Legal · Draft pre-launch

Privacy Policy

Effective date: 1 May 2026 · Last updated: 1 May 2026

Pre-launch draft

This text is plain-language and follows GDPR + CCPA structure. It will be reviewed by qualified legal counsel before public launch and may change at that point. If anything here conflicts with applicable law, the law wins.

1. TL;DR

We collect what we need to run Forky — your account, the food you log, the photos you scan, the conversations and actions in the app. We do not sell your data. We do not let other AI companies train their general-purpose models on it. You can export everything or delete everything at any time.

2. Who is the controller

Elie DTDR (“we”, “us”) is the data controller for the personal data described in this policy. Address: 18 avenue de Valmont, 1010 Lausanne, Switzerland. For questions about your data, see /support.

For users in the European Economic Area, our designated representative under Article 27 GDPR will be appointed and named here before public launch.

3. Data we collect

3.1 Account data. Email address, hashed password (when you sign up directly) or OAuth identifier (Google / Apple). Optional display name and profile photo if you provide them.

3.2 Onboarding profile. Self-reported goal (cut / build / maintain), cuisine preferences, dietary restrictions, struggles, why-now triggers — collected during the 11-step onboarding to personalise recommendations.

3.3 Health-related data. Sex assigned at birth, weight, height, age, activity level, target weight. Used to compute Mifflin-St Jeor BMR + macro split. Treated as “health data” under GDPR Article 9 — see “Special categories” below.

3.4 Activity data. Meals you log (text, photo, barcode), recipes you save or import (URL/PDF/photo), fridge scans, wearable sync status, your reactions and ratings.

3.5 Device & technical data. OS version, app version, device model, language, IP address, anonymised crash logs, performance traces. Used for debugging and abuse prevention.

3.6 Payment data. Subscriptions are sold exclusively through Apple’s App Store (iOS) and Google Play (Android). Apple and Google handle all card details — we never see or store them. We receive only: subscription status, plan, billing country.

3.7 Communications. Messages you send via the in-app feedback form, emails to [email protected], and any reply we send back.

4. Special categories of data

Health information is a “special category” under GDPR Article 9. Our legal basis for processing it is your explicit consent (Article 9(2)(a)) given when you complete onboarding. You can withdraw consent at any time by deleting your account; processing up to that point remains lawful.

5. How we use your data

Compute your daily calorie + macro targets and update them as your stats change.

Run vision models on photos you submit (fridge scans, meal photos) to identify ingredients and dishes.

Generate personalised recipes that match your goal, cuisine preferences, restrictions, and what's actually in your fridge.

Generate recipe suggestions, macro estimates, and wearable-aware tracking summaries.

Send service emails (account, billing, security). We don't send marketing emails unless you opt in.

Detect abuse, prevent fraud, and enforce our Terms of Service.

Aggregate anonymised metrics (e.g. “X% of users in Europe scan their fridge weekly”) to improve the product.

Comply with legal obligations.

6. Legal bases (GDPR)

We process personal data on the following bases:

Performance of a contract — to deliver the service you signed up for (Article 6(1)(b)).

Consent — for health data (Article 9(2)(a)) and any optional marketing.

Legitimate interests — fraud prevention, security, product analytics, debugging (Article 6(1)(f)). We have weighed these against your rights.

Legal obligation — tax, accounting, response to lawful requests (Article 6(1)(c)).

7. Sub-processors and AI providers

To run the service, we share data with the following sub-processors. Each is bound by a Data Processing Agreement that prohibits using your data for their own purposes.

Emergent (emergentagent.com) — OAuth proxy for Google Sign-In, and gateway routing LLM requests to OpenAI/Anthropic on our behalf. Receives email + Google sub (OAuth) and prompt/image content during requests (LLM gateway).

OpenAI (GPT-4o vision + text, accessed via Emergent) — fridge / meal scans, recipe generation. Inputs are not used to train OpenAI's general models per their enterprise terms.

