INTAKE — Nutrition & Health Tracker

Privacy Policy

Last updated: April 20, 2026

Medical disclaimer: INTAKE is not a medical device and does not diagnose, treat, cure, or prevent any medical condition. It is a nutrition and health tracking tool for personal use only. Always consult a qualified healthcare professional before making changes to your diet, medication, or exercise routine.

1. Introduction

INTAKE — Nutrition & Health Tracker ("INTAKE", "the App", "we", "us", "our") is a clinical-grade nutrition and health tracking application developed and operated by Rarity, a sole proprietorship registered in Slovenia, European Union.

Website: track-intake.com
Contact: rarity.ai.media@gmail.com

This Privacy Policy explains what personal data we collect, how we use it, which third-party services we rely on, and what rights you have under the General Data Protection Regulation (GDPR).

2. Data We Collect

Account data

Email address (used for authentication)
Password (hashed — never stored in plaintext)
Display name (optional)

Health & nutrition data

Food logs — meals, ingredients, calories, macros, micronutrients
Water and hydration intake
Weight measurements
Workout and exercise logs (type, duration, calories, heart rate if provided)
Fasting sessions — start/end times, protocol type
Supplement and medication logs — names, dosages, schedules
Nutrition targets and diet protocol selections

Device & usage data

Device type, OS version, browser type (standard HTTP headers)
App usage patterns — pages visited, features used
Crash reports and error logs
Firebase Cloud Messaging (FCM) push token for notification delivery

Camera & media data (only when you initiate)

Food photos — processed for nutritional analysis by AI services. Not permanently stored after analysis.
Voice recordings — processed for speech-to-text transcription. Not permanently stored after transcription.

Third-party connections (optional, user-initiated)

Strava fitness data — workout sync, only if you connect your Strava account

3. How We Use Your Data

Provide core functionality — tracking, analysis, AI food recognition
Generate personalised nutrition insights and meal suggestions
Display your progress over time — charts, trends, weekly summaries
Deliver push notifications — medication reminders, hydration nudges, daily log prompts
Send account-related emails — sign-in confirmation, password reset
Improve app quality and fix bugs

We do not use your data for advertising. We do not sell your data to any third party.

4. Third-Party Services

INTAKE relies on the following third-party services. Each receives only the data required to perform its function. None receive your data for advertising purposes.

Supabase — Privacy policy →

Database and authentication — stores your account and health data

Vercel — Privacy policy →

Web hosting — serves the INTAKE web app

Google Cloud Platform — Privacy policy →

Cloud Vision API (food photo analysis) and Cloud Speech-to-Text (voice logging) — processes camera images and voice recordings

Google Gemini AI — Privacy policy →

Generates personalised meal insights and suggestions

Firebase Cloud Messaging — Privacy policy →

Push notification delivery to your device

Anthropic (Claude API) — Privacy policy →

Advanced food recognition from photos

Strava — Privacy policy →

Optional — receives/sends workout data only if you connect your account

Resend — Privacy policy →

Transactional email delivery (sign-in, password reset)

5. Data Storage & Security

Data stored in Supabase — cloud infrastructure with EU-available regions
All data transmitted over HTTPS/TLS encryption
Passwords hashed using bcrypt via Supabase Auth — never stored in plaintext
Row Level Security (RLS) enabled on all database tables — you can only access your own data
Raw camera images and voice recordings are not stored on our servers after processing

6. Data Retention & Deletion

We retain your data for as long as your account is active
You can delete individual entries — meals, workouts, weight logs, etc. — at any time within the app
You can request full account deletion by emailing rarity.ai.media@gmail.com
Upon account deletion, all associated data is permanently removed within 30 days
Encrypted backup copies may persist for up to 90 days before automatic purging

For step-by-step instructions on how to delete your account, visit our Account Deletion page →

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

Access — request a copy of your personal data
Rectification — correct inaccurate data
Erasure — request deletion of your data ("right to be forgotten")
Data portability — receive your data in a machine-readable format
Restriction — request restricted processing of your data
Objection — object to data processing
Withdraw consent — withdraw consent at any time

To exercise any of these rights, email rarity.ai.media@gmail.com. We will respond within 30 days.

Legal basis for processing (GDPR Article 6)

Consent — you create an account and use the app
Legitimate interest — improving app quality and security
Contract performance — providing the service you signed up for

8. Children's Privacy

INTAKE is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with data, please contact rarity.ai.media@gmail.com.

9. Changes to This Policy

We may update this policy from time to time
Changes will be posted on this page with an updated "Last updated" date
For material changes, we will notify users via in-app notification or email
Continued use of INTAKE after changes constitutes acceptance of the updated policy

10. Contact

For privacy-related questions, data requests, or concerns:

Rarity

Sole proprietor, Slovenia, EU

rarity.ai.media@gmail.com

track-intake.com

Want to delete your account? Visit our Account Deletion page →

INTAKE · Rarity · 2026