Privacy Policy of MomEats
This Application collects some Personal Data from its Users.
This document can be printed for reference by using the print command in the settings of any browser.
Owner and Data Controller
Mathias OVIEVE
5 Rue Hector Malot
69007 Lyon
Owner contact email: contact@momeats.app
Types of Data collected
Among the types of Personal Data that this Application collects, by itself or through third parties, there are:
- Account information — name and email address, collected via Apple Sign In or email/password registration
- Health & pregnancy data — trimester of pregnancy and toxoplasmosis immunity status, used to personalize food-safety recommendations
- Dietary preferences and food allergy data — dietary regime (e.g. vegetarian, vegan, gluten-free), food allergies and intolerances (e.g. peanuts, lactose, gluten, eggs, shellfish, soy, tree nuts, fish, and any custom allergens entered by the User), cuisine preferences, household size, budget and meal preparation time, used to generate personalized AI meal plans
- Wellness data — nausea, energy, digestion and satisfaction check-ins logged by the User; aggregated patterns from these logs may also be processed by the AI to generate Food Journal Insights
- Photos and media — images captured or selected by the User for the AI assistant, recipe scanner, and restaurant menu scanner
- AI conversations and analysis data — questions, conversation history, meal photos, recipe photos or URLs, and restaurant menu photos sent by the User for AI-powered food-safety analysis; trimester and toxoplasmosis immunity status included as context for personalized responses
- Onboarding responses — pregnancy goals and concerns selected by the User during onboarding (e.g. peace of mind, fear of mistakes, contradictory advice), used to personalize the in-app experience
- Community feature requests — title, description, category, vote activity, and the User's display name, submitted by the User to the in-app public roadmap. Feature requests and the author's display name are visible to all other authenticated Users of the Application. Reports submitted to flag inappropriate content (reason and reporter identifier) are visible only to the Owner.
- Blocked users list — when the User blocks another User from the feature request roadmap, the blocked User's account identifier and display name (cached at the time of blocking) are stored in the User's own profile so that content authored by blocked Users can be hidden locally. The blocked users list is visible only to the User who created it and to the Owner.
- Crash and diagnostic data — device model, operating system version, stack traces and error logs automatically collected when the Application crashes or encounters errors, used solely to identify and fix technical issues
- Support chat data — messages, any files or images shared in the in-app support chat, and technical context (device type, app version) used to respond to your request
- Payment and subscription data — subscription status and purchase history (processed by Apple and RevenueCat; we do not store credit card details)
- Product search data — product names, barcodes scanned via the device camera, and product safety queries used to evaluate pregnancy compatibility
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application. Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services.
Users are responsible for any third-party Personal Data obtained, published or shared through this Application and confirm that they have the third party's consent to provide the Data to the Owner.
Device permissions for Personal Data access
This Application may request certain permissions that allow it to access the User's device Data as described below. By default, these permissions must be granted by the User before the respective information can be accessed. Permissions can be revoked at any time in the device settings.
Camera permission
Used for capturing photos of meals, recipes and restaurant menus for AI analysis, and for scanning product barcodes in the Product Search feature.
Photo library permission
Used for selecting existing photos from the User's library to send to the AI assistant, recipe scanner or menu scanner, and to share images in the in-app support chat.
AI-Powered Features and Data Processing
MomEats includes AI-powered features that analyze food safety and wellness information personalized to the User's pregnancy. These features are powered by Gemini, developed by Google LLC, and accessed through Firebase AI Logic via Firebase Cloud Functions. This section describes each AI feature, the personal data sent to Google for processing, and how the User's consent is obtained and managed.
AI Assistant
The AI Assistant allows the User to ask food-safety questions or photograph a meal to receive personalized guidance based on their trimester and health profile. The following data is transmitted to Google for each request:
- The User's question or message text
- Photos of meals captured or selected by the User (when provided)
- Trimester of pregnancy
- Toxoplasmosis immunity status
- Conversation history for the current session
Recipe Scanner
The Recipe Scanner allows the User to photograph a printed recipe or provide a URL; AI analyzes the ingredients and suggests pregnancy-safe substitutions. The following data is transmitted to Google for each request:
- Recipe photo or URL provided by the User
- Trimester of pregnancy
- Toxoplasmosis immunity status
Menu Scanner (Restaurant Mode)
The Menu Scanner allows the User to photograph a restaurant menu (up to five pages per scan); AI identifies dishes, flags pregnancy-risky items and suggests safer alternatives. The following data is transmitted to Google for each request:
- Menu photos captured by the User
- Trimester of pregnancy
- Toxoplasmosis immunity status
Menu scan results and the original photos are stored in the User's account so they can be reviewed later in the scan history. The User may delete individual scans or all scans at any time from within the Application.
