Privacy Policy of MomEats
This Application collects some Personal Data from its Users.
This document can be printed for reference by using the print command in the settings of any browser.
Owner and Data Controller
Mathias OVIEVE
5 Rue Hector Malot
69007 Lyon
Owner contact email: contact@momeats.app
Types of Data collected
Among the types of Personal Data that this Application collects, by itself or through third parties, there are:
- Account information — name and email address, collected via Apple Sign In or email/password registration
- Health & pregnancy data — trimester of pregnancy and toxoplasmosis immunity status, used to personalize food-safety recommendations
- Wellness data — nausea, energy, digestion and satisfaction check-ins logged by the User
- Photos and media — images captured or selected by the User for the AI assistant and recipe scanner
- AI conversations — questions, conversation history and images sent by the User for AI-powered food-safety analysis
- Crash and diagnostic data — device model, operating system version, stack traces and error logs automatically collected when the Application crashes or encounters errors, used solely to identify and fix technical issues
- Support chat data — messages, any files or images shared in the in-app support chat, and technical context (device type, app version) used to respond to your request
- Payment and subscription data — subscription status and purchase history (processed by Apple and RevenueCat; we do not store credit card details)
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application. Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services.
Users are responsible for any third-party Personal Data obtained, published or shared through this Application and confirm that they have the third party's consent to provide the Data to the Owner.
Device permissions for Personal Data access
This Application may request certain permissions that allow it to access the User's device Data as described below. By default, these permissions must be granted by the User before the respective information can be accessed. Permissions can be revoked at any time in the device settings.
Camera permission
Used for capturing photos of meals and recipes for AI analysis.
Photo library permission
Used for selecting existing photos from the User's library to send to the AI assistant or recipe scanner, and to share images in the in-app support chat.
Third-party services
This Application uses the following third-party services that may collect and process Personal Data:
Firebase Authentication (Google LLC)
Used for user account creation and authentication via Apple Sign In or email/password. Data processed: email address, name, unique user identifier.
Cloud Firestore (Google LLC)
Used to store user-generated content, preferences and app data. Data processed: account information, meal data, user preferences, journal entries, wellness checks, AI conversations, recipe analyses.
Firebase Storage (Google LLC)
Used to store user-uploaded images sent to the AI assistant and recipe scanner. Data processed: photos and media files.
Anthropic — Claude (Anthropic PBC)
Powers the AI assistant and recipe analysis features via Firebase Cloud Functions. Data sent to Anthropic for processing: questions, images, trimester and immunity status. Anthropic does not use this data to train its models.
RevenueCat
Used to manage in-app subscriptions and purchases. Data processed: subscription status, purchase history, anonymous user identifiers.
Apple App Store (Apple Inc.)
This Application is distributed on the Apple App Store. Apple processes payments for in-app purchases and may collect basic analytics data. Users may opt-out of Apple analytics through device settings.
Firebase Crashlytics (Google LLC)
Used to collect crash reports and diagnostic data to improve app stability. Data processed: crash logs, stack traces, device model and operating system version, Firebase user identifier.
Firebase App Check — App Attest (Google LLC / Apple Inc.)
Used to verify that requests to backend services originate from the genuine Application. App Attest generates device attestation tokens; no personally identifiable information is collected through this service.
Crisp (Crisp IM SARL)
Used to provide in-app live support chat. Data processed: messages and files shared in the chat, email address (if provided by the User), device type and app version. Crisp IM SARL is a French company; data may be stored within the European Union.
Data storage and international transfers
User data is stored on Firebase / Google Cloud servers located primarily in the United States. AI processing is performed by Anthropic, also based in the United States. By using this Application, Users acknowledge that their data may be transferred to and processed in the United States or other countries outside the European Union. Support chat data processed by Crisp may be stored within the European Union.
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of the Data. Where data is transferred outside the EU, the Owner relies on appropriate safeguards such as Standard Contractual Clauses or the service provider's compliance frameworks.
Subscriptions and payments
This Application offers auto-renewing subscriptions managed through RevenueCat and processed via Apple In-App Purchases. The Owner does not directly collect or store payment card information. All payment processing is handled by Apple.
Subscription status and purchase history are synchronized through RevenueCat to manage access to premium features.
Account deletion
Users may delete their account and all associated personal data directly from the Application's settings, or by contacting the Owner at contact@momeats.app. Upon receiving a valid request, the Owner will delete the User's account and personal data within 30 days, except where retention is required by law.
Retention time
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
- Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
- Personal Data collected for the purposes of the Owner's legitimate interests shall be retained as long as needed to fulfill such purposes.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
The rights of Users
Users may exercise certain rights regarding their Data processed by the Owner. In particular, Users have the right to:
- Withdraw their consent at any time.
- Object to processing of their Data.
- Access their Data.
- Verify and seek rectification.
- Restrict the processing of their Data.
- Have their Personal Data deleted or otherwise removed.
- Receive their Data and have it transferred to another controller.
- Lodge a complaint before their competent data protection authority.
How to exercise these rights
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.
Additional information
Legal action
The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Application or the related Services. The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.
Changes to this privacy policy
The Owner reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within this Application. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.
Definitions and legal references
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information allows for the identification or identifiability of a natural person.
Usage Data
Information collected automatically through this Application (or third-party services employed in this Application), which can include device information, interaction data, and other technical details.
User
The individual using this Application who, unless otherwise specified, coincides with the Data Subject.
Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
This Application
The means by which the Personal Data of the User is collected and processed.
Service
The service provided by this Application as described in the relative terms (if available) and on this site/application.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Legal information
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).
This privacy policy relates solely to this Application, if not stated otherwise within this document.
Latest update: February 20, 2026