Cibario Privacy Policy

Version: 1.0 Effective date: 14 April 2026

This policy explains what personal data Cibario collects, why we collect it, how long we keep it, and the rights you have over it. It is written in plain English and should take about five minutes to read.

If anything here is unclear, email privacy@cibario.app.

1. Who we are

Cibario is an iOS app that helps you keep a photo-based food diary. You take a photo of a meal, our AI identifies the food and estimates nutrition, and the entry is saved to your personal log.

The data controller is:

Jose Colombo (sole proprietor, United Kingdom) Registered office: [TBD] Contact: privacy@cibario.app

At launch, Cibario is only available in the United Kingdom and the European Union.

2. What data we collect

We try to collect the minimum data needed to run the app. Here is the full list.

Identity and account

Your Apple user identifier (the opaque "sub" that Sign in with Apple gives us).
The email address associated with your Apple ID. This may be an Apple private-relay address if you chose to hide your real email, and that is fine with us.
A display name, if you choose to set one.

We use Sign in with Apple as the only way to log in. We never see or store a password.

Your food diary

The food log entries you create: what you ate, when, quantities, macronutrient estimates, and any notes you add.
Photos of meals that you upload, kept only for the retention window you select (see section 4).

Technical data

Your device operating-system version and the version of the Cibario app. This is used only for debugging and crash diagnosis, and is kept for 90 days.

What we do not collect

Location data.
Your contacts.
Advertising identifiers (we do not use IDFA).
Browsing history.
A list of other apps on your device.
Usage analytics of any kind.
Apple Health data, unless you explicitly choose to import it in a future version.

3. Why we collect it (lawful basis)

What	Why	Lawful basis (UK GDPR)
Apple ID, email	To create and secure your account	Contract — we need this to provide the service
Food log entries	To give you a diary that persists across sessions	Contract
Meal photos	To run AI food identification	Contract
OS and app version	Debugging and crash fixes	Legitimate interest — keeping the app working

We do not rely on consent for the processing above, because we cannot provide the core service without it. You can withdraw from all processing at any time by deleting your account (see section 7).

4. How your photos are handled

Photos are the most sensitive thing the app touches, so we treat them carefully.

When you upload a photo, it is sent over HTTPS to our backend.
The backend forwards the image to Anthropic's Claude Vision API for food identification. Anthropic is a sub-processor (see section 5).
The structured result — food name, quantity, macro estimates — is saved to your log.
The photo file itself is kept only for the retention window you pick.

Photo retention — you choose

In Settings → Photo retention you can pick: - 0 days — the photo is sent to Claude for analysis and deleted in the same request. It is never written to our disk. - 2 days (default) — kept for 48 hours, then deleted. - 7 days — kept for one week, then deleted.

A cleanup job runs every day at 04:00 UK time and deletes expired photos.

Your food log entries (the text data) are kept until you delete your account — they are not affected by photo retention.

5. Who we share data with (sub-processors)

We do not sell your data, share it with advertisers, or use it to train any AI model — ours or anyone else's.

We do rely on a small number of trusted service providers to run the app:

Sub-processor	What they see	Purpose
Apple	Sign-in events, your Apple ID, push notification tokens	Authentication
DigitalOcean (London region)	All app data — they host our server	Infrastructure
Anthropic (Claude)	Your food photos during analysis	AI food identification
Cloudflare	IP addresses and request headers	DNS, content delivery, DDoS protection

All data is held on servers in the United Kingdom. The backend database uses SQLite, stored on an encrypted DigitalOcean disk. Requests to Anthropic may be processed in the United States under standard contractual clauses.

6. How long we keep things

Data	Retention
Account identity and profile	Until you delete your account
Food log entries	Until you delete your account
Photos	0, 2, or 7 days — your choice
Device OS and app version	90 days

After account deletion, everything is hard-deleted within 30 days (see section 7).

7. Deleting your account

You can delete your account at any time from inside the app: Settings → Delete Account.

What happens: 1. You confirm the deletion and re-authenticate with Sign in with Apple. 2. Your account is immediately marked as deleted and all your sessions are logged out. 3. Within 30 days, a cleanup job hard-deletes your user record, every log entry, every photo still on disk, and every session row. 4. You will receive an email confirmation when the final deletion is complete.

The 30-day delay exists so that an accidental or coerced deletion can be reversed. After 30 days the data is gone permanently and even we cannot recover it.

8. Your rights

Under UK GDPR and EU GDPR you have the right to:

Access — export everything we hold on you as a JSON file (Settings → Export My Data).
Rectify — edit any log entry directly in the app.
Erase — delete your account, as above.
Object — ask us to stop any processing you believe is unlawful. Email privacy@cibario.app.
Portability — the JSON export is machine-readable, so you can move your diary somewhere else.
Withdraw consent — where processing is based on consent, you can withdraw it at any time.
Complain — if you think we have handled your data badly, you can complain to the UK Information Commissioner's Office (ico.org.uk) or to the data-protection authority in your EU member state.

We aim to respond to any rights request within 30 days.

9. Security

Data is encrypted in transit (HTTPS / TLS).
The server disk is encrypted at rest.
The only login mechanism is Sign in with Apple — we store no passwords.
Access to the production server is limited to the data controller and is protected by key-based authentication.

If something goes wrong

If there is a personal-data breach that presents a risk to your rights, we will notify the UK Information Commissioner's Office within 72 hours, as required by UK GDPR. If the breach presents a high risk to you personally, we will also email you directly.

10. Children

Cibario has an App Store age rating of 4+, but it is not intended for users under 13. Please do not use the app if you are under 13. If we become aware of an account belonging to a child under 13, we will delete it.

11. International transfers

All core data is stored in the United Kingdom. When photos are sent to Anthropic for analysis, they may be processed in the United States. These transfers rely on the UK's International Data Transfer Agreement and EU Standard Contractual Clauses with appropriate safeguards.

12. Changes to this policy

If we change this policy, we will: - Update the version number and effective date at the top of this page. - Show you an in-app banner the next time you open Cibario. - Email you at your registered address if the change materially affects your rights.

The previous versions are kept in our public version-control history.

13. Contact

Questions, requests, or complaints: privacy@cibario.app

Data controller: Jose Colombo, United Kingdom. Registered office: [TBD].