Privacy Policy

Last updated: April 27, 2026

BiteBot ("we," "us," "our") is an AI-powered nutrition tracking app built by Daigest AI. This Privacy Policy explains what information we collect when you use the BiteBot mobile app or visit bite-bot.app, how we use it, and the choices you have. By using BiteBot, you agree to the practices described here.

1. Information We Collect

Website (bite-bot.app)

Email address — if you sign up for our TestFlight beta, we collect the email you submit so we can send you a beta invite and occasional product updates.
Basic request data — like most websites, our hosting provider logs standard request information (IP address, user agent, referrer) for security and reliability.

Mobile App

Apple user identifier — BiteBot's mobile app uses Sign in with Apple as its only sign-in method. We store the stable, Apple-assigned user identifier (the sub claim provided by Sign in with Apple) so we can keep you signed in across sessions and across devices. We do not collect or store an email address through the in-app sign-in flow, and we do not collect a password — Sign in with Apple handles authentication directly.
Display name — the first time you sign in, Apple shares the name you chose to provide. We store it for display inside the app and you can edit or clear it at any time in your in-app account settings.
Meal logs — food descriptions you type, photos of meals or nutrition labels you submit, and the structured nutritional data (calories, macronutrients, micronutrients) generated from those inputs.
Profile and goal data — information you provide about your nutrition goals, preferences, and saved meals.
Apple Health data — with your explicit permission, BiteBot reads selected activity data to contextualize your nutritional insights. See Section 4 for the exact categories read.
Device and usage data — basic diagnostic information about how the app is used (e.g., crash reports) to improve reliability.

Account access and recovery. Because BiteBot uses Sign in with Apple as its sole identity provider, you can recover access to your account at any time by re-authenticating with the same Apple ID on any device — there is no separate email-based recovery flow. You can revoke BiteBot's access in iOS Settings > [your name] > Sign in with Apple > BiteBot, which signs you out without deleting your server-side data. To delete your account and all associated data, use the in-app account-delete flow (see Section 7).

2. How We Use Your Information

We use the information we collect to:

Provide core product functionality — logging meals, generating nutritional breakdowns, delivering AI-powered coaching, and showing trends.
Personalize your experience based on your goals, saved meals, and logging history.
Communicate with you in-app via push notifications and on-screen messages.
Monitor and improve app performance, fix bugs, and develop new features.
Comply with legal obligations and enforce our terms.

We do not send marketing emails, account-recovery emails, or notification emails to BiteBot app users — all in-app communication happens through push notifications and on-screen messages. If you signed up for the TestFlight beta on bite-bot.app, the email you provided there is used only to send your beta invite and occasional product updates related to that signup; it is not linked to any in-app account.

We do not sell your personal information, and we do not use your meal logs, photos, or Apple Health data for advertising or marketing to third parties.

3. AI Processing of Meal Data

BiteBot uses artificial intelligence to analyze the food descriptions and photos you submit and to generate nutritional estimates and coaching suggestions. Specifically:

Food descriptions and photos you submit are sent to Anthropic's Claude API to generate structured nutritional estimates, which are then stored in your BiteBot account.
When you chat with the AI Coach, the request includes contextual information from your account — your recent meal logs, daily totals, goals, and (if available from Apple Health) a summary of your active workout — so Claude can generate a personalized response. Heart-rate data is included only for explicit post-workout recovery requests, as described in Section 4.
Anthropic does not use API inputs to train its models by default. Your data is not shared with advertisers or data brokers.

AI-generated nutritional estimates are approximations and may contain errors. BiteBot is not a medical device. See our Disclaimer for more.

4. Apple HealthKit

If you grant BiteBot access to Apple Health, the app reads (never writes) the following:

One-time onboarding prefill (optional)

If you tap "Prefill from Apple Health" during onboarding, BiteBot reads your date of birth, biological sex, height, and body weight once to populate your profile. Your age (derived from date of birth), biological sex, height, and weight are then saved to your BiteBot account on our servers so we can calculate your nutritional targets. You can skip this step and enter the same data manually — either way, the values are stored on the same User record. You can edit or clear them at any time in your in-app account settings.

Day-to-day use

Workouts — type, duration, calories burned, and recent-week aggregates are read on-device. When you chat with the AI Coach, a summary of your active workout is included as context in the request to our backend (and forwarded to Anthropic's Claude API to generate the response). Workouts are not persisted in our database.
Steps and active energy burned — read and processed entirely on your device. These values are not sent to our servers.
Heart rate — if you request post-workout recovery coaching, your average heart rate for that workout (along with workout type, duration, and calories) is sent to our backend solely to calculate your heart-rate zone, and forwarded to Anthropic's Claude API to generate the coaching response. The value is used transiently for that request and is not stored in our database.

BiteBot does not write any data to Apple Health.

HealthKit data is not sold, shared with advertisers or data brokers, or used for marketing purposes. Our backend logs that a coaching API call occurred (timestamp, endpoint, token count) for cost accounting, but does not log the HealthKit values themselves.

You can revoke HealthKit access at any time through iOS Settings > Health > Data Access & Devices.

5. Third-Party Services

BiteBot relies on a small set of trusted service providers to operate:

Hosting and authentication providers for account management and backend infrastructure.
AI providers for meal analysis and coaching generation (see Section 3).
Apple for app distribution (App Store / TestFlight), push notifications, and HealthKit.
Netlify Forms for handling the beta signup email form on bite-bot.app.

Each provider handles your data according to its own privacy practices. We only share what is necessary to deliver the BiteBot service.

6. Data Storage and Security

Your account data and meal logs are stored on secure cloud infrastructure with encryption in transit and at rest. While no system is perfectly secure, we take reasonable steps to protect your information against unauthorized access, alteration, or destruction.

7. Data Retention and Deletion

We retain your data for as long as your account is active. You can delete your BiteBot account and all associated server-side data at any time using the in-app account-delete flow (Settings > Account > Delete Account). Once initiated, we will delete your account data within a reasonable timeframe, except where we are required to retain information to comply with legal obligations.

You can also revoke BiteBot's access through Apple's Sign in with Apple settings on your device (iOS Settings > [your name] > Sign in with Apple > BiteBot). Revoking access signs you out but does not by itself delete your server-side data — to fully delete your account, use the in-app account-delete flow described above.

8. Your Rights

Depending on where you live, you may have rights under applicable privacy laws (including the GDPR and CCPA), such as:

Accessing the personal information we hold about you.
Requesting correction or deletion of your data.
Objecting to or restricting certain processing.
Receiving a portable copy of your data.

To exercise any of these rights, contact us at hello@bite-bot.app.

9. Children's Privacy

BiteBot is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

Questions or requests? Email hello@bite-bot.app.