Privacy Policy

Balance by HomeCooks · Last updated: 5 March 2026

Balance ("the app", "we", "us") is a nutrition tracking application operated by Joshua Magidson. This privacy policy explains what data we collect, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By creating an account, you agree to the collection and use of your data as described below.

1. Data Controller

Name: Joshua Magidson
Email: joshmagidson@gmail.com

2. Age Requirement

Balance is designed for users aged 16 and over. We do not knowingly collect data from anyone under 16. If you believe a child under 16 has provided us with personal data, please contact us and we will delete it promptly.

3. Data We Collect

3.1 Account Data

What	Name, email address, password (hashed)
How	You provide this when creating an account
Why	Authentication, account management, communication
Retention	Until you delete your account

3.2 Body & Health Profile

What	Height, weight, age, sex, fitness goals, activity level, dietary preferences, macro targets
How	You enter this during onboarding and in settings
Why	Personalised nutrition targets and coaching insights
Retention	Until you delete your account

3.3 Nutrition Logs

What	Meals, foods, portions, calories, macronutrients, water intake, daily check-ins
How	You log these through the app (manual entry, search, barcode scan, photo, or text input)
Why	Core app functionality — tracking your nutrition
Retention	Until you delete your account

3.4 Photos

What	Meal photos taken with your camera or selected from your photo library
How	You take or select a photo to identify foods
Why	AI-powered food recognition (see Section 4 — Third-Party Services)
Retention	Photos are sent to OpenAI for processing and are not permanently stored by us. Uploaded images associated with food logs are retained until you delete your account.

3.5 Apple HealthKit Data

What	Weight (read and write), steps, active energy burned, distance walked/run
How	Synced via Apple HealthKit with your explicit permission
Why	Display your activity data alongside nutrition; sync weight entries between Balance and Apple Health
Retention	Displayed in-app only. Not stored on our servers. Weight values you log in Balance are stored in our database as part of your health profile.

  HealthKit Data — Special Protections

  In accordance with Apple's guidelines (5.1.3):
  HealthKit data is used solely for your personal health and fitness tracking within Balance.
HealthKit data is not used for advertising, marketing, or data mining.
HealthKit data is not shared with any third party.
HealthKit data is not stored in iCloud. All app data is stored in Supabase (see Section 4).

3.6 Contacts

What	One-way hashes (SHA-256) of phone numbers from your contacts
How	With your permission, we hash phone numbers on-device and send only the hashes to our server
Why	Friend discovery — find people you know who also use Balance
Retention	Hashes are stored until you delete your account. We never store raw phone numbers or contact names.

3.7 Barcode Scans

What	Product barcodes (EAN/UPC numbers)
How	You scan a product barcode using your camera
Why	Match scanned products to our food database for quick logging
Retention	Until you delete your account

3.8 Search Queries

What	Food search terms you type in the app
How	Automatically recorded when you search
Why	Improve search quality, identify missing foods in our database
Retention	Until you delete your account

3.9 Activity Events

What	In-app actions (e.g. screens viewed, features used, buttons tapped)
How	Automatically recorded as you use the app
Why	Understand how the app is used, identify bugs, improve features
Retention	Until you delete your account

3.10 Social Data

What	Friend connections, shared meal posts, emoji reactions, gifts
How	You create these through the app's social features
Why	Enable social features — sharing meals, motivating friends
Retention	Until you delete your account

3.11 AI Usage & Diagnostics

What	AI feature usage counts (for rate limiting), crash reports, performance data, device information
How	Automatically collected during app use
Why	Enforce fair usage limits, diagnose crashes, improve stability
Retention	AI usage logs: 30 days. Crash reports: retained by Sentry per their retention policy.

4. Third-Party Services

We use the following third-party services to operate Balance. Each processes only the data necessary for its function.