Food Journal and Wellness Insights
The Food Journal Insights feature analyzes the User's logged meals and wellness check-ins to surface patterns and personalized recommendations. The following data is transmitted to Google when generating insights:
- Meal logs and food entries recorded by the User
- Wellness check-in data (nausea, energy, digestion and satisfaction ratings)
- Eating pattern summaries derived from the above
AI Meal Plan Generation
The AI Meal Plan Generation feature creates personalized multi-day meal plans based on the User's dietary profile and pregnancy context. The following data is transmitted to Google for each request:
- Dietary regime (e.g. omnivore, vegetarian, vegan, pescatarian, flexitarian, gluten-free)
- Food allergies and intolerances, including any custom allergens entered by the User
- Cuisine preferences
- Household size, budget and maximum preparation time
- Selected meal types (breakfast, lunch, dinner) and number of days
- Trimester of pregnancy
- Toxoplasmosis immunity status
Generated meal plans and individual recipe details are stored in the User's account. When the User requests a detailed recipe from a generated meal plan, the meal title, summary, main ingredients, serving count, trimester and toxoplasmosis immunity status are transmitted to Google for processing.
Product Search & Barcode Scanner
The Product Search feature allows the User to search for food products by name or scan a barcode using the device camera. Product information is retrieved from a curated database and the Open Food Facts API. Pregnancy safety is evaluated using a rule-based engine. When rule-based scoring is insufficient, the following data is transmitted to Google for AI-powered safety scoring:
- Product name and ingredients
- Trimester of pregnancy
- Toxoplasmosis immunity status
Product search history is stored locally on the User's device.
AI Provider and Data Handling
All AI features are powered by Google LLC (Gemini) through Firebase AI Logic. AI requests are routed through Firebase Cloud Functions deployed in Europe (eu-west1); Gemini model inference may be processed on Google servers in the United States. Google does not use the data submitted through MomEats to train or improve its AI models.
Firebase Privacy Policy | Google Privacy Policy
User Consent for AI Data Processing
Before any personal data is transmitted to Google for the first time, the Application presents the User with an explicit consent prompt that describes which data will be sent and for what purpose. AI features are not activated until the User actively accepts this prompt.
The User may withdraw their consent at any time from the Application's settings. Upon withdrawal, all AI features (AI Assistant, Recipe Scanner, Menu Scanner, Food Journal and Wellness Insights, AI Meal Plan Generation, and Product Search AI scoring) will become unavailable. Withdrawing AI consent does not affect other Application functionality, nor does it delete data already stored in the Application.
To withdraw AI consent or request deletion of data previously processed by Google, Users may contact the Owner at contact@momeats.app.
Third-party services
This Application uses the following third-party services that may collect and process Personal Data:
Firebase Authentication (Google LLC)
Used for user account creation and authentication via Apple Sign In or email/password. Data processed: email address, name, unique user identifier.
Cloud Firestore (Google LLC)
Used to store user-generated content, preferences and app data. Data processed: account information, meal data, user preferences, journal entries, wellness checks, AI conversations, recipe analyses, menu scan analyses, generated meal plans, community feature requests and votes, content reports, and the User's blocked users list.
Firebase Storage (Google LLC)
Used to store user-uploaded images sent to the AI assistant, recipe scanner and menu scanner. Data processed: photos and media files.
Firebase AI Logic — Gemini (Google LLC)
Powers all AI features in this Application (AI Assistant, Recipe Scanner, Menu Scanner, Food Journal Insights, AI Meal Plan Generation, and Product Search safety scoring) via Firebase Cloud Functions. Data sent to Google for processing includes: user questions, conversation history, meal photos, recipe photos or URLs, restaurant menu photos, dietary preferences, food allergies and intolerances, trimester of pregnancy, toxoplasmosis immunity status, meal logs, wellness check-in data, and product safety queries. Google does not use this data to train or improve its AI models. AI requests are routed through Cloud Functions in Europe (eu-west1); Gemini model inference may be processed on Google servers in the United States.
AI features are activated only after the User provides explicit consent in-app. See the "AI-Powered Features and Data Processing" section above for full details.
Firebase Privacy Policy | Google Privacy Policy
Open Food Facts
Used to search food product information by name or barcode in the Product Search feature. Data processed: product name or barcode identifier. Open Food Facts is an open, collaborative database; no personal user data is transmitted to this service.
RevenueCat
Used to manage in-app subscriptions and purchases. Data processed: subscription status, purchase history, anonymous user identifiers.
