Privacy Policy

Last modified: August 2025

Interest based advertising: to learn more about data disclosure click here

Opt-out options: DO NOT USE MY DATA

I. INTRODUCTION. REGIONAL PATTERNS (CALIFORNIA)

AIBY Inc. (“we,” “us” or “our”) takes your privacy seriously. This Privacy policy (“Privacy policy”) explains our data protection policy and describes the types of information we may process when you install and/or use “HitMeal - Nutrition Tracker“ software application for mobile devices (the “App”, “our App”), including when you access the App after purchasing a subscription on our Website.

When we refer to personal data (or personal information) we mean any information of any kind relating to a natural person who can be identified, directly or indirectly, in particular by reference to such data.

It is a natural person who can be identified directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social status.

Our Privacy policy applies to all users, and others who access the App (“Users”).

This Privacy Policy (except for Annex below - “U.S. Multistate Privacy Notice”) applies to all users of the App regardless of where they are located. The U.S. Multistate Privacy Notice included in the Annex to this Privacy Policy supplementary applies to those users who:
a) are residents of U.S. states where corresponding U.S. State Privacy Laws were enacted; and
b) fall within the scope of the U.S. Multistate Privacy Notice applicability.

For the purposes of the GDPR, we are the data controller, unless otherwise stated.

PLEASE READ THE FOLLOWING PRIVACY POLICY, FOR INFORMATION REGARDING THE WAYS YOUR PERSONAL INFORMATION MAY BE PROCESSED, CAREFULLY. WHEN YOU USE THE APP YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THESE TERMS.

IF YOU ARE A CALIFORNIA RESIDENT PLEASE READ THE FOLLOWING IMPORTANT NOTICE

Under the California Consumer Privacy Act of 2018 (CCPA) California residents shall have the right to request:

- the categories of personal information that is processed;

- the categories of sources from which personal information is obtained;

- the purpose for processing of user personal data;

- the categories of third parties with whom we may share your personal information;

- the specific pieces of personal information that we might have obtained about a particular user provided that the data provided in the request is reliable enough and allows to identify the user.

Please use the navigation links through this Privacy Policy:

PERSONAL INFORMATION

All about the categories of information, its sources and purposes of processing >>

Please mind that according to CCPA personal information does not include de-identified or aggregated consumer information.

SHARING

How your information can be shared >>

Please note that all third parties that are engaged in processing user data are service providers that use such information on the basis of agreement and pursuant to business purpose.

OPT-OUT OPTIONS

If you don’t want us to process your personal information any more please contact us through the contact form. In most cases there is no way to maintain the App’s further operating without functional data therefore you will be advised to remove the App from your device.

If you don’t want us to share device identifiers and geolocation data with service providers please check your device settings to opt out as described below >>

REQUESTS

To submit a verifiable consumer request for access, portability or deletion of personal data please contact us through the contact form. Please include in the text of your appeal the wording "Your rights to maintain confidentiality in the state of California”.

When submitting a verifiable request, you should be ready to:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include: name, address, city, state, and zip code and email address. We may use this information to surface a series of security questions to you to verify your identity. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide written authorization confirming or a power of attorney, signed by you.

• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We will not be able to respond to your request or provide you with personal information if we cannot: (i) verify your identity or authority to make the request; or (ii) confirm that the personal information relates to you. We may ask you for additional information or documents to verify your identity. We may also carry out checks, including with third party identity verification services, to verify your identity before taking any action with your personal information. This is regarded as a safeguard measure to prevent disclosure of your personal information under a fake or scum request.

We ensure that personal information provided in a verifiable consumer request will be used only to verify the requestor’s identity or authority to make the request and not for any other purpose. We will keep it for the adequate term reasonably needed for the purpose described above and delete after the purpose is fulfilled.

We try to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. Please note that we are only required to respond to two requests per customer each year.

EQUAL RIGHTS

Nothing in the way we deal with your request shall be interpreted as discrimination, which means that we will not set up different pricing or products, or different level or quality of services for you, if you choose to exercise your rights. However, in some circumstances, we may not be able to provide services if you choose to delete your personal information from our records.

SALE OF DATA

We do not sell any of your personal data to third parties.

II. INFORMATION WE PROCESS

There are several categories of information that can be processed.

