BITE

Legal

Privacy Policy

Last updated: 14 May 2026

BITE ("we", "our", or "us") is operated by Nutriflex Systems. This Privacy Policy explains what personal data we collect when you use the BITE mobile application and this website, how we use it, and the choices you have. Please read it carefully before using our services.

1. Who we are

We are Nutriflex Systems, the developer of the BITE nutrition app. If you have any questions about this policy, you can contact us at nutriflex.systems@gmail.com.

2. Data we collect

Account and identity data

We use Clerk for authentication. When you sign up or log in, Clerk collects your email address, name (optional), and any OAuth profile data from providers you choose (e.g. Google, Apple). Clerk processes this data in accordance with Clerk's Privacy Policy.

Profile and nutrition data

To personalise your meal plans and track your progress, we store the following in our database (hosted on Supabase, a managed PostgreSQL platform):

  • Your nutrition goals (calories, macros)
  • Dietary preferences, allergies, and intolerances
  • Food diary entries and logged meals
  • Generated meal plans and saved recipes
  • Shopping list items
  • Planning preferences (e.g. meal-prep days)
  • Mr. Bite conversation history

Camera and barcode data

When you use the barcode scanner, your device camera captures an image locally. The barcode value is extracted on-device and sent to our food database APIs (Edamam and Spoonacular) to retrieve nutrition information. No camera images are stored or transmitted to our servers.

Payment data

Subscription payments are processed by Stripe. We never see or store your full card details. Stripe processes payment data under Stripe's Privacy Policy. We retain a Stripe customer ID and subscription status to manage your account.

AI conversation data

Mr. Bite is powered by large language models. Your messages and relevant context (goals, recent diary entries) are sent to our AI providers (Anthropic and/or DeepSeek) to generate responses. These providers may process data in accordance with their respective privacy policies. We do not sell conversation data, and our AI providers contractually commit to not using your data to train their models without consent.

Crash and performance data

We use Sentry to collect crash reports and performance traces. Sentry may capture device information (OS version, device model), error stack traces, and limited user identifiers to help us diagnose bugs. Data is processed under Sentry's Privacy Policy.

Usage analytics

We collect anonymised in-app event data (e.g. screens visited, features used) to understand how people use BITE and where we can improve it. This data does not identify you personally.

3. How we use your data

  • To provide, maintain, and improve the BITE app and website
  • To personalise your meal plans, recommendations, and Mr. Bite responses
  • To process your subscription and manage billing
  • To send you transactional emails (account confirmation, password reset)
  • To detect and fix bugs and security issues
  • To comply with legal obligations

We do not sell your personal data to third parties.

4. Legal bases for processing (UK/EEA users)

  • Contract performance — to deliver the service you signed up for
  • Legitimate interests — to improve our product and ensure security
  • Consent — for any optional communications you opt into
  • Legal obligation — where required by law

5. Data sharing

We share your data only with the sub-processors necessary to deliver our service:

  • Clerk — authentication
  • Supabase — database and edge functions (hosted on AWS EU infrastructure)
  • Stripe — payment processing
  • Anthropic / DeepSeek — AI responses
  • Edamam / Spoonacular — food and recipe data
  • Sentry — error monitoring

All sub-processors are bound by data processing agreements and are prohibited from using your data for their own purposes.

6. Data retention

We retain your account and nutrition data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where we are required to retain it for legal or financial compliance (e.g. Stripe transaction records for up to 7 years).

7. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Export your data in a portable format
  • Object to or restrict certain types of processing
  • Withdraw consent where processing is based on consent

To exercise any of these rights, email us at nutriflex.systems@gmail.com. We will respond within 30 days.

8. International transfers

Some of our sub-processors are based in the United States. Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms.

9. Children

BITE is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Security

We take reasonable technical and organisational measures to protect your data, including encrypted connections (TLS), row-level security on our database, and restricted access to production systems. No system is 100% secure — if you discover a security issue, please disclose it responsibly to nutriflex.systems@gmail.com.

11. Cookies

This website uses only essential cookies required for navigation and session management. We do not use advertising or tracking cookies. You can disable cookies in your browser settings, though some site functionality may be affected.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the app or email. Continued use of BITE after an update constitutes acceptance of the revised policy.

13. Contact

Questions, complaints, or requests: nutriflex.systems@gmail.com