1. Introduction

Welcome to Intend. This Privacy Policy explains how we collect, use, and protect your personal information when using the Service. By accessing or using our Service, you consent to the collection and use of your data as outlined here.

2. Scope of this Privacy Policy

This Privacy Policy applies to the mobile application ("App"), our websites (including but not limited to Indend, our blog, and all related services, features, and content (collectively, the “Services”). This policy explains how we collect, use, and protect your personal data, as well as the rights you have concerning the information we hold about you.

3. Information We Collect

We may collect the following data:

• Personal data: name, email, phone number, age, sex, height, weight, and profile photo/avatar image.
• Geo-location data
• Health data from Apple Health, including glucose, steps, weight, workouts, and sleep phases (with your consent).
• Meal photos and scanned product labels.
• Images and videos uploaded during restaurant visits.
• Usage data: in-app interactions, preferences, and device information.

4. Payment Data

When making payments through the Service, your payment data is processed by third-party providers (such as Stripe or Apple Pay). We do not store full payment details but may receive limited information, such as transaction data and payment method type.

5. Use of Your Information

Your data helps us generate personalized nutrition recommendations, estimate meal content, and improve the app’s functionality. We don’t sell or share data for advertising purposes.

We use your data to:

• Generate personalized nutrition recommendations using AI, based on your Apple Health data, uploaded meal photos, and product label scans.
• Estimate the calorie and macronutrient content of meals.
• Suggest healthier food alternatives and provide educational content aligned with your wellness goals.
• Use OpenAI APIs to generate health insights from user-submitted images, with user consent.
• Improve overall app functionality and user experience.
• Use your data solely to provide services and insights back to you, never for advertising resale or third-party distribution.
• Communicate important updates, feature announcements, and occasional promotions.
• Analyze service usage trends, detect issues, and troubleshoot performance or bugs.
• Train and refine our algorithm to improve future recommendations and insights.

6. Cookies and Tracking Technologies

We use cookies to enhance your experience. You can manage cookie preferences via your browser.

7. Children’s Privacy

Our Service is not intended for individuals under 16. We do not knowingly collect personal information from children. If you believe we have, please contact us to remove it.

8. Data Retention

We retain your personal data for up to 3 months following account deletion, unless a longer retention period is required by law or to resolve legal disputes. Users can manually delete their data via the app. Auto-deletion of data after 6 months of inactivity. Aggregated or anonymized data may be retained for analytical purposes.

9. Data Sharing

We do not sell your data but may share it with third-party service providers for operational purposes or for legal compliance. These third parties are obligated to protect your data and comply with applicable laws.

10. Security of Your Information

We implement SSL/TLS encryption and secure data storage, though no method is completely secure.

• All data transmission is encrypted via SSL/TLS
• Role-based access control for internal data access
• Session-based authentication and expiration

11. Third-Party Services

Our platform integrates with OpenAI and Google Cloud, who process your data per their privacy policies.

12. International Data Transfers

Your data may be transferred and stored in other jurisdictions, including outside the EU or California. By using the Service, you consent to these transfers. These countries may have different data protection laws than your own country. By continuing to use our services, you consent to the transfer of your data across borders.

We ensure that any international transfers of personal data are conducted in compliance with applicable data protection laws, including the use of appropriate safeguards such as standard contractual clauses or other legal mechanisms.

13. Legal Basis for Data Processing (GDPR)

We process personal data based on:

• Consent
• Contractual necessity (e.g., service provision)
• Legitimate interests (e.g., analytics)
• Compliance with legal obligations (e.g., fraud prevention)

14. CCPA Notice

If you are a California resident, you have the right to:

• Request access to your personal data.
• Request deletion of your personal data.
• Opt-out of the sale of your personal data (if applicable)

15. HIPAA Compliance (Health Data)

We do not collect or process health data under HIPAA unless explicitly stated. If applicable, we will clarify how health information is handled.

16. Your Data Protection Rights (GDPR and CCPA)

As a California resident, you have rights under CCPA. For EEA/UK residents, you have additional GDPR rights, including access, correction, deletion, and objections to certain data processing. You can withdraw consent and opt out of marketing. For health data, we comply with HIPAA regulations if and when applicable.

17. Legal Basis for Data Processing

We process data based on consent, contract, legitimate business interests, and legal obligations.

18. Updates to Privacy Policy

We may revise this Privacy Policy, with updates posted and the effective date revised accordingly. Continued use of the Service after changes signifies your acceptance of those updates.

19. Notification of Data Breaches

In the event of a data breach affecting your personal or health data, we will notify you in accordance with applicable laws, including within 72 hours under GDPR if necessary.

20. Security Measures

We implement industry-standard security measures to protect your personal and health data. These include encryption of sensitive information (both in transit and at rest), role-based access controls, and regular security audits and monitoring. Our infrastructure is hosted on secure cloud environments that follow modern security frameworks. While we strive to maintain a high level of security, no method of electronic transmission or storage is entirely secure. Any transmission of data is at your own risk.

21. Consent for Data Collection

By using the Service, you consent to this privacy policy.

If we introduce new features or functionalities that involve additional data collection, we will notify you and seek your explicit consent before collecting any new data. You can review and manage your consent settings through the app or by contacting us at [email protected]

22. Marketing Communications

We may send promotional emails or notifications about new features and updates. You can opt out by following the unsubscribe instructions.

23. Data Accuracy

You are responsible for ensuring that your personal information is accurate and up-to-date.

24. Your Choices Regarding Your Data

You can opt out of marketing and update or delete your personal data.

25. Data Subject Requests

To exercise your rights, contact us at [email protected]

26. Transfer of Data in Case of Business Changes

In the event of a merger or acquisition, or a new related entity your information may be transferred as part of the business transaction.

27. User Responsibility

You are responsible for maintaining the confidentiality of your account credentials and notifying us if unauthorized access occurs.

28. Jurisdiction and Governing Law

This Privacy Policy is governed by the laws of Cyprus. Disputes will be resolved according to these laws.

29. Contact Us

For questions, contact us at:

INTENDUM LTD
Vasili Michailidi 9
3026 Limassol
Cyprus
Tel: +357 25262283
[email protected]

30. Complaints

If you believe your privacy rights have been violated, you can file a complaint with your local data protection authority or contact us directly.