Privacy Policy

Version 1.0 · Last updated: 28 April 2026 · Effective: 28 April 2026

1. Who we are

Family Fit Eats ("we", "us", "our") is a vegetarian nutrition tracking service available at familyfiteats.com and via Telegram.

Data controller: Family Fit Eats
Contact: privacy@familyfiteats.com

We are the data controller for all personal data described in this policy. Where we use third-party services to process data on our behalf, those services are data processors operating under data processing agreements.

2. The data we collect

    ⚠️ Health data notice
    Weight, calorie intake, nutritional information, and body measurements constitute health data under Article 9 of the UK GDPR. This is special category data requiring your explicit consent before we collect it. We only collect this data after you have given that consent.
  

2.1 Data you provide directly

Data	Examples	Why collected
Personal details	Name, age, biological sex	Personalising your calorie target using the Mifflin-St Jeor formula
Body measurements	Height, weight, target weight	Calculating a safe, personalised daily calorie goal
Nutrition logs	Food descriptions, meal photos, calorie estimates, macronutrients	Tracking your progress against your daily goal
Children's data	Child's name, age, biological sex, nutrition logs	Providing family nutrition tracking for your children
Goal preference	Lose weight / eat healthier / gain weight	Tailoring daily targets and advice to your objective

2.2 Data collected automatically

Data	Purpose
Telegram Chat ID (Telegram users only)	Identifying your account in our Cloudflare KV store to retrieve your logs
Scan count per day (web app)	Enforcing the free-tier limit of 3 photo scans per day
Consent record	Recording that you gave informed consent, when, and to which version of this policy

2.3 Data we do NOT collect

Email addresses (unless you contact us directly)
Payment card details (handled entirely by our payment processor)
Device identifiers, advertising IDs, or tracking cookies
Location data
Usage analytics or behavioural tracking

3. How and where data is stored

3.1 Web app (browser local storage)

    ✓ Your device only
    When you use the Family Fit Eats web app, all of your profile data, food logs, and settings are stored exclusively in your browser's local storage. This data never leaves your device and is never transmitted to our servers. We have no access to it.
  

The only data that leaves your device is the content of food photos or meal descriptions you submit for AI analysis — see Section 4 for details.

3.2 Telegram bot

If you use Family Fit Eats via Telegram, your profile, food logs, and children's data are stored in Cloudflare KV, a key-value data store operated by Cloudflare, Inc.

Food logs are automatically deleted after 7 days
Profile data is retained until you delete your account via /deleteaccount
Cloudflare stores data globally by default. We have configured data to be retained in the EU/UK where possible
Cloudflare operates under the EU-US Data Privacy Framework and the UK Extension thereof
Our Data Processing Agreement with Cloudflare is available on request

4. Third-party processors

4.1 Anthropic (AI analysis)

When you submit a food photo or meal description for calorie analysis, that content is sent to Anthropic, PBC via their Messages API. Anthropic processes this data as our data processor under a Data Processing Addendum.

Food photos are sent as base64-encoded images and are not stored by Anthropic after the API call completes
Anthropic does not use API inputs to train their models by default
Anthropic is a US-based company. The transfer is covered by Standard Contractual Clauses
Anthropic's privacy policy: anthropic.com/privacy

4.2 Cloudflare (infrastructure)

Our application runs on Cloudflare Workers and Cloudflare KV. Cloudflare acts as a data processor. They are certified under the EU-US Data Privacy Framework.

4.3 Netlify (web hosting)

The Family Fit Eats web app is hosted on Netlify. Netlify may process standard web server access logs (IP addresses, request timestamps) as part of normal CDN operation. These are not linked to your Family Fit Eats account.

