Version: v2.1
Last updated: September 10, 2025
Publisher / Data Controller: IDE TECHNOLOGIES (SASU) — Lyon Trade and Companies Register (RCS) No. 949 574 370 — Share capital: €500
Registered office: 43 avenue Rockefeller, 69003 Lyon, France
Contact (GDPR & support): contact@dietmate.fr
Supervisory authority: CNIL — https://www.cnil.fr
Welcome to Diet Mate, a calorie-tracking and health data management application developed and operated by IDE Technologies (“we”, “us”, “our”).
The security and confidentiality of your personal data are of the utmost importance to us. This Privacy Policy explains how we collect, use, protect, and share your information when you use our application.
This Privacy Policy describes how DietMate collects, uses, stores, shares, and protects your personal data when you use the DietMate mobile and/or web application (the “Application”).
It applies to all users aged 15 and over.
We do not sell your personal data, and we do not use your health data for advertising purposes or marketing profiling.
Identification data: email address; password (stored in hashed form).
Content: written or voice descriptions of meals; meal photos; notes.
Preferences: units, goals, and privacy settings.
Technical & usage data: device technical identifiers, application logs, usage events, crash reports, and app version.
Health data (optional) via Apple Health (HealthKit) and/or Google Fit: weight, steps, calories burned (resting/activity), and/or other categories only if you explicitly authorize them.
AI-generated nutritional estimates (e.g. calories and macronutrients of a meal) derived from your descriptions and/or photos.
Performance of the contract: creation and management of the Account, delivery of the core features (meal entry and estimation, synchronizations, history).
Explicit consent (GDPR Art. 9) — withdrawable at any time: processing of health data for wellness tracking purposes.
Legitimate interest: security, prevention of fraud or abuse, internal audience measurement, and product improvement.
Legal obligation: billing and legal compliance, responding to requests from public authorities.
Important (health data): some of the data you enter or synchronize (weight, intake data, meal photos and/or descriptions) qualify as health data. We process such data only with your explicit consent, which you may withdraw at any time (see Sections 10 and 12).
Activation is optional and granular: you choose which categories you authorize.
Health/Fit data are neither sold nor used for advertising or marketing profiling.
They are shared solely for the operation of the Application and only with our technical service providers, who are bound by confidentiality obligations.
You can revoke permissions at any time in your operating system settings (Apple Health / Google Fit).
We use an AI service provider (e.g., OpenAI), acting as a data processor, to estimate nutritional composition from your inputs (text, voice, photos):Data minimization: we only transmit the information strictly necessary for the estimation (no direct identifiers when not required).No training: data transmitted via the API are not used to train the models.Technical logs: the processor may retain technical logs for up to 30 days for service delivery and abuse prevention (Zero Data Retention mode is used when available).Data location: whenever possible, we prioritize processing within the EU/EEA.
Google Cloud / Firebase (EU regions): Firestore (data), Cloud Storage (photos), Authentication, Crashlytics.
Google Ireland Ltd. — hosting and Firebase services.
AI service provider (e.g., OpenAI) — nutritional estimation.
Auxiliary tools (if used): email delivery/support, monitoring and alerting, internal analytics.
All our processors are bound by data processing agreements (DPAs) and, where applicable, Standard Contractual Clauses (SCCs) for transfers outside the EU/EEA. An up-to-date list can be provided upon request.
We may share data only with:Our technical processors (hosting, AI, email delivery, monitoring) strictly for the purpose of providing the service;Competent authorities where required by law;Platform providers (Apple / Google) acting as independent controllers for the management of purchases and subscriptions (we do not transmit your health data to them).
We do not allow the use of your health data for advertising purposes or data brokerage.
Certain processing activities (e.g., AI API calls) may involve transfers to countries outside the EU/EEA (such as the United States). These transfers are governed by the European Commission’s Standard Contractual Clauses (SCCs) and supplemented by additional safeguards (encryption, data minimization, access controls).
Account & functional data: for as long as the Account remains active; deleted upon your request or 12 months after prolonged inactivity.
Meal descriptions (text/voice): 12 months.
Meal photos: 12 months.
Synchronized health data: until consent is withdrawn or the Account is deleted.
Technical / security logs: 12 months (unless a legal obligation requires longer retention).
AI logs (service provider): up to 30 days.
Billing data (if applicable): 10 years (accounting and tax obligations).
Backups and archives may result in a technical delay before final deletion.
Under the GDPR, you may exercise the following rights:Access to your data;Rectification;Erasure;Restriction of processing and objection to processing based on legitimate interest;Data portability (for data you have provided to us);Withdrawal of consent (in particular for health data) at any time, without retroactive effect;Post-mortem directives (France) regarding the handling of your data.
How to exercise your rights:By email: contact@dietmate.fr