Functional Information

We ask for and process the following information when you use the App. This information is necessary for the adequate performance of the contract between you and us. Without such information it is impossible to provide complete functionality of the App and perform the requested services.

-- Personal details that you voluntarily fill in form(s) by yourself in order to use the App, for example, when you choose to track your calorie intake and other parameters for your convenience (name - optional field, gender, age, height, weight, target weight, activity level).

-- Activity records related to your diet, lifestyle and personal goals (information from your food diary; calorie intake; balance of macronutrients; goals: lose weight, keep fit, gain muscle; selected meal plan: clean eating, keto, vegan, vegetarian; selected fasting plan, etc.). When you purchase a subscription on our Website, certain Survey Data (specifically age, weight, and height and other) that you provided on the Website may be automatically pre-filled in the App to streamline your onboarding process and enhance your experience.

Personal details that you provide to us as well as Activity records are stored locally on your device and will be fully erased from your device if you choose to uninstall the App. Our analytics service provider Amplitude Inc. may have access to, process and store some of users’ Personal details and certain Activity records (particularly, goals: lose weight, keep fit, gain muscle; selected meal plan: clean eating, keto, vegan, vegetarian; selected fasting plan) in anonymised and aggregated form that does not allow to identify a particular user.

– User Content (images and photos you upload to the App for the use of food recognition function). In order to provide you with a food recognition function within the App we use relevant third party services. Particularly, we share your User Content with Clarifai, Inc. - Artificial Intelligence platform that performs image processing and analysis (check Section IV to learn more about Clarifai’s privacy policy and practices). NOTE THAT IT IS STRICTLY PROHIBITED TO UPLOAD TO THE APP USER CONTENT THAT CONTAINS ANY KIND OF PERSONALLY IDENTIFIABLE INFORMATION, INCLUDING BUT NOT LIMITED TO SENSITIVE DATA. You can also find some additional rules and regulations regarding User Content in Section VI of our Terms of Use.
We use User Content exclusively for the purpose of providing you with the food recognition function and its related services. Your images are not used to identify you, for advertising, or for any other purposes not stated herein.

- Information about subscriptions and registration data. If you register within the App by choosing the option “Sign in with Apple” and activate your access to subscription/premium options or make additional purchases (such as guides or articles), the information about your email address associated with your Apple ID, date of registration, as well as your subscriptions details (inter alia, subscription title(s), start date, its duration, etc.) are collected, stored and processed. This also includes information about subscriptions purchased directly on our Website (inter alia, email address and subscription details like plan selected, subscription status, charge amount, payment date, transaction ID) which is processed to activate and manage your subscription within the App, including your possibility to cancel it in the App’s settings, grant you access to the relevant services and provide customer support related to your subscription. Note that even if you choose to delete your account within the App and/or uninstall the App, the information about your email that you previously used to register within the App as well as your subscriptions details will continue to be stored for a period of time necessary for the proper provision of services to you and for compliance with our legal obligations. In particular, the retention of the specified categories of information (email and subscription details) after deletion of your account and/or removal of the App may be necessary in order to ensure that the subscription/premium options associated with your account will continuously be functional and valid during the whole applicable intended period (even if during the applicable intended period of subscription/premium options you choose to delete your account writhing the App and then register within the App again using the same Apple ID). These provisions regarding retention of your information about subscriptions and registration data also apply to cases when access to premium options in the App was granted to you after purchasing a subscription in our other app (such as HitFit) as part of a bonus program you may participate in.
Please note that if you make the additional purchases (such as guides or articles), the email address associated with your Apple ID or any other email address you voluntarily provide will be used to send you the digital goods you have purchased. For more information about additional purchases, please refer to the ADDITIONAL PURCHASES section in our Terms of Use and End User License Agreement .

-- Contact Information (name, e-mail address, as well as any other content included in the email) which you may fill in by yourself when you contact us via email, support form. We collect, store and process it by our cloud storage provider (Amazon.com, Inc.). We use such information to respond effectively to your inquiry, fulfill your requests, send you communications that you request and perform the requested services.

