Privacy Policy

Last updated: April 21, 2026

Introduction

FoodClue (“we,” “us,” or “our”) prioritizes your privacy while using foodclue.app and related services (the “Service”). This policy explains how we collect, use, and protect your information. By using the Service, you accept this policy. Review our Terms of Service for additional terms.

Information We Collect

Personal Information

We collect personal information when you:

  • Create an account (email address, password)
  • Complete the onboarding quiz (symptom profile, suspected triggers, eating habits)
  • Subscribe to a paid plan (payment information via third-party processor)
  • Contact us for support

Health & Wellness Data

As a food-symptom tracking tool, FoodClue collects:

  • Meal photos (processed for ingredient analysis, not stored after processing)
  • Meal records (food names, ingredients, timestamps, meal slots)
  • Symptom check-in data (gut, energy, mood, skin scores; context tags)
  • AI-generated trigger correlation analysis results
  • Water intake logs
  • Diet balance and meal recommendation preferences
  • Meal notes (optional free-text context you add to meals)

Location & Weather Data

When you log a meal, FoodClue automatically records weather conditions (temperature, humidity, barometric pressure, weather condition) to help identify environmental factors affecting your symptoms. Location is determined via:

  • Browser geolocation (if you grant permission) — precise location used only to fetch weather data, not stored
  • IP-based geolocation (fallback) — approximate city-level location via ip-api.com, used only to fetch weather data, not stored

Only the weather data (not your location) is stored alongside your meal record. You can deny location permission and weather logging will still work via IP approximation.

Analytics & Product Improvement

We use PostHog for product analytics to understand how users interact with FoodClue. PostHog collects:

  • Page views and navigation patterns
  • Feature usage frequency
  • Device type and browser information
  • Session duration

PostHog data is used solely to improve FoodClue and is not shared with third parties for advertising. You can opt out by using browser privacy settings or extensions that block analytics scripts.

Push Notifications

If you enable symptom check-in reminders, FoodClue uses your browser's Notification API to send local notifications after meals. Notifications are processed entirely on your device — no notification data is sent to our servers. You can disable notifications at any time in Settings or your browser/OS notification preferences.

How We Use Your Information

We use your information to:

  • Provide AI-powered food-symptom correlation analysis
  • Generate personalized trigger reports and safe meal recommendations
  • Process and bill subscriptions
  • Send symptom check-in reminders (if enabled)
  • Improve the accuracy of our AI analysis algorithms
  • Provide customer support
  • Comply with legal requirements

We may de-identify and aggregate data for research and product improvement. Aggregated data cannot be used to identify individual users.

Third-Party Services

FoodClue uses the following third-party services:

  • Anthropic (Claude AI) — meal photo ingredient analysis. Photos are processed in real-time and not stored after analysis.
  • Stripe — payment processing for Pro subscriptions. We do not store your credit card information; all payment data is handled by Stripe.
  • OpenWeatherMap — weather data retrieval based on your location. Only weather data (not location) is stored.
  • ip-api.com — approximate city-level IP geolocation as a fallback for weather data when browser location is unavailable.
  • PostHog — product analytics for usage patterns and feature improvement.
  • Neon (PostgreSQL) — cloud database hosting with encryption at rest and in transit.

None of these providers use your personal health data for their own model training or advertising purposes.

Cookies and Related Technologies

FoodClue uses cookies for:

  • Authentication — httpOnly secure cookies to maintain your login session (JWT token, 7-day expiry)
  • Preferences — localStorage for UI preferences (e.g., photo tip display count)

We do not use third-party tracking cookies or advertising pixels. You can clear cookies through your browser settings, though this will require re-authentication.

Information Sharing

We do not sell, exchange, or publish your personal or health data to third parties, except:

  • AI processing providers — as described above (Anthropic), solely for ingredient analysis
  • Payment processors — to process subscription payments
  • Law enforcement — when legally compelled (court orders, subpoenas)
  • Corporate transactions — in the event of a merger, acquisition, or asset sale

We will never sell your health data to advertisers, insurers, employers, or any other third party.

Data Security

We implement industry-standard security measures:

  • Passwords hashed with bcrypt (cost factor 10)
  • JWT authentication with httpOnly, Secure, SameSite cookies
  • All API inputs validated with Zod schema validation
  • Security headers: HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy
  • Parameterized SQL queries (SQL injection prevention)
  • HTTPS encryption in transit
  • Environment variable validation (no hardcoded secrets)

While we take reasonable precautions, no Internet transmission method is 100% secure. We cannot guarantee absolute security against unauthorized access.

Data Access and Deletion

You may access, export, and delete your data at any time:

  • Export — Download all your meals and symptoms as a CSV file from Settings
  • Delete data — Permanently remove all meals, symptoms, and analysis data from Settings
  • Delete account — Request full account deletion by contacting support

Upon deletion, we remove your personal and health data within 30 days, subject to legal retention requirements.

Children's Privacy

FoodClue is designed for adults managing dietary health conditions. The Service is not directed at children under 16. We do not intentionally collect personal information from children under 16. If you believe such information has been collected, contact us immediately.

Medical Disclaimer

FoodClue is a wellness tool for tracking food and symptoms. It does not provide medical diagnosis, treatment, or advice. Patterns shown are observational correlations, not medical conclusions. Always consult a healthcare professional before making dietary changes based on FoodClue data.

Policy Changes

We reserve the right to modify this Privacy Policy at any time. Material changes will be communicated via email or prominent in-app notice. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

For questions about this Privacy Policy, contact:

Email: support@foodclue.app

© 2026 FoodClue. All rights reserved.