Privacy Policy

MacroBowl • Last Updated: June 14, 2026

This privacy policy governs your use of the software application MacroBowl ("Application") for mobile devices, which was created by Strom ("we", "us", or "our"). MacroBowl is designed as a secure, offline-first personal nutrition and weight tracking application. We value your privacy and are committed to protecting your personal data. This policy explains what information is collected, how it is used, and your rights regarding your data.

1. Summary of Core Principles

  • Offline-First: All of your weight logs, nutrition journals, and personal goals are stored locally on your device. We do not run any central servers to collect, harvest, or aggregate your personal logs.
  • No Third-Party Analytics/Ads: The Application does not contain any third-party tracking libraries, advertisements, or user analytics SDKs.
  • User-Owned Keys: For advanced AI features, you supply your own API key, which is encrypted using hardware-backed keys on your device.

2. Information We Collect and Process

A. Local Data (Stored on Your Device)

The Application stores the following data in its private internal directory:

  • Nutrition Logs: Details about the food items you consume, timestamps, and meal classifications (JSON format).
  • Weight Entries: Records of your body weight and date of measurements (JSON format).
  • Nutrient Goals: Your target nutritional intake (JSON format).
  • Recipe and Meal Photos: Cropped, downscaled, and compressed JPEG files of custom images you capture or select to represent your meals and recipes.

Note: This data is stored entirely on your device's internal private storage. It is not transmitted to us or any third-party servers under our control.

B. Device Credentials (Encrypted Local Storage)

Google Gemini API Key: If you choose to enable the AI estimation features, the Application prompts you to enter your Gemini API key. This key is encrypted using the Android KeyStore system (javax.crypto) and stored in private encrypted shared preferences. It is only sent directly to Google's API endpoints when making queries on your behalf.

C. Information Transmitted to Third-Party Services

If you use the optional AI food estimation features, the Application communicates with third-party servers:

  • Google Gemini API (Google Generative AI): When you use AI to estimate meal composition or analyze a photo of a meal, the food description, nutrition log query, or captured photo is transmitted directly to Google's Gemini servers for analysis.

This communication happens directly between your device and Google's API endpoints. The processing of this data is subject to the Google Privacy Policy.

3. Device Permissions Used

To provide its core functions, the Application may request the following permissions on your device:

  • Camera (android.permission.CAMERA): Used to capture photos of food items (for optional AI recognition), scan barcodes (for on-device lookup), and take custom pictures to represent your meals/recipes. Captured recipe photos are downscaled and saved locally in the app's secure directory. We do not collect, store, or transmit your photos to any servers under our control.
  • Internet (android.permission.INTERNET): Used to connect to Google's Generative AI servers for optional AI-powered meal estimations.
  • Notifications/Alarms: Used to schedule local reminders for logging food or weight. These are scheduled locally on your device and do not involve external servers.

4. On-Device Machine Learning

The Application uses Google ML Kit for on-device barcode scanning and text recognition. ML Kit processes camera images locally on your device and does not send image data to Google servers. Use of ML Kit is subject to Google's developer terms.

5. Data Retention and Deletion

Since all data is stored locally on your device:

  • We do not maintain any backup or copy of your data on external servers.
  • How to delete your data: You can permanently delete all of your logs, settings, and encrypted API keys at any time by clearing the Application's storage in your Android system settings or by uninstalling the Application from your device.

6. Children's Privacy

Our Application does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children. If we discover that a child has provided personal data, we will immediately delete it from the local device environment. Since we do not transmit data to external servers, no children's data is compiled or held by us.

7. Compliance with Regional Laws (GDPR & CCPA)

Because the Application operates locally and does not collect or transmit personal data to the developer, we comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) by design:

  • Right to Access/Portability: Your data is stored on your device in standard JSON files.
  • Right to Erasure: You have total control to delete all data by uninstalling the app.
  • No Sale of Data: We do not collect, share, or sell any of your information.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

9. Contact Us

If you have any questions or suggestions about this Privacy Policy, do not hesitate to contact us at: