PicPlate App IconPicPlate

Privacy Policy

Last Updated: October 8, 2025

1. Data Controller

Nima Chizari

Meiendorfer Straße 21

22145 Hamburg

Germany

Email: hello@picplate.io

2. What Data We Process

2.1 Data Stored Locally on Your Device

All of the following data is stored exclusively locally on your device and never transmitted to our servers:

  • User Profile: Height, weight, age, gender, dietary preferences, weight goal
  • Meal Data: Photos, meal names, nutritional values, timestamps
  • App Settings: Language, units, personal preferences

Legal basis: Art. 6(1)(b) GDPR (contract performance)

Storage: Local on your device

Access: Only you have access to this data

Automatic iCloud Backup (iOS): If you have iCloud Backup enabled on your iOS device (Settings > [Your Name] > iCloud > iCloud Backup), your app data is automatically backed up to your personal iCloud account. This is performed by iOS itself, without data being transmitted to our servers. We have no access to your iCloud backups. The backup includes all locally stored data and is restored when you set up a new device or restore your device from a backup.

Note: If you manually delete the app, iOS automatically removes the associated backup data from your iCloud account as well. For maximum privacy, we recommend enabling "Advanced Data Protection" in your iCloud settings (iOS 16.2+), which provides end-to-end encryption for your backups.

2.2 AI Image Analysis (temporary processing)

To recognize food items and estimate nutritional values, your photos are temporarily transferred to external AI services

Services used:

OpenRouter (AI image analysis) - Privacy Policy: https://openrouter.ai/privacy

Data Processing Agreements: We have concluded Data Processing Agreements (DPAs) pursuant to Art. 28 GDPR with all AI service providers. These ensure appropriate technical and organizational security measures.

Legal basis: Art. 6(1)(b) GDPR (contract performance)

Third-country transfer: Transfers outside the EU/EEA occur with EU Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR

Recommendation: Do not include sensitive personal information in photos

Automated Decision-Making: The AI analysis does not make automated decisions within the meaning of Art. 22 GDPR that produce legal effects concerning you. The nutritional estimates serve only for your information and are subject to your own assessment.

2.3 Apple Health Integration (optional)

If you activate the Apple Health integration:

Read access: Height, weight, birthdate, gender, activity

Write access: Nutrition data from PicPlate

Storage: Local in Apple Health on your device

Legal basis: Art. 6(1)(a) GDPR (consent)

Revocation: iOS Settings > Health > PicPlate

We have no access to your Health data outside your device.

2.4 Anonymized Usage Analytics

We collect anonymized usage data to improve the app:

What we collect:

  • App usage (which screens visited, which features used)
  • Technical data (device type, OS version, app version)
  • Error reports (crash logs)
  • Usage patterns (e.g., number of analyses)

What we DON'T collect:

  • Names, emails, or personal contact information
  • Meal photos or food data
  • Weight, body measurements, or other health data
  • IP addresses (are anonymized)

Analytics Provider:

PostHog (EU-hosted in Germany) - Privacy Policy: https://posthog.com/privacy

Data Processing Agreement: We have concluded a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR with our analytics service provider.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest for product improvement)

Storage: EU (Germany)

Retention: 90 days, then automatic deletion

GDPR-compliant: EU hosting, fully anonymized

Processing is anonymized and does not result in any disadvantage to you.

3. Data Sharing

We only share your data in the following cases:

With technical service providers:

Data Processing Agreements: We have concluded Data Processing Agreements pursuant to Art. 28 GDPR with all service providers processing personal data on our behalf. For transfers outside the EU/EEA, we use EU Standard Contractual Clauses pursuant to Art. 46 GDPR.

Copies of agreements are available upon request: hello@picplate.io

Important: Since we do not store personal data on our servers, we cannot share it with third parties. All your meal data, photos, and health information remain exclusively on your device.

No sharing with:

  • Authorities (we have no user data to share)
  • Advertising partners or data brokers
  • Social media platforms
  • Other commercial third parties for marketing

4. Your Rights

You have the following rights regarding your personal data:

  • Access (Art. 15 GDPR): Information about stored data
  • Rectification (Art. 16 GDPR): Correction of incorrect data
  • Erasure (Art. 17 GDPR):
    • Local data: Uninstall app or delete account in settings
    • Analytics: Contact via hello@picplate.io
  • Objection (Art. 21 GDPR): Object to data processing
  • Data portability (Art. 20 GDPR): Automatically restorable via iCloud Backup (see 2.1)
  • Complaint (Art. 77 GDPR): You have the right to lodge a complaint with the competent supervisory authority, without prejudice to any other administrative or judicial remedy

Supervisory Authority:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit

Kurt-Schumacher-Allee 4, 20097 Hamburg, Germany

Email: mailbox@datenschutz.hamburg.de

Website: https://datenschutz-hamburg.de/

Contact: hello@picplate.io

5. Data Security

We protect your data through:

  • Encryption in transit: HTTPS/TLS 1.3
  • Encryption at rest: iOS-native encryption (SQLCipher)
  • Data minimization: No cloud storage of personal data
  • Temporary processing: Photos are not permanently stored
  • Access control: Only authorized service providers

Data Breach Notification: Since we do not store personal user data on our servers, the risk of a data breach is minimal. Should a breach occur that could affect your rights (e.g., at third-party providers), you will be promptly notified pursuant to Art. 34 GDPR.

6. Data Retention

  • Local data: Until you delete the app or account
  • AI analysis: Photos deleted immediately after processing
  • Analytics: 90 days, then automatic deletion

7. Children and Minors

This app is designed for persons aged 16 and older. If you are under 16 years old, you require consent from your parents or legal guardians to use this app. We do not knowingly collect personal data from children under 16 without parental consent.

8. Changes to This Privacy Policy

We may update this Privacy Policy at any time. Changes will be posted with a new date on this page. For material changes, we will notify you via in-app notification.

9. Contact

Email: hello@picplate.io

Mailing address:

Nima Chizari

Meiendorfer Straße 21

22145 Hamburg

Germany

Privacy Policy - PicPlate | PicPlate