Privacy Policy
Taybo ("we", "our", or "the app") is a calorie and nutrition tracking app for iOS. This privacy policy explains what data we collect, how we use it, and your rights regarding your information.
1. Data We Collect
Data You Provide
- Profile information — gender, birth date, height, weight, activity level, and nutrition goals (calorie, protein, carbs, fat, fiber, water targets)
- Food log entries — foods logged, portion sizes, meal assignments, and timestamps
- Custom foods and recipes — nutrition data you manually enter
- AI chat messages — text you type into the AI assistant (processed only when you send a message)
- Account credentials — Apple Sign-In token (managed by Apple)
Data Collected Automatically
- HealthKit data (opt-in) — active calories burned, basal energy burned, step count, exercise minutes, and body weight. This data is read-only; Taybo never writes to HealthKit. See Section 5 for details.
- Barcode scans — UPC/EAN codes scanned using your device camera, used solely to look up food nutrition information.
Data We Do NOT Collect
- Device identifiers or advertising IDs
- Location data
- Contacts, photos, or other personal files
- Analytics, crash reports, or telemetry (no third-party analytics SDKs are used)
- Browsing history or app usage tracking
2. How We Use Your Data
All data you provide is used exclusively to deliver the app's core functionality:
| Data | Purpose |
|---|---|
| Profile information | Calculate calorie/macro goals and display personalized targets |
| Food log entries | Track daily nutrition intake and display progress |
| Custom foods & recipes | Allow you to quickly log foods you eat regularly |
| AI chat messages | Send to OpenAI (via our proxy) to parse food descriptions and generate suggestions |
| HealthKit data | Display calories burned, steps, exercise, and weight on your dashboard |
| Barcode scans | Look up product nutrition data from the Open Food Facts database |
We do not use your data for advertising, profiling, or any purpose unrelated to the features listed above.
3. Where Your Data Is Stored
On Your Device (Primary)
All food logs, profile data, custom foods, recipes, achievements, and settings are stored locally on your device using SwiftData. The app functions fully offline.
iCloud (Optional)
If you sign in with Apple, your data is synced across your devices via Apple's private CloudKit database. This data is:
- Stored in your personal iCloud account
- Encrypted in transit and at rest by Apple
- Not accessible to us or any third party
- Deleted when you delete your account (see Section 7)
Keychain
The following are stored securely in the iOS Keychain:
- Apple Sign-In credentials
- App Attest key (used for API request verification)
4. Third-Party Services
Taybo uses a minimal set of third-party services. We do not embed any third-party analytics, advertising, or tracking SDKs.
OpenAI (via Cloudflare Workers Proxy)
When you use the AI chat assistant, your message is sent through our Cloudflare Workers proxy to OpenAI's API for processing.
- What is sent: Your chat message text, plus optional context you explicitly enable (see Section 6)
- What is NOT sent: Your name, Apple ID, device identifiers, or any data beyond what you type and opt into sharing
- Data retention: We do not store your chat messages on our proxy server. Refer to OpenAI's data usage policy for their retention practices.
- Certificate pinning: All requests to the proxy use TLS certificate pinning for transport security.
Open Food Facts
When you scan a barcode, the UPC/EAN code is sent to the Open Food Facts API to retrieve product nutrition data. Open Food Facts is a free, open, collaborative database. No personal information is sent with these requests.
Apple CloudKit
If you sign in with Apple, iCloud sync uses Apple's private CloudKit database. Your data is stored in your personal iCloud container and is not accessible to us. See Apple's iCloud security overview.
5. HealthKit
Taybo requests read-only access to the following HealthKit data types:
- Active energy burned (calories)
- Basal energy burned (resting calories)
- Step count
- Exercise minutes
- Body weight
Important details:
- HealthKit access is entirely optional and requires your explicit permission
- Taybo never writes data to HealthKit
- HealthKit data is only used to display health metrics on your dashboard
- HealthKit data is never sent to any server, third party, or external service
- HealthKit data is never used for advertising or shared with third parties
- In compliance with Apple's HealthKit guidelines, HealthKit data is not stored in iCloud or synced via CloudKit
6. AI Assistant Privacy Controls
The AI chat assistant has three privacy toggles, all off by default:
| Setting | What It Shares | Default |
|---|---|---|
| Share Daily Progress | Today's calorie/macro totals and remaining | Off |
| Share Nutrition Goals | Your calorie and macro targets | Off |
| Share Today's Foods | Names of foods you've logged today | Off |
When a toggle is off, that category of data is never included in AI requests. You can change these settings at any time in Settings > AI Privacy. Resetting to defaults turns all toggles off.
Without any toggles enabled, the AI assistant only receives the text you type in each message.
7. Data Deletion and Account Removal
Delete Your Account
You can delete your account and all associated data from Settings > Delete Account. This permanently removes:
- All food log entries (on this device and iCloud)
- Custom foods and recipes (everywhere)
- Your profile and settings (everywhere)
- Achievements and history (everywhere)
- All synced data on other devices
- Your Apple Sign-In token is revoked
Account deletion is irreversible.
Delete Data Without an Account
If you use the app without signing in, you can delete all local data by deleting the app from your device.
AI Privacy Settings
You can reset all AI privacy toggles to their defaults (all off) at any time in Settings > AI Privacy.
8. Data Security
- All network communication uses HTTPS with TLS
- Requests to our AI proxy use certificate pinning
- Sensitive credentials are stored in the iOS Keychain
- App Attest is used to verify the integrity of API requests
- No data is stored on our servers (the Cloudflare Workers proxy is stateless)
9. Children's Privacy
Taybo is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided data through the app, please contact us and we will delete it.
10. Changes to This Policy
We may update this privacy policy from time to time. Changes will be reflected in the "Last Updated" date above. Continued use of the app after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this privacy policy or your data, contact us at:
Email: support@taybo.app
Summary
- Your data is stored locally on your device and optionally in your private iCloud account
- No analytics, advertising, or tracking SDKs are used
- AI chat messages are processed through OpenAI only when you send them
- HealthKit data stays on your device and is never sent externally
- You can delete all your data at any time
- We never sell or share your data