Jump to section
Legal
Privacy Policy
What we collect, how we use it, and the choices you have.
This policy matches the current Fyll codebase and launch plan. It still needs final legal review before public app-store submission.
Introduction
Fyll is operated by MPTEE UNIGROUP DISTRIBUTION LLC, a New York limited liability company. Fyll helps users log meals, review nutrition estimates, add reflections, and understand food patterns over time.
This Privacy Policy explains what information we collect, how we use it, which service providers process it, and what choices you have.
Fyll provides nutrition estimates and food-pattern observations for educational purposes only. Fyll is not medical advice, a medical device, a diagnosis tool, or a treatment plan.
Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address
- First name
- Password hash. We do not store your raw password.
- Refresh/session token records used to keep you signed in and revoke deleted-account access.
2.2 Profile And Health Context
You may choose to provide profile and health context such as:
- Age, weight, height, and biological sex
- Activity level and nutrition targets
- Primary goals and coaching preferences
- Dietary restrictions, allergies, health conditions, and personal facts you choose to save
- Menstrual cycle length and related optional cycle context
Sensitive profile fields such as age, weight, height, and menstrual cycle length are encrypted before storage.
2.3 Meal, Beverage, Reflection, And Food Data
When you use Fyll, we may collect:
- Meal photos that you choose to upload
- Meal descriptions and meal timing
- AI-generated nutrition estimates, ingredients, calories, macros, and key nutrients
- Meal edits, corrections, favorites, and relogs
- Beverage logs, including type, volume, caffeine/alcohol estimates, add-ins, and notes
- Meal reflections, emojis, mood, fullness, energy, body-response tags, and notes
- Rewards, streaks, weekly cards, and related app-state records
2.4 Chat And Memory Data
When you use Phine, Fyll's assistant, we process your chat messages and conversation context so the assistant can answer and perform requested meal actions.
Fyll may store durable memory records inferred from chat, such as food preferences, allergies, body-response patterns, or user-provided context. These memories are used to personalize future responses and can be deleted with your account.
2.5 Optional Connected Health Data
If you choose to connect Apple Health or Health Connect, Fyll may read supported categories such as steps, sleep, body weight, and related summary signals depending on the enabled feature and platform permissions.
Raw HealthKit or Health Connect records stay on your device. Fyll may sync aggregated summaries and correlation reports, such as average sleep, average steps, weight trend direction, and short textual summaries, so they can be used in app insights and assistant context.
Health-platform access is optional, user-initiated, and controlled through the operating system permissions screen.
2.6 Device, Diagnostics, And Notification Data
We may collect:
- Device type, operating system, app version, and crash diagnostics
- Performance and error information needed to keep the app reliable
- Firebase Cloud Messaging tokens when you enable push notifications
- Local notification preferences and delayed notification records
We do not intentionally send meal photos, raw nutrition logs, or sensitive health fields to crash reporting.
How We Use Information
We use your information to:
- Create and secure your account
- Analyze meal photos and meal descriptions
- Save and display meals, nutrition estimates, beverages, reflections, and insights
- Personalize food-pattern observations and assistant responses
- Sync optional health summaries when you choose to connect a health platform
- Send notifications you enable
- Provide account export and deletion features
- Debug, secure, and improve the app
- Respond to support requests
We do not sell your personal information. We do not use your meal photos or personal data to train our own AI models.
Security And Privacy Safeguards
Fyll uses technical safeguards including:
- TLS for data in transit
- AES-256-GCM encryption for sensitive profile fields
- bcrypt password hashing
- Secure token storage on device where supported
- Rate limiting and input validation
- Photo metadata minimization before meal-photo processing
- Sentry filtering that removes direct user email, IP address, and username from backend error events before sending
No system is perfectly secure. We use reasonable safeguards and continue to improve them.
Service Providers
Fyll uses service providers to operate the app. The active provider may vary by environment and release configuration.
| Provider | Purpose | Data Processed |
|---|---|---|
| Google Gemini | AI meal/photo/text analysis when configured | Meal photos without metadata, meal descriptions, assistant prompts/context |
| Azure OpenAI | AI meal/photo/text analysis when configured or used as fallback | Meal photos without metadata, meal descriptions, assistant prompts/context |
| Cloudflare R2 / S3-compatible storage | Meal photo storage | Uploaded meal photos and object metadata |
| Neon | PostgreSQL database hosting | App account, meal, profile, reflection, memory, and related records |
| Railway | Backend hosting | Backend requests and operational logs |
| Firebase Cloud Messaging | Push notifications | Device push tokens and notification routing data |
| Resend | Password-reset and account emails | Email address and email content needed for delivery |
| Upstash Redis | Token blacklist, cache, and rate/operational support when configured | Cache keys and operational identifiers |
| Sentry | Crash and error reporting when configured | Error details, device/app metadata, privacy-filtered user identifier |
Fyll may use these providers in the United States or other locations where they operate infrastructure. Provider terms and data processing practices apply to their processing.
Retention And Deletion
Active Accounts
We retain account, meal, profile, reflection, memory, and related app data while your account is active unless you delete specific data where the app supports it.
Account Deletion
When you delete your account, Fyll deletes your account row and associated database records through cascading database deletion. Meal photos are removed from their active storage path and moved through the app's soft-delete storage flow, which can retain copies under a trash prefix for a limited recovery/cleanup period before final removal.
Deletion may also require token-blacklist support so deleted-account access tokens can be rejected. If deletion cannot be completed safely at that moment, the app may ask you to try again.
Some providers may retain logs, backups, delivery records, abuse-prevention records, or legal/compliance records under their own retention policies.
Export And Access
Fyll currently provides an account export endpoint that includes core account/profile data, meals with nutrition, reflections, rewards, and summary counts.
The current export does not yet include every internal table or derived record, such as all beverages, AI memories, cycle logs, corrections, tips, favorites, weekly cards, or health-summary records. Broader export coverage is tracked as product/legal work before public launch.
Your Choices
You can:
- Update your profile in the app
- Enable or disable notifications where the app supports it
- Control health-platform permissions in Apple Health or Health Connect
- Request data export where available
- Delete your account from Settings
- Contact us about privacy questions at hello@fyllapp.com
Children's Privacy
Fyll is not intended for children under 13. If you believe a child under 13 has provided personal information, contact us so we can investigate and delete it if required.
International Users
Fyll is operated from the United States. If you use Fyll from outside the United States, your information may be transferred to and processed in the United States or other locations where our providers operate.
Google Play Data Safety Draft
For Google Play disclosure work, the current product collects or may collect:
| Data Type | Collected | Shared With Service Providers | Purpose |
|---|---|---|---|
| Email address | Yes | Yes | Account, email delivery, support |
| Name / first name | Yes | No, except hosting/database providers | Personalization |
| Photos | Optional | Yes | Meal analysis and storage |
| Health and fitness profile data | Optional | No, except hosting/database providers | Nutrition estimates and personalization |
| Nutrition and meal data | Yes when logged | Yes for AI analysis and hosting/database providers | Core functionality |
| App diagnostics | Yes when configured | Yes, Sentry | Reliability |
| Device push token | Optional | Yes, Firebase | Notifications |
| Purchase history | No current subscription integration | No | Not applicable until payments are implemented |
Final App Privacy and Data Safety labels must be reviewed against the production build and provider configuration before submission.
Changes To This Policy
We may update this Privacy Policy from time to time. We will update the date above and provide additional notice for material changes where required.
Contact
Email: hello@fyllapp.com
Website: https://fyllapp.com