1. Introduction
Welcome to Mepe Khai ("we," "our," "us," or the "App"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information.
This Privacy Policy explains what information we collect, how we use it, how we protect it, your rights and choices, and how to contact us.
By using Mepe Khai, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Information You Provide Directly
Account Information
- Email address (required for account creation)
- Full name
- Password (encrypted, never stored in plain text)
Health & Fitness Profile
- Age and date of birth
- Gender
- Height and current weight
- Goal weight
- Activity level (sedentary → extremely active)
- Fitness goals (lose weight, maintain, gain muscle, improve health)
Dietary & Nutrition Data
- Food logs (meal names, descriptions, timestamps)
- Meal photos (uploaded for AI analysis)
- Calorie and macronutrient intake (protein, carbohydrates, fats)
- Micronutrient data (sugar, sodium, fiber, potassium, cholesterol, vitamins A, C, D, calcium, iron)
- Meal times and meal types (breakfast, lunch, dinner, snacks)
- Favorite foods and meal plans
Activity & Exercise Data
- Exercise type and duration
- Calories burned (manually entered)
- Activity logs and timestamps
🍎 Apple Health Data iOS only — Optional
- Step count Read-only
- Active calories burned Read-only
This data is only accessed if you explicitly tap "Connect Apple Health" and grant permission.
We only READ from Apple Health — we never write or modify your Health data.
Revoke permission anytime: Settings → Privacy & Security → Health → Mepe Khai
Progress Tracking
- Weight logs over time
- Water intake logs
- Progress photos — stored locally on your device only, never uploaded
2.2 Information Collected Automatically
- Device Information: Device type/model, OS version, unique device identifiers
- Usage Data: Features accessed, time in app, navigation patterns
- Technical Data: Error logs, crash reports, app version
2.3 Camera and Photo Library Access
- Camera: Used exclusively to photograph meals for AI nutritional analysis
- Photo Library: Used to select existing meal photos for analysis
- You can deny access — manual entry will still be available
- Progress photos are stored only on your device and never uploaded
🚫 We do NOT collect or track your location data.
3. How We Use Your Information
3.1 Core App Functionality
- Calculate daily calorie and macronutrient targets based on your profile
- Track dietary intake against personalised goals
- Analyse meal photos using Google Gemini AI to estimate nutritional content
- Track weight changes, water intake, and generate progress charts
- Display steps and active calories from Apple Health on the Activity screen
- Calculate calorie deficit using both logged activity and Apple Health data
3.2 Notifications & Reminders
- Customisable meal time notifications
- Water intake reminders (up to 8 daily, if enabled)
- End-of-day nutrition summaries
3.3 Service Improvement
- Analyse app usage to improve features and fix bugs
- Develop new features based on user needs
📧 We do NOT send marketing emails or promotional content.
4. How We Share Your Information
4.1 Third-Party Service Providers
Supabase — Database & Authentication
Stores account info, food logs, water/weight/activity logs. Privacy Policy
Google Gemini AI — Food Photo Analysis
Receives meal photos temporarily for analysis. Photos are NOT permanently stored by Google. Privacy Policy
Expo Platform — App Framework & Notifications
Device tokens for push notifications, crash reports, anonymous usage stats. Privacy Policy
4.2 What We Do NOT Share
✅ We do NOT sell your personal information
✅ We do NOT rent or trade your data
✅ We do NOT share data with advertisers
✅ Your progress photos never leave your device
✅ Apple Health data never leaves your device
5. Data Security
Encryption: All data in transit is encrypted via HTTPS/TLS. Data at rest is encrypted in the database. Passwords are hashed using bcrypt.
Access Controls: Row-level security ensures users can only access their own data.
Data Retention: Data is retained while your account is active. Upon account deletion, all personal data is permanently and immediately deleted.
6. Your Rights and Choices
6.1 Access, Correction & Deletion
- View and edit all your data within the app
- Delete your account from Settings → Danger Zone — all data is permanently deleted immediately
- Export your data from the Progress screen (CSV/PDF)
6.2 Notification Controls
- Enable/disable push notifications in app Settings
- Customise or disable meal and water reminders
6.3 Apple Health Access
- Revoke HealthKit access at any time: Settings → Privacy & Security → Health → Mepe Khai
- The app continues to work fully without Apple Health access
6.4 Camera & Photo Access
- Revoke camera and photo library access in device Settings at any time
- Manual food entry remains available without camera access
7. Children's Privacy
Mepe Khai is intended for users aged 13 and older. We do not knowingly collect information from children under 13. If you believe your child has provided us with personal information, contact us at ksami933@gmail.com and we will delete it promptly.
8. International Data Transfers
Your information may be stored and processed in countries outside your residence. We ensure appropriate safeguards are in place and all data transfers comply with applicable laws. All data is encrypted in transit and at rest.
9. California Privacy Rights (CCPA)
California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do NOT sell personal information. To exercise your rights, email ksami933@gmail.com. We respond within 45 days.
10. European Privacy Rights (GDPR)
EEA users have the right to access, rectify, erase, restrict, port, and object to processing of their personal data. To exercise these rights, contact ksami933@gmail.com. We respond within 30 days.
Legal basis for processing: Consent (account creation), Contract (service provision), Legitimate Interests (security and app improvement).
11. Changes to This Privacy Policy
We may update this policy to reflect changes in our practices, legal requirements, or new features. We will update the "Last Updated" date and notify users of material changes via push notification or email.
Data Processing Summary
| Data Type |
Purpose |
Storage |
Third Parties |
| Account Info | Authentication | Supabase Cloud | Supabase |
| Food Logs | Nutrition Tracking | Supabase Cloud | Supabase |
| Meal Photos | AI Analysis | Temporary only | Google Gemini |
| Weight Logs | Progress Tracking | Supabase Cloud | Supabase |
| Water Logs | Hydration Tracking | Supabase Cloud | Supabase |
| Apple Health (Steps/Calories) | Activity Tracking | Your Device Only | None |
| Progress Photos | Visual Progress | Your Device Only | None |
| Device Tokens | Push Notifications | Expo Servers | Expo |
| Usage Analytics | App Improvement | Anonymised | None |