Priority Number One

Welcome to Vitto AI ("Company," "we," "our," or "us"). We provide a mobile application (the "App") that utilizes artificial intelligence to assist users in tracking their nutritional intake. We are committed to protecting your personal information and your right to privacy.

IMPORTANT: Vitto AI is a wellness tool, not a medical device.

The nutritional data, calorie estimates, and analysis provided by our AI are estimates for informational purposes only. We do not provide medical advice, diagnosis, or treatment. You should not rely on this information as a substitute for, nor does it replace, professional medical advice, diagnosis, or treatment. Always consult with a physician or other healthcare professional.

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("personal information").

3.1. Information You Provide Directly

3.2. Information Collected Automatically

• Device Data: Device model, operating system (iOS/Android), IP address, unique device identifiers (e.g., IDFV), and crash logs.
• Usage Data: Features used, time spent on screen, and interaction with ads (if applicable).

3.3. Information from Third Parties (Health APIs)

If you grant us permission to connect with Apple Health (HealthKit) or Google Health Connect, we may read and write data such as: Active Energy Burned, Step Count, and Weight History.

We process this data strictly to improve your wellness tracking within the App. We do not use Health API data for advertising or sell it to data brokers.

We process your data for the following purposes, based on specific legal grounds:

Vitto AI uses third-party artificial intelligence providers (e.g., OpenAI) to analyze your images.

• Data Transmission: When you upload a photo, the image data is transmitted securely to our cloud servers and our AI processors.
• Zero Retention for Training: We operate under enterprise agreements that prohibit our AI providers from using your personal data to train their general public models.
• Your Contributions: By default, your images are not used to train Vitto AI's internal models. You may choose to opt-in to contribute your anonymized food photos to help improve the system's accuracy. You can withdraw this consent at any time in Settings.

We may display advertisements to support the free version of the App.

• No Health Data for Ads: We do not use your weight, calorie history, or dietary logs to target advertisements.
• Contextual Advertising: Ads you see are primarily based on the context of the page you are visiting (e.g., a recipe page) or broad location data (e.g., city level).
• Your Choices:
  • iOS: We respect the AppTrackingTransparency (ATT) framework.
  • Android: We respect the systemic opt-out of ads personalization.
  • California Residents: We enable "Restricted Data Processing" with our ad partners to ensure your data is not "sold" or "shared" in violation of the CCPA.

We do not sell your personal information. We disclose data only as follows:

• Service Providers: Cloud hosting (e.g., Supabase), AI processors, and analytics providers who are bound by Data Processing Agreements (DPAs) to keep your data confidential.
• Legal Compliance: If required by subpoena, law, or court order.
• Business Transfers: If Vitto AI is involved in a merger or acquisition, your data may be transferred as a business asset, subject to this Policy.

Depending on your jurisdiction, you have specific rights:

• Right to Access & Portability: Request a copy of your data in a machine-readable format.
• Right to Correction: Update inaccurate health metrics.
• Right to Deletion: Request the permanent erasure of your account and data.
• Right to Limit Use of Sensitive Data (California): You may direct us to limit the use of your health data to only what is necessary for the App's functioning.
• Right to Opt-Out of AI Training: Revoke permission for your data to be used for model improvement.

We retain your personal data only as long as your account is active or as needed to provide you with Services.

• Account Deletion: If you request deletion, your personal identifiers and health data are removed from our active databases within 30 days.
• Backups: Encrypted backups may retain residual data for up to 90 days for disaster recovery purposes before being overwritten.

Vitto AI is not intended for children under 13 (or 16 in the UK/EU). We do not knowingly collect data from children. If we discover such data, we will delete it immediately. Users are required to confirm their age during registration.

If you access the App from the EEA or UK, your data is transferred to the United States. We rely on Standard Contractual Clauses (SCCs) and the Data Privacy Framework (DPF) (where applicable) to ensure your data remains protected.

For privacy concerns or to exercise your rights:
Vitto AI Privacy Officer
Email: [email protected]