Information That Is Processed Automatically

On the basis of your permission we use third-party automatic data processing technologies (advertising or analytics tools) to analyze certain information sent by your device via our App (Identity For Advertisers for iOS devices/ Advertising ID or Android ID for Android devices). Some integrated advertising or analytics tools (check Section IV to see the list of them) launch automated processing of your personal data, including profiling, which means any form of automated processing of personal data used to evaluate certain personal aspects relating to you, in particular to analyze or predict aspects concerning your personal preferences, interests, behavior, location or movements (see the list of data described below). Processing information through automatic data processing technologies starts automatically once you allow our App to track your activity. You can withdraw your permission at any time - please check opt-out options in Section VIII below.

We may process some information about your device and your user behaviour on the ground of our legitimate interest. This information falls within categories of data described above in Subsection “Information That Is Processed Automatically”, it is generally non-personal, i.e. it does not, on its own, permit direct association with any specific individual, and we may access it only in aggregated form. We use this information for improving our App and giving our users the best experience.

• Device Details. When you use a mobile device (tablet / phone / smartwatch) to access our App, some of the details about your device are reported, including “device identifiers”. Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify your mobile device (but not your personality). Device identifier enables generalized reporting or personalized content and ads by the third parties.

What data can be processed:

• Information about the device itself: type of your device, type of operating system and its version, model and manufacturer, screen size, screen density, orientation, audio volume and battery, device memory usage.
• Information about the internet connection: mobile carrier, network provider, network type, IP address, timestamp and duration of sessions, speed, browser.
• Location-related information: IP address, the country code/ region/ state/ city associated with your SIM card or your device, language setting, time zone, neighboring commercial points of interest (eg. “coffee shop”).
• Other device identifiers: e.g. user identifiers (if they are set up by the App’s developer).


• Information about the applications. Name, API key (identifier for application), version, properties of our App can be reported for automated processing and analysis. Some services also record the list of applications and/or processes which are installed or run on your device.
• Cookies and similar technologies. When you use the App, cookies and similar technologies may be used (pixels, web beacons, scripts). A cookie is a text file containing small amounts of information which is downloaded to your device when you access the App. The text file is then sent back to the server each time you use the App. This enables us to operate the App more effectively. For example, we will know how many users access specific areas or features within our App and which links or ads they clicked on. We use this aggregated information to understand and optimize how our App is used, improve our marketing efforts, and provide content and features that are of interest to you. We may ask advertisers or other partners to serve ads or services to the App, which may use cookies or similar technologies.
• Log file information. Log file information is automatically reported each time you make a request to access the App. It can also be provided when the App is installed on your device. When you use our App, analytics tools automatically record certain log file information, including time and date when you start and stop using the App, and how you interact with the App.
• Ad-related information. The following data might be reported about the ads you can view: the date and time a particular ad is served; a record if that ad was “clicked” or if it was shown as a “conversion” event; what the ad offer is about; what type of ad it is (e.g., text, image, or video); which ad placement is involved (where the ad offer is displayed within the App); whether you respond to the ad.
• In-App events. When you use our App, analytics tools automatically record in-App information (tutorial steps, levelling up, payments, in-app purchases, custom events, progression events, method of limiting the processing of user data).

Information provided automatically to advertising or analytics tools does not generally come to our control, therefore we cannot be responsible for processing such information. Please mind that some services are engaged in personal data profiling and may obtain information related to your personality and/or your device. In case when your user ID is linked to your account in a third-party service, such as Meta (Facebook), the service provider may use your device information in association with categorized data that were already recorded in its databases (eg. your age, gender or other demographic indication). We do not control, supervise or stand surety for how the third parties process your personal data, that might be collected by their own means. Any information request regarding the disclosure of your personal information should be directed to such third parties (see Section IV).

Payment Information

Our e-commerce providers are responsible for billing, processing and charging for in-app purchases, handle your personal information and keep it absolutely safe and secure. This information is processed as part of the performance of the contract between you and us. We cannot access or use your credit or debit card information.

You may access the applicable “in-app” purchase rules and policies directly from the app stores.