5. Lawful basis for processing

Processing activity	Lawful basis
Collecting and processing health data (weight, nutrition, calories)	Explicit consent — Article 9(2)(a) UK GDPR. You provide this during onboarding and can withdraw it at any time.
Processing children's health data	Explicit consent of person with parental responsibility — Article 9(2)(a). You confirm parental responsibility before adding a child's account.
AI analysis of food photos and descriptions	Explicit consent — you consent to Anthropic processing during onboarding
Storing your profile to provide the service	Contract performance — Article 6(1)(b). Processing your profile is necessary to provide the personalised nutrition tracking you have requested.
Retaining your consent record	Legal obligation — Article 6(1)(c). We are required to demonstrate lawful processing.

6. Children's data

    ⚠️ Children under 13
    We do not knowingly collect data from children under 13 years old as primary account holders. The minimum age to create your own account is 13. Children's accounts may only be created by a parent or guardian with parental responsibility.
  

When you add a child's account, we apply the following additional protections:

Children are never placed on calorie deficit plans
Calorie targets for children are set using age-appropriate guidance, not weight-loss formulas
The focus of children's tracking is nutritional quality, not restriction
Children's data is deleted when the parent account is deleted
We require an explicit parental responsibility confirmation before any child data is saved

7. Your rights

🗑️

Right to erasure

Delete all your data instantly from Settings → Delete my data (web app) or /deleteaccount (Telegram). No waiting, no forms.

📋

Right of access

Request a copy of all data we hold about you. Web app users: your data is already visible in your browser. Email us for Telegram data.

✏️

Right to rectification

Correct any inaccurate data from the Goals & Profile screen at any time.

🚫

Right to withdraw consent

You can withdraw your consent at any time by deleting your account. Withdrawal does not affect the lawfulness of processing before withdrawal.

📦

Right to portability

Request your data in a machine-readable format by emailing privacy@familyfiteats.com.

⚖️

Right to complain

You have the right to lodge a complaint with the ICO (Information Commissioner's Office) at ico.org.uk.

To exercise any right, contact us at privacy@familyfiteats.com. We will respond within 30 days.

8. Data retention

Data	Retention period
Web app data (local storage)	Until you clear your browser data or delete your account in the app
Telegram food logs (Cloudflare KV)	7 days, then automatically deleted
Telegram profile and goals	Until you use /deleteaccount
Children's data	Same as parent account — deleted when parent deletes account
Consent record	Retained for 3 years after account deletion to demonstrate lawful processing

9. International transfers

Your data may be transferred outside the UK in the following circumstances:

Anthropic (US): Food analysis requests are processed in the US. Transfer is covered by Standard Contractual Clauses (SCCs).
Cloudflare (global): Cloudflare operates globally and is certified under the EU-US Data Privacy Framework and the UK Extension thereof.
Netlify (US): The web app is served from Netlify's global CDN. No personal data is stored by Netlify.

10. Security

We take appropriate technical and organisational measures to protect your data:

Your Anthropic API key is stored only in Cloudflare's encrypted secrets store — never in application code or exposed to browsers
All data in transit uses TLS 1.2 or higher
Web app data never leaves your device
Cloudflare KV data is encrypted at rest
Access to Cloudflare account credentials is restricted to authorised personnel

No system is 100% secure. If you believe your data has been compromised, please contact us immediately at privacy@familyfiteats.com.

11. Cookies and tracking

The Family Fit Eats web app does not use cookies, advertising trackers, or analytics. We do not use any third-party tracking scripts. The only storage used is your browser's local storage, which is used solely to save your profile and food logs on your own device.

12. Changes to this policy

We may update this privacy policy from time to time. When we do:

We will update the version number and effective date at the top of this page
For material changes, we will ask for your consent again on next login
The version of the policy you consented to is recorded in your consent record

13. Contact us

For any privacy-related queries, requests, or complaints:

Email: privacy@familyfiteats.com
Response time: Within 30 days
ICO registration: Pending

You also have the right to complain directly to the UK Information Commissioner's Office:

ICO: ico.org.uk
ICO helpline: 0303 123 1113