Privacy Policy
Effective date: March 1, 2026 · Last updated: March 2026
FoodPicAI ("we", "us", or "our") operates foodpicai.com. This Privacy Policy explains what personal information we collect, how we use it, and the rights you have over your data. We keep it plain — no legal jargon walls.
1. What Data We Collect
Account Information
When you create an account you provide your email address. If you sign in with Google OAuth, we also receive your name and profile picture from Google. We store only what's needed to run your account.
Food Photos You Upload
Your photos are processed and immediately deleted. We send your image to Google's Gemini API for enhancement, return the result to you, and discard both the original and enhanced image. We do not store, sell, or use your photos for model training. Ever.
Payment Information
Payments are processed by Stripe. We never see or store your credit card number. Stripe stores your payment method securely and shares only a transaction ID and billing email with us.
Usage & Analytics Data
We use Cloudflare Web Analytics — a privacy-first, cookie-free analytics tool. It collects anonymous aggregate data: page views, traffic sources, countries, and device types. No personal identifiers, no cross-site tracking, no cookies are set.
2. How We Use Your Data
- To create and manage your account
- To process photo enhancement requests via our AI pipeline
- To process payments via Stripe
- To send transactional emails (receipts, account notifications) via Resend
- To send marketing emails if you opt in (you can unsubscribe any time)
- To understand aggregate traffic patterns and improve the service
We do not sell your personal information. We do not share it with third parties except as needed to operate the service (see Section 5).
3. Data Retention
- Food photos: Deleted immediately after processing (within seconds)
- Account data: Retained until you delete your account
- Billing records: Retained for 7 years (US tax law)
- Analytics data: Anonymous aggregates only — no personal data retained
To delete your account and all associated data, email us at [email protected]. We'll action your request within 30 days.
4. Cookies
FoodPicAI uses a single session cookie to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party cookies. Cloudflare Web Analytics is cookieless by design. No cookie consent banner is required or shown.
5. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, billing address |
| Google OAuth | Sign-in | Email, name (optional) |
| Google Gemini API | AI photo enhancement | Your uploaded photo (deleted after processing) |
| Cloudflare | Hosting & analytics | Anonymous aggregate traffic data |
| Resend | Transactional email | Email address |
| Supabase | Database & authentication | Account data |
6. California Residents (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request what personal information we have collected about you
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out of Sale: We do not sell personal information — this right is already satisfied
- Right to Non-Discrimination: We will not discriminate against you for exercising any CCPA right
To exercise these rights, email [email protected]. We will respond within 45 days.
7. Email Communications (CAN-SPAM)
All marketing emails from FoodPicAI include a clear unsubscribe link and our physical mailing address. Transactional emails (receipts, password resets) are sent regardless of marketing preferences, as they are essential to the service. You can unsubscribe from marketing at any time by clicking the unsubscribe link or emailing us.
8. Children's Privacy
FoodPicAI is not directed to individuals under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it promptly.
9. Security
We use industry-standard security measures: HTTPS everywhere, encrypted data at rest (Supabase/PostgreSQL), and access controls. No method of transmission over the internet is 100% secure, but we take reasonable steps to protect your information.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If changes are material, we will notify you by email at least 30 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.
11. Contact Us
Questions about this Privacy Policy? Reach us at:
FoodPicAI
Email: [email protected]
Last updated: March 2026 · Effective date: March 1, 2026