Email newsletters

When you register within the App and provide your email information by choosing the option “Sign in with Apple” or when your email address is provided to us following a subscription purchase in our Website we may use such email information to send you communications (“newsletters”) regarding special subscription offers, new features and functionalities and other news related to the App on the grounds of our legitimate interest. Sending you newsletters will allow you to stay up to date and receive the latest news about our App, including about the best price offers. Note that when you provide your email information by using “Sign in with Apple” you may choose either to share your email or to keep your personal email address private and to hide it (“Hide my email” option, if available), in the latter case Apple will generate and provide us with a unique, random email address that automatically forwards to your personal inbox. You also hereby acknowledge and accept the treatment of some categories of your personal data (i. e. the information about your name if you provide it, date of registration within the App, subscription purchase date, geolocation data, activity information, etc.) for market analysis activities, particularly for the purpose of delivering you targeted newsletters that most align with your needs and interests. The information about your email address that we’ve received may be transferred to the email marketing tool for the purposes of optimization and automation of the email delivery process (please check Section IV to learn more about the tool’s privacy policies and practices). You may also unsubscribe, opt-out of receiving communications to your email address at any time by using the resignation link provided in each email you receive from us. Your unsubscribe request shall be honored within a reasonable period of time.

Apple HealthKit Integration

We use the HealthKit framework, therefore, our App is compatible with Apple Health App and data exchange between these two apps may be enabled under certain circumstances. After obtaining your explicit consent our App can access and import some categories of health data from your Health App. For instance, once you’ve given appropriate permission, our App can read from your Health App the information about your steps taken, workouts, and active energy. In addition, our App may also write some data (for example, the information about your total water intake) to the Health App. Note that we cannot read from or write your data to the HealthKit store unless you specifically grant appropriate permission for each type of data. You can also deny our access to specific types of your Health App data, revoke your previously provided consent to data sharing between our App and Health App at any time by choosing relevant options in the settings of either our App or Health App.

We will process data imported from your Health App upon your consent solely for the purpose of providing you with the complete functionality of the App. In particular, your Health App data can be used in order to perform more accurate nutrition calculations, give you more relevant nutrition recommendations, as well as for better data visualization within our App (drawing graphs and diagrams).

Note that we do not use your Health App data obtained through the use of the HealthKit framework for advertising or similar purposes. We also do not sell information gained through HealthKit to advertising platforms, data brokers, or information resellers. Data accessed through the use of the HealthKit will not be shared with third parties (unless it is permitted by Apple documentation regarding the use of the HealthKit framework and we’ve obtained your explicit consent to such sharing).

Your device stores all HealthKit data locally. Therefore, we strongly recommend you to review applicable Apple HealthKit privacy policies and practices to clarify more details about your data storage.

III. THE PURPOSES OF PROCESSING YOUR PERSONAL DATA

Our mission is to constantly improve our App and provide you with new experiences. As part of this mission, we use your information for the following purposes:

(a) To make our service available. We use functional information and information that is  processed automatically to provide you with all requested services. This includes activating and managing subscriptions purchased on our Website within the App.

(b) To improve, test and monitor the effectiveness of our App. We use information that is processed automatically to better understand user behavior and trends, detect potential outages and technical issues, to operate, protect, improve, and optimize our App.

(c) To provide you with interest-based (behavioral) advertising or other targeted content. We may use information that is processed automatically for marketing purposes (to show ads that may be of interest to you based on your preferences). We provide personalized content and information to you, which can include online ads or other forms of marketing.

(d) To communicate with you. We use the contact information we have to communicate with you through newsletters, i.e. to send you marketing notifications, receive your feedback about our App experience, and let you know about our policies and terms. We also use your information to respond to you when you contact us.

(e) To prevent fraud and spam, to enforce the law. We really want our App to be free of spam and fraudulent content so that you feel safe and free. We may use your information to prevent, detect, and investigate fraud, security breaches, potentially prohibited or illegal activities, protect our trademarks and enforce our Terms of Use.

If any new purposes for processing your personal data arise we will let you know we start to process information on that other purpose by introducing the corresponding changes to this Privacy policy.

IV. SHARING OF YOUR INFORMATION

We will share your information with third parties only in the ways that are described in this Privacy policy. We adhere to the U.S. Digital Advertising Alliance’s Self-Regulatory Principles for the Mobile Environment.

Please note that while integrating external services we choose third parties that can assure they apply all necessary technical and organizational measures to protect user personal data. However, we cannot guarantee the security of any information transmitted from us to any such third party. We are not responsible for any accidental loss or unauthorized access to your personal data through a fault of third parties.

We will not rent or sell your personal data to any third parties, but we may share your information from tools like cookies, log files, and device identifiers and location data, with third-party organizations that provide automatic data processing technologies for the App. We do not control or influence these third parties’ tracking technologies or how they may be used.

