When you use IntakeLens, we collect information you provide directly and information generated as you use the service. Categories include:
We use your information to:
Your data is stored in a managed PostgreSQL database with row-level security policies that ensure each account can access only its own data. All data is encrypted in transit (TLS) and at rest. Uploaded images and audio are stored in secure object storage with access controls. Before any food photo, voice recording, or text prompt is sent to an AI provider, identifying EXIF metadata (including GPS and device information) is stripped server-side, and account identifiers such as your user ID, email address, and name are never included in the prompt — AI providers receive only the content needed to produce a nutritional estimate. Explicit consent is recorded before health and biometric data is used for AI-driven recommendations, and this consent can be withdrawn at any time in Settings. If we become aware of a security incident that affects your personal data, we will notify the Saudi Data & AI Authority (SDAIA) within the period prescribed by the PDPL Implementing Regulations where the incident meets the notification threshold, and we will notify affected users without undue delay where the incident is likely to result in significant harm — together with any steps you can take to protect yourself.
IntakeLens uses the following named third-party service providers to operate the app. Each provider processes data under its own privacy policy and, where applicable, a data processing agreement with us. None of these providers is authorised to use your data for its own marketing or profiling purposes.
We do not sell, rent, or share your personal information with third parties for their own marketing purposes. We disclose data only to the service providers listed above, where required by law, or in connection with a business transfer (merger, acquisition, or asset sale) subject to notice to you.
Subject to the privacy laws that apply where you live, you have the right to:
We use cookies and local storage in three categories. (1) Necessary — required for sign-in (Supabase Auth session), checkout (Paddle), and remembering your preferences (language, theme, units, dashboard visibility). These are always on; the app cannot function without them. (2) Analytics — product analytics (PostHog, EU region) measure how the app is used and where users encounter friction. PostHog runs through a same-origin reverse proxy at /ingest so requests stay first-party; we capture pageviews, custom events, and Core Web Vitals, never advertising identifiers, and do not build cross-site behavioural profiles. (3) Marketing — Google Ads tag fires conversion pings when you complete signup or subscription, used only to measure ad campaign effectiveness. You control Analytics and Marketing through the cookie banner shown on first visit and the "Cookie preferences" entry in Settings → About. We respect the browser "Do Not Track" signal and apply Consent Mode v2 regional defaults: visitors in the EEA, UK, and Switzerland start with all optional categories denied until they opt in; visitors elsewhere start with optional categories granted unless they opt out.
We retain your data for as long as your account is active. Specific retention periods are:
IntakeLens is operated by a data controller based in Saudi Arabia who voluntarily complies with the Saudi Personal Data Protection Law (PDPL), while our cloud and AI infrastructure operates globally. By using the app you are informed that your personal data will be transferred outside Saudi Arabia — specifically to Germany (Supabase / Frankfurt), the United States (OpenRouter, OpenAI, Anthropic, Paddle, Spoonacular, USDA, Soro), the United Kingdom (Paddle), and wherever else our named sub-processors operate — and is processed under safeguards aligned with Saudi PDPL Article 29. These safeguards include: (a) your explicit informed consent obtained at onboarding and retained in the account record; (b) purpose-limited processing (food analysis and account operation only, no secondary or advertising use); (c) contractual safeguards with each sub-processor equivalent to the PDPL Implementing Regulations; and (d) technical measures including TLS 1.3 in transit, encryption at rest, EXIF and PII stripping before AI dispatch, and row-level security at the database layer. Where the transfer additionally involves personal data of EU or UK residents, we rely on Standard Contractual Clauses and the supplementary safeguards described in our Transfer Impact Assessment, available on request at [email protected].
IntakeLens is intended for users aged 18 and over and is not directed to children. We do not knowingly collect personal information from anyone under 18, and onboarding requires a date of birth that places the account holder at 18 or older. We do not currently use document-based age verification; if we discover or have reason to believe an account holder is under 18, we will suspend the account and delete the associated data within 30 days. If you believe a minor has created an account, please contact us at [email protected] and we will act promptly.
We may update this Privacy Policy from time to time. For material changes that affect how we use your personal data, we will update the "Last updated" date above and post a notice on this page; we encourage you to review this policy periodically, and we will surface a notice in-app where feasible. Continued use of the service after we publish a material change constitutes acceptance of the updated policy; if you do not agree, you may delete your account at any time.
IntakeLens is operated by SoftSSlution, a sole-proprietor developer based in Saudi Arabia, which acts as the data controller for personal data processed through the app and voluntarily complies with the Saudi Personal Data Protection Law (PDPL). If you have questions about this Privacy Policy, wish to exercise your rights, or need to report a data incident, contact us at [email protected] or through the Contact page inside the app.
Where a privacy law such as the EU GDPR, UK GDPR, or Saudi PDPL applies to our processing of your personal data, we rely on the following lawful bases:
AI-generated nutrition estimates, meal plans, daily insights, and recipe extractions are advisory only. You always review, edit, and approve what is logged to your diary. We do not use AI to make fully automated decisions that produce legal effects or similarly significant effects on you (for example, we do not use AI to set your prices, approve or deny your subscription, or profile you for advertising). If you disagree with an AI estimate, you can correct or delete it at any time from the diary.
IntakeLens participates in affiliate marketing programs, which means we may earn a commission if you purchase products through links on our platform. As an Amazon Associate, IntakeLens earns from qualifying purchases. These commissions help support the development of the app and do not affect the price you pay.