Effective Date: March 28, 2026
1. Introduction
Welcome to ThaliFit (the “App”), an Indian nutrition and wellness application developed and operated by Dynamic Vision Works (“we,” “our,” or “us”). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use ThaliFit on Android and iOS devices.
By creating an account or using ThaliFit, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.
Contact: For any privacy-related inquiries, please email us at privacy@thalifit.com.
2. Information We Collect
2.1 Account & Identity Information
• Phone number: used for SMS OTP authentication via Firebase Authentication.
• Google account details: name, email address, and profile photo when you sign in with Google.
2.2 Personal & Health Profile
When you set up your profile and goals, we collect:
• Full name, age, and gender
• Height, weight, target weight, and estimated time to goal
• Diet type, food preferences, allergies, and regional cuisine preferences
• Activity level, gym frequency and intensity, sports activities, and daily walk/run minutes
• Goal type (weight loss, gain, maintenance, or other)
• Units preference (metric or imperial)
2.3 Daily Activity & Nutrition Logs
• Nutrition logs: meals with macronutrient breakdowns (calories, protein, carbs, fat, fiber, sodium), health scores, timestamps, logging source (photo, manual, or menu scan), and optional food images.
• Exercise logs: activity type, category, duration, intensity, calories burned, and notes.
• Steps and calories: optionally synced from Apple Health (iOS) or Google Health Connect (Android). This data is read-only and syncing is entirely optional.
2.4 Device & App Data
• Push notification token (for meal reminders and streak alerts)
• Notification preferences and meal timing patterns
• Streak data and app usage patterns
• Theme and UI preferences
• Local caches stored on your device (meal plan cache, recent foods, menu preferences, insights cache)
2.5 Analytics Data
We collect app usage analytics through Firebase Analytics, including:
• App events such as sign-up, login, meal logged, goal set, profile completion, and screen views
• User properties including Firebase user ID, diet type, and age group (stored as bucketed ranges such as 18–24, 25–34, etc., not exact age)
• Onboarding funnel completion steps
3. How We Use Your Information
We use the information we collect to:
• Provide and personalise the core App experience, including AI-assisted food logging, calorie and macro tracking, meal planning, and portion guidance
• Generate personalised daily calorie and macronutrient targets based on your profile and goals
• Deliver AI-powered food analysis when you scan meals or restaurant menus
• Create weekly meal plans and Indian recipe suggestions tailored to your preferences
• Send push notifications for meal reminders, streak alerts, and relevant updates
• Sync health data (steps and calories) from Apple Health or Google Health Connect when you opt in
• Analyse app usage patterns to improve features, fix issues, and enhance the user experience
• Prevent fraud and ensure App security through Firebase App Check
4. How We Share Your Information
We do not sell your personal data to any third party.
We share information only with the following service providers who process data on our behalf to operate the App:
4.1 Firebase (Google)
• Firebase Authentication: phone OTP and Google Sign-In processing
• Cloud Firestore: storage of user profiles, logs, and preferences
• Firebase Realtime Database: real-time job states (e.g., weekly meal planner)
• Firebase Storage: food images you upload
• Firebase Cloud Functions: server-side processing for AI food analysis and notifications
• Firebase Analytics: aggregated app usage analytics
• Firebase App Check: fraud prevention via Play Integrity (Android) and DeviceCheck (iOS)
4.2 OpenAI
We use OpenAI’s API exclusively on the server side (via Firebase Cloud Functions) to power AI food analysis. Your food images and meal data are sent to OpenAI for processing. OpenAI’s API keys are never exposed to the App directly.
4.3 Expo
We use Expo services for push notification delivery, over-the-air app updates, and device location detection (country/region only, for food localisation).
4.4 Apple Health & Google Health Connect
If you choose to connect, we read step count, active calories burned, and basal calories burned. This data is read-only and is never shared with any third party beyond what is described in this policy.