We may also share certain information such as cookie data with third-party advertising partners. This information allows third-party ad networks, inter alia, to deliver targeted advertisements that they believe will be of most interest to you.

We may engage the following third-party service providers in order to provide us with necessary infrastructure for delivery and improvement of our services:

Entity name	Services performed	Entity location	Link to Privacy Policy
Amazon.com, Inc.	Cloud storage provider	U.S.A.	https://sell.amazon.com/privacy.html
Amplitude Inc.	Analytics service provider	U.S.A.	https://amplitude.com/privacy
AppsFlyer Inc.	Analytics service provider	U.S.A.	https://www.appsflyer.com/privacy-policy https://www.appsflyer.com/legal/services-privacy-policy
Clarifai, Inc.	Computer vision service provider (AI image processing and analysis - food items detection and identification)	U.S.A.	https://www.clarifai.com/company/privacy-policy
OpenAI, L.L.C.	Computer vision service provider (AI image processing and analysis for food item detection and identification)	U.S.A.	https://openai.com/policies/privacy-policy
Firebase Crashlytics (Google LLC)	Analytics service provider	U.S.A.	https://policies.google.com/privacy https://firebase.google.com/support/privacy
Meta Platforms, Inc.(Facebook)	Ad management service provider (using Conversions API to send user action data for ad optimization)	U.S.A.	https://www.facebook.com/privacy/explanation
Mailchimp (Intuit Inc., The RocketScience Group LLC)	Email marketing tool	U.S.A.	https://www.intuit.com/privacy/statement
Qonversion Inc.	Analytics service provider	U.S.A.	https://qonversion.io/page/privacy
Secret Industries Pty Ltd	FatSecret Platform API that enables the App to access FatSecret content, information and other materials	Australia	https://www.fatsecret.com/Default.aspx?pa=priv
StackSocial, Inc.	Product discovery and native commerce platform	U.S.A.	https://www.stackcommerce.com/privacy

In case you want to learn more about the services and privacy options (including opt-out) please consult the correspondent websites and privacy policies.

Our App may contain links to third-party websites/services or you may access the App from a third-party site. We are not responsible for the privacy practices of these third-party sites or services linked to or from our App, including the information or content contained within them.

We may disclose your personal information if it is needed for objective reasons, due to the public interest or in other unforeseen circumstances:

- as required by law;

- when we believe, in good faith, that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;

- if we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via prominent notice in our App of any change in ownership or your personal information usage, as well as any choices you may have regarding your personal information.

V. INTERNATIONAL DATA TRANSFERS

We work in the cross-border area and provide our App to our Users around the world.

We and third-party organizations that provide automatic data processing technologies for the App or our third-party advertising partners may transfer the automatically processed information across borders and from your country or jurisdiction to other countries or jurisdictions around the world.

If you are located in the European Union or other regions with laws governing data processing that may differ from U.S. law, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as in your jurisdiction.

This means that your personal information can be transferred to a third country, a territory or one or more specified sectors within that third country, or to the international organization where data protection and confidentiality regulations may not provide the same level of protection of a personal data as your country does.

We try to make sure that the recipient of any personal data provides a proper protection of the personal data received, in accordance with the current legislation on the protection of such information. By using the App, you agree that we may transfer your personal data to any third country, a territory or one or more specified sectors within that third country, or to the international organization.

For the purposes of data storage, we recourse to the services of the hosting organizations. We take your privacy seriously and, therefore, encrypt your personal data - if possible - before sending it to the hosting organizations for the purposes of its storage. Please note that we cooperate only with those hosting organizations that have passed our security and reliability check.

In particular, we recourse to the services of Advanced Hosters B.V. and Adapty Tech Inc. that have adopted technical and organizational measures to protect your personal data against unauthorized/unlawful processing and accidental loss, destruction or other damage (please refer to the Privacy Policy links in Section IV and the Data Processing Agreement with our service provider, available at https://adapty.io/data-processing-agreement).

VI. HOW LONG WE USE YOUR PERSONAL DATA

We generally retain your personal information for as long as is necessary for performing the functional service of the App and to comply with our legal obligations. Some categories of your information (i. e. information about subscriptions and registration data) may be retained even after deletion of your account and/or removal of the App from your device. If you no longer want us to use your information that we physically access and store, you can request that we erase your personal information.

