Last updated: June 12, 2026
Food Energy ("the App") respects your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information.
All meal records, calorie data, macro nutrients, and food photos are stored locally on your device using an on-device database (SQLite). This data never leaves your device except as described below.
When you scan food or add a meal manually, the App routes your photo or text description through a thin proxy server we operate (Google Cloud Run) and forwards it to one of three third-party AI services for nutritional analysis:
The proxy does not store your photos or descriptions — it forwards them in real time. Images and text are sent solely for the purpose of food recognition and nutritional estimation. No personally identifiable information is attached to these requests.
To protect the service from automated abuse and to enforce per-user request quotas, the proxy stores an anonymous device identifier (generated by the App, not linked to your name, email, or device hardware ID) along with a daily request counter in Google Cloud Firestore. These records are automatically deleted after 48 hours. Short-term request metadata (IP address, timestamp) may also be logged briefly for abuse prevention and retained no longer than 7 days. We do not link this data to your identity.
When you scan a packaged product's barcode, the App sends only the decoded barcode number to Open Food Facts, an open community database, to retrieve nutritional information and a product image. No personal data is shared.
If you subscribe, payment and subscription management are handled entirely by Apple (App Store), Google (Google Play), or — for the version distributed via RuStore — T-Bank (Tinkoff) acquiring. We use RevenueCat to track subscription state. RevenueCat receives an anonymous app user ID — no personal information is shared. For T-Bank payments, only the data you enter on T-Bank's hosted payment form (card details, optional email for the fiscal receipt) is processed by T-Bank under its own privacy policy; the App receives only a success / fail signal and does not see or store card data.
If you choose to enable the Health integration in the Profile screen, the App reads the following data from Apple Health (iOS) or Health Connect (Android):
Health data is read on demand for in-app display and calculation only. It is never transmitted to our servers, never sent to AI providers, and never shared with third parties. You can revoke access at any time through your system settings (iOS: Settings → Privacy & Security → Health; Android: Settings → Health Connect → App permissions). Disabling the Health toggle in the App's Profile screen also stops further reads.
If you sign in with Apple or Google on the Account screen, we create an account and back up your food diary so you can restore it on another device. Linked to your account, we store: your meals (name, calories, macros, weight, date), your daily goal and body metrics, meal photos you added, and basic account info from your sign-in provider (a user identifier, plus your email and name if provided).
This data is stored with Google Firebase (Authentication, Cloud Firestore, Cloud Storage) on servers located in the European Union. Backup is entirely optional — if you do not sign in, none of your diary leaves your device. This feature is not available in the RuStore version of the App. You can delete your account and all cloud data at any time via “Delete account & data” on the Account screen (see also our account deletion page).
The App displays optional rewarded video ads — you watch a short ad voluntarily to earn one extra free scan. Two ad networks are used depending on your device's region:
These networks may collect your device's advertising identifier (IDFA on iOS, GAID on Android), IP address, device model and OS version, and locale. They use this data to personalize ads, prevent fraud, and measure ad performance.
You can opt out of personalized advertising at any time:
For full details, see the networks' privacy policies linked in Section 8.
To understand how the App is used and to fix problems, we use:
These services receive device and usage data on a pseudonymous basis and do not receive your meal content.
We do not sell or rent your personal data. Data is only transmitted to the service providers listed above for the specific purposes described. If you opt into cloud backup, your diary is stored in Google Firebase (EU) under your own account and is not shared with anyone else.
By default all meal data is stored on your device only; uninstalling the App permanently deletes it. AI providers process images and text in real-time and do not retain them beyond their standard API processing windows. Anonymous abuse-prevention records in Firestore are automatically deleted after 48 hours, and proxy request metadata logs no longer than 7 days. If you sign in for cloud backup, your backed-up data is retained until you delete it — use “Delete account & data” in the App (or the account deletion page) to permanently remove your cloud copy and account.
All communication between the App, our proxy, and AI providers is encrypted via HTTPS/TLS. On-device data is protected by your device's built-in security (passcode, biometrics, encryption).
The App is suitable for general audiences and is not directed at children under 13. The optional account and cloud backup are intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child has provided such information, please contact us at sergmochalin@gmail.com so we can delete it.
Since all meal data is stored locally on your device, you have full control over it. You can:
The App uses the following third-party services. Please refer to their privacy policies:
We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated date. Continued use of the App constitutes acceptance of the updated policy.
If you have questions or concerns about this Privacy Policy, please contact us at sergmochalin@gmail.com.