We may also disclose your information if required by law, legal process, or governmental request, or to protect our rights, privacy, safety, or property.
5. Permissions We Request
The App requests the following device permissions, each for a specific purpose:
5.1 Android Permissions
• Camera: food photo logging and menu scanning.
• Storage (Read/Write): accessing food images for logging.
• Location (Fine and Coarse): detecting your country/region for food localisation and regional cuisine suggestions.
• Health Connect (Steps, Active Calories, Total Calories): optional syncing of health data.
• Notifications: meal reminders and streak alerts.
5.2 iOS Permissions
• Camera: food photo logging and menu scanning.
• Photo Library: selecting food images from your library.
• Location (When In Use): country detection for regional food suggestions.
• HealthKit (Steps, Active Energy, Basal Energy): optional syncing of health data from Apple Health.
• Notifications: meal reminders and streak alerts.
6. Data Storage and Security
Your data is stored on Firebase infrastructure. Our Firebase Cloud Functions are hosted in the europe-west1 (EU) region. If you are located outside the EU (including India), your data may be transferred to and processed in the EU. By using the App, you consent to this cross-border transfer of data.
We implement appropriate technical and organisational measures to protect your personal information, including:
• Encrypted data transmission (HTTPS/TLS) for all communications between the App and our servers
• Firebase Authentication with secure session management
• Server-side API key management (OpenAI keys are never exposed to the App)
• Firebase App Check for request validation and fraud prevention
Local data on your device (AsyncStorage) includes cached meal plans, recent foods, notification data, and preferences. Firebase Authentication sessions are stored in the iOS Keychain or Android’s secure storage as managed by the Firebase SDK.
7. Data Retention and Deletion
We retain your personal data for as long as your account is active or as needed to provide the App’s services. You may request deletion of your account and all associated data at any time by contacting us at privacy@thalifit.com.
Upon receiving a verified deletion request, we will:
• Delete your user profile, nutrition logs, exercise logs, meal plans, and food images from our servers
• Remove your push notification token and preferences
• Remove your analytics user properties
Please note that local data stored on your device (AsyncStorage caches) must be cleared by uninstalling the App. Some anonymised, aggregated analytics data may be retained for service improvement purposes.
8. Children’s Privacy
ThaliFit is intended for users aged 18 and above. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected data from a minor, we will take steps to delete that information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@thalifit.com so we can take appropriate action.
9. Your Rights
Depending on your location and applicable laws, you may have the following rights regarding your personal data:
• Access: request a copy of the personal data we hold about you.
• Correction: request that we correct inaccurate or incomplete data.
• Deletion: request deletion of your personal data and account.
• Data Portability: request a copy of your data in a structured, machine-readable format.
• Withdraw Consent: withdraw your consent to data processing at any time (for example, disconnecting Apple Health or Google Health Connect).
• Object: object to certain types of data processing where applicable.
To exercise any of these rights, please contact us at privacy@thalifit.com. We will respond to your request within 30 days.
10. Third-Party Links
The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.
11. Health Data Handling
ThaliFit accesses health data exclusively through Apple HealthKit (iOS) and Google Health Connect (Android). This access is:
• Read-only: we only read step count, active calories burned, and basal calories burned
• Optional: health data syncing is prompted during onboarding and can be disabled at any time through your device settings
• Private: health data is used solely to display your activity alongside your nutrition tracking within the App and is never shared with advertisers or data brokers
User-entered health data (weight, height, age, and goals) is stored in our Firebase database and is subject to the same security and retention practices described in this policy.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you through the App or by other appropriate means before the changes take effect.
We encourage you to review this Privacy Policy periodically. Your continued use of ThaliFit after any changes constitutes your acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Dynamic Vision Works
Email: privacy@thalifit.com
Website: https://thalifit.com
This privacy policy was last updated on March 28, 2026.
ThaliFit: Privacy Policy
Contact
info@thalifit.com
© 2026 Dynamic Vision Works. All rights reserved.
LEGAL