Service	Data Shared	Purpose	Privacy Policy
Supabase (EU region)	All app data (account, logs, profile, social)	Database, authentication, file storage	supabase.com/privacy
OpenAI	Meal photos, text descriptions (sent via our server-side proxy)	AI food recognition and text parsing	openai.com/privacy
Sentry	Crash reports, device info, performance metrics	Error tracking and app stability monitoring	sentry.io/privacy
Expo / EAS	Device identifiers (for update delivery)	Over-the-air app updates	expo.dev/privacy
Apple HealthKit	Health and fitness data (with your permission)	Sync weight and activity data	apple.com/privacy

AI Photo Processing — OpenAI

When you use Balance's photo recognition feature, your meal photo is sent to OpenAI's API through our secure server-side proxy. Key facts:

Photos are processed transiently — OpenAI does not retain images after processing.
We use the OpenAI API with data usage policies that do not allow your data to be used for training AI models.
Only the photo and a structured prompt are sent — no personal information (name, email, health data) is included in the request.
You can use Balance without ever using the photo feature.

5. What We Do NOT Do

We do not serve advertisements or use advertising trackers.
We do not use cookies or cross-app tracking.
We do not sell, rent, or trade your personal data to any third party.
We do not profile you for third-party marketing purposes.
We do not collect location data.
We do not collect financial or payment information.

6. Legal Basis for Processing (UK GDPR)

Basis	Data
Contract (Art. 6(1)(b))	Account data, nutrition logs, profile — necessary to provide the service you signed up for
Consent (Art. 6(1)(a))	HealthKit data, contacts access, photo recognition, social sharing — you opt in to each
Legitimate interest (Art. 6(1)(f))	Analytics events, search queries, diagnostics — improving the app and fixing bugs

7. Data Retention & Deletion

All personal data is retained for as long as your account exists. When you delete your account:

All your data is permanently and immediately deleted from our database.
This includes: profile, food logs, weight history, social connections, search history, activity events, barcode logs, AI usage logs, invite codes, and any user-contributed food data.
Deletion is performed via a cascading database operation — no manual cleanup is needed.
Crash reports in Sentry are retained separately per Sentry's own retention schedule and are not linked to your app identity after account deletion.

8. Your Rights

Under UK GDPR, you have the right to:

Access — request a copy of all data we hold about you
Rectification — correct inaccurate data (you can edit most data directly in the app)
Erasure — delete your account and all associated data
Data portability — request your data in a machine-readable format
Object — object to processing based on legitimate interest
Restrict processing — request we limit how we use your data
Withdraw consent — revoke permissions for HealthKit, contacts, camera, or social sharing at any time via your device settings or in-app toggles

How to Exercise Your Rights

Delete your account: Open Balance → Settings → Delete Account. This is immediate and permanent.
Data export or other requests: Email joshmagidson@gmail.com. We will respond within 30 days.
Withdraw specific permissions: Go to your device's Settings → Balance to manage camera, contacts, and HealthKit access.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

9. Social Features & Sharing

Balance includes optional social features. You control what is shared:

You can toggle sharing on or off for each type of content (meals, weight, streaks, macros, etc.).
A master toggle lets you disable all social sharing at once.
Shared content is visible only to your confirmed friends — never to the public.
You can remove friends at any time, which immediately revokes their access to your shared content.

10. Data Security

We take reasonable measures to protect your data:

All data is transmitted over HTTPS/TLS encryption.
Passwords are hashed — we never store or have access to your plain-text password.
Database access is controlled by Row Level Security (RLS) policies — users can only access their own data.
AI requests are proxied through a server-side function — your API keys and credentials are never exposed to the client.
Contact phone numbers are hashed on-device before transmission.

11. International Data Transfers

Our primary database is hosted by Supabase in the EU. Some data may be processed by services located outside the UK/EU (OpenAI in the US, Sentry in the US). Where this occurs, we ensure appropriate safeguards are in place, including the service providers' own data protection commitments and standard contractual clauses.

12. Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you through the app. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of Balance after changes constitutes acceptance of the updated policy.

13. Contact

Joshua Magidson
Email: joshmagidson@gmail.com

For privacy-related questions, data requests, or concerns, please email us. We aim to respond within 30 days.