Anthropic (Claude, accessed via Emergent) — recipe generation and macro-aware suggestions. Same training opt-out.

Google (Gemini) — fallback recipe and image generation. Same training opt-out.

ElevenLabs — optional recipe audio playback. We send only the text needed for audio playback.

Self-hosted MongoDB (on a personal VPS in the EU, France) — primary database. Daily snapshots, encrypted at rest at the disk layer.

Gmail / Google Workspace — transactional email (verification, password reset) only. We do not use Gmail for marketing.

Cloudflare — DNS, CDN, Pages hosting, DDoS protection.

RevenueCat — iOS / Android in-app subscription lifecycle (purchase, renewal, cancellation events). We share an anonymous user id and the product purchased; RevenueCat never sees your email or payment card.

Apple (App Store, In-App Purchase) — iOS subscriptions. Apple handles all payment details; we receive only the subscription status.

Apify — Instagram / TikTok recipe link parsing (only when you import a link).

Spoonacular — recipe and ingredient image CDN.

The full up-to-date list with contractual links is available on request.

8. International transfers

Some sub-processors are located in the United States. Transfers from the EEA / UK / Switzerland to the US are protected by the EU-U.S. Data Privacy Framework adherence (where the processor is certified) or by Standard Contractual Clauses (Module 2: Controller-to-Processor) supplemented by appropriate technical and organisational measures.

9. Retention

We retain your data for as long as your account is active. When you delete your account:

Within 24 hours: we revoke active sessions, your account is no longer accessible to you.

Within 30 days: we erase your profile, meals, scans, transcripts, and saved recipes from production systems.

Up to 90 days: data may persist in encrypted backups, which are then rotated and overwritten.

Indefinitely (anonymised): aggregate metrics that no longer identify you.

Where law requires longer retention (e.g. tax records: 10 years in France), we keep only the strictly necessary fields.

10. Your rights

If you are in the EEA, UK, or Switzerland (GDPR / UK-GDPR / nLPD), you can:

Access the personal data we hold about you (Article 15).

Correct inaccurate or incomplete data (Article 16).

Erase your data — “right to be forgotten” (Article 17).

Restrict processing (Article 18).

Receive your data in a portable, machine-readable format — JSON export (Article 20).

Object to processing based on legitimate interests (Article 21).

Withdraw consent at any time, without affecting the lawfulness of past processing (Article 7).

Lodge a complaint with your supervisory authority (Switzerland: FDPIC; France: CNIL; UK: ICO; etc.).

If you are in California (CCPA / CPRA), you have analogous rights including the right to know, delete, correct, and opt out of any sale or sharing of personal information. We do not sell or share your personal information for cross-context behavioural advertising.

To exercise any of these rights, write to [email protected] or use /support. We respond within 30 days.

11. Security

We use HTTPS everywhere, encryption at rest for the database, hashed passwords (bcrypt), short-lived JWTs for auth, and least-privilege access controls. We do not promise perfect security — no online service can — but we work to a level that's appropriate for the data we hold. If we discover a breach affecting your data, we will notify you and the relevant supervisory authority within 72 hours where required by law.

12. Children

Forky is not directed at children. You must be at least 16 years old (or the digital-consent age in your country) to use the service. If we learn we have inadvertently collected data on someone under that age, we will delete it.

13. Cookies and similar technologies

The Forky landing pages use only strictly-necessary cookies (session, language, theme). The mobile app does not use cookies. We do not run advertising trackers and we do not use cross-site tracking.

14. Changes to this policy

If we make material changes — for instance, adding a new sub-processor or changing the legal basis for processing — we will post the updated text here and notify all active users at least 30 days before the change takes effect. Minor edits (typo fixes, clarifications) will be made without prior notice but always reflected in the “Last updated” date at the top.

15. Contact

Questions, requests, or complaints: [email protected] or /support.