Via the App:

    1. Open the BitEat application on your device.
    2. Navigate to Settings.
    3. Go to Profile settings within that section.
    4. Select Remove Account and carefully follow the on-screen instructions.

    Via Email:

    Send an email directly from your registered email address to [email protected] requesting account deletion.

    We may ask for additional verification information to confirm your identity before processing the email request.

    Data Deletion Information

    Upon processing your account deletion request:

    Data That Will Be Deleted/Anonymized:
    • Personal Information: First Name, Last Name, Email Address, Google/Apple ID, Profile Picture references.
    Data That Will Not Be Deleted:
    • Household Information: Household Name, Household Liked Meals Data, other shared household data.
    • Anonymized/Aggregated Data: Usage statistics, potentially non-identifiable recipe content not solely linked to your deleted account.

    Please note: If you are part of a household group, other users in that household will still be able to access data linked to the shared household account after your personal account data is deleted/anonymized.

    9. Children's Privacy

    Our Service is not directed to children under the age of 13 (or the minimum required age in your country). We do not knowingly collect personal information from children below that age. If we learn that we have collected personal data from a child below the required age, we will take steps to delete it.

    10. Links To Other Websites

    Our Service may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any external sites you visit.

    11. International Data Transfers

    Your information may be transferred to — and processed in — countries other than the country in which you reside. Those countries may have data protection laws that are different from the laws of your country. We take steps to ensure adequate protection of your information in accordance with this Privacy Policy and applicable law, including through Standard Contractual Clauses or other legal mechanisms where required for transfers outside the EEA.

    12. Changes To This Privacy Policy

    We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the App, by email (if we have your address), or by posting a notice in our Service prior to the change becoming effective. We encourage you to review this policy periodically.

    13. Contact Us

    If you have general questions about this Privacy Policy or our privacy practices, please contact us at:

    [email protected]

    For account deletion or support inquiries, please contact:

    [email protected]