Apple App Store (Apple Inc.)
This Application is distributed on the Apple App Store. Apple processes payments for in-app purchases and may collect basic analytics data. Users may opt-out of Apple analytics through device settings.
Firebase Crashlytics (Google LLC)
Used to collect crash reports and diagnostic data to improve app stability. Data processed: crash logs, stack traces, device model and operating system version, Firebase user identifier.
Firebase App Check — App Attest (Google LLC / Apple Inc.)
Used to verify that requests to backend services originate from the genuine Application. App Attest generates device attestation tokens; no personally identifiable information is collected through this service.
Crisp (Crisp IM SARL)
Used to provide in-app live support chat. Data processed: messages and files shared in the chat, email address (if provided by the User), device type and app version. Crisp IM SARL is a French company; data may be stored within the European Union.
Community feature requests
The Application includes a public roadmap where Users may submit feature requests, vote on requests submitted by other Users, and report inappropriate content. Each feature request stores the User's display name, account identifier, the title and description provided, the chosen category, vote count, and the creation and update timestamps.
Feature requests and the author's display name are visible to all other authenticated Users of the Application. Users should not include personal data, sensitive health information, or confidential third-party information in feature request titles or descriptions.
Reports submitted to flag a feature request (reason and reporter identifier) are visible only to the Owner and are used to moderate the public roadmap. The Owner reserves the right to remove or hide feature requests that violate the Terms or applicable law. Users may request the removal of their own feature requests at any time by contacting the Owner at contact@momeats.app.
Automated moderation. Each submitted feature request is automatically processed by a Firebase Cloud Function deployed in Europe (eu-west1) that scans the title and description for obviously problematic content. Feature requests flagged by this filter are soft-hidden pending human review. The automated moderation function processes only the feature request's title, description and author identifier; no data is transmitted to third parties for this purpose.
Blocking another User. Users may block another User from the feature request roadmap. When this happens, the blocked User's account identifier and their display name (cached at the time of blocking so the list remains readable) are stored on the blocking User's own profile. The Application uses this list locally to hide feature requests authored by blocked Users. The blocked users list is not shared with other Users and can be modified from Profile → Blocked users at any time.
Data storage and international transfers
User data is stored on Firebase / Google Cloud servers located primarily in the United States. AI processing is performed by Google through Firebase AI Logic. AI requests are routed through Cloud Functions in Europe (eu-west1); Gemini model inference may be processed on Google servers in the United States. For details on which data is sent to Google and how consent is managed, see the "AI-Powered Features and Data Processing" section of this policy. By using this Application, Users acknowledge that their data may be transferred to and processed in the United States or other countries outside the European Union. Support chat data processed by Crisp may be stored within the European Union.
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of the Data. Where data is transferred outside the EU, the Owner relies on appropriate safeguards such as Standard Contractual Clauses or the service provider's compliance frameworks.
Subscriptions and payments
This Application offers auto-renewing subscriptions managed through RevenueCat and processed via Apple In-App Purchases. The Owner does not directly collect or store payment card information. All payment processing is handled by Apple.
Subscription status and purchase history are synchronized through RevenueCat to manage access to the Application.
Account deletion
Users may delete their account and all associated personal data directly from the Application's settings, or by contacting the Owner at contact@momeats.app. Upon receiving a valid request, the Owner will delete the User's account and personal data within 30 days, except where retention is required by law.
Retention time
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
- Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
- Personal Data collected for the purposes of the Owner's legitimate interests shall be retained as long as needed to fulfill such purposes.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
The rights of Users
Users may exercise certain rights regarding their Data processed by the Owner. In particular, Users have the right to:
- Withdraw their consent at any time.
- Object to processing of their Data.
- Access their Data.
- Verify and seek rectification.
- Restrict the processing of their Data.
- Have their Personal Data deleted or otherwise removed.
- Receive their Data and have it transferred to another controller.
- Lodge a complaint before their competent data protection authority.
How to exercise these rights
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.
Additional information
Legal action
The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Application or the related Services. The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.
Changes to this privacy policy
The Owner reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within this Application. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.
Definitions and legal references
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information allows for the identification or identifiability of a natural person.
Usage Data
Information collected automatically through this Application (or third-party services employed in this Application), which can include device information, interaction data, and other technical details.
User
The individual using this Application who, unless otherwise specified, coincides with the Data Subject.
Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
This Application
The means by which the Personal Data of the User is collected and processed.
Service
The service provided by this Application as described in the relative terms (if available) and on this site/application.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Legal information
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).
This privacy policy relates solely to this Application, if not stated otherwise within this document.
Latest update: April 20, 2026