The information you provided on the Website's quiz (such as gender, weight, age, and height) will be stored and used in the App for the duration of your active subscription purchased on the Website. If you do not subscribe or make a purchase after completing the quiz, this information will be deleted immediately from our records.

However, some data may still be stored for a certain time period (but no longer than the storage purpose requires) if information is necessary to comply with legal obligation (taxation, accounting, audit) or in order to maintain safety and data backup settings, prevent fraud or other malicious acts.

VII. EXERCISING YOUR RIGHTS

Applicable data protection laws give you certain rights regarding your personal information. You have the following options in relation to your personal information that was collected:

• Data Access and Portability. You can request copies of your personal information.
• Change or Correct Data. Where you cannot update data by yourself through your account, you have the right to ask to correct, change, update or rectify your data.
• Data Retention and Deletion. The user data is generally retained for as long as your user profile is in existence or as it is needed to provide the relevant services. However, specific retention times can vary based on context of the processing performed. You have the right to ask to delete all or some of the personal data that is held about you.
• Restriction of Processing. Under certain circumstances, you may have the right to limit the ways in which your personal information is used.

Applicable data protection laws give you the following rights regarding your personal information:

• The Right to Know (also referred to as the Right to Access). You have the right to obtain a confirmation as to whether or not personal data concerning you is being processed. Additionally, you can request a copy of personal data we hold about you and additional details on how such data is processed.
• The Right to Data Portability. You are entitled to request your personal information in a portable, structured and machine-readible format that makes it easier to reuse such information or transfer it directly to another service, move it wherever you want.
• The Right to Correct Inaccuracies (also referred to as the Right to Rectification). Where you cannot update your data by yourself through your account (if available) or the App settings, you can ask us to correct, change, complete or rectify your data.
• The Right to Data Deletion (also referred to as the Right to Erasure or the Right to Be Forgotten). You have the right to request the deletion of all or some pieces of your personal data we process. In this regard you should bear in mind that applicable data protection laws may provide exceptions to the Right to Data Deletion, which means that under certain circumstances we may need to keep some pieces of your data to comply with legal obligations, detect fraud, exercising or defence of legal claims, for other legal reasons. Therefore, upon receiving your verified request, we’ll delete your personal data and direct our service providers to do the same unless a legal exception applies.
• The Right to Restriction of Processing. Under certain circumstances, you may have the right to limit the ways in which your personal information is processed. These specific circumstances are addressed in data protection laws that may apply to you. For example, you can ask for restriction of data processing in the case of disputed accuracy: if you believe that the personal data we hold about you is inaccurate, you can request a restriction of processing while we verify its accuracy.
• The Right to Object to Processing of Personal Data. When your personal information is processed automatically with the involvement of third party service providers, you may object to such processing in some circumstances. Additionally, when your personal information is processed for direct marketing purposes, you may ask to cease processing your data for these direct marketing purposes. In order to exercise your right to object please submit us the corresponding request. You may also contact the third party service providers listed in the Section IV of this Privacy Policy to learn how you can object to their processing of your data. Most of them have clear instructions on their privacy pages, functional API or other options.

To exercise any of the rights described above, you can contact us through contact form. Please bear in mind that we ensure the above mentioned rights only with respect to the information that we physically access and store.

When your personal information is processed automatically you may object to such processing in some circumstances. Where your personal information is processed for direct marketing purposes, you may ask to cease processing your data for these direct marketing purposes. In order to exercise your right please contact the third party services listed in the Section IV of this Privacy Policy to learn how you can object to processing your data. Most of them have clear instructions on their privacy pages, functional API or other options.

If you are located in the European Union, you may address our representative when you have questions on privacy issues:

Konrad Gutowski, privacy @ aiby.com.

VIII. HOW TO OPT OUT

Opt-out of marketing tracking

If you don’t want third-party service providers to use the personalized ads on the basis of your interests please follow the instructions below:

• Choose option "Limit Ad Tracking" on your iOS device in Settings/ Privacy/ Advertising, please find additional information here: https://support.apple.com/en-us/HT202074;
• Choose option “Opt out of Ad Personalization” on your Android device in Settings/ Google/ Ads.

You can also visit https://youradchoices.com for the same purpose.

Please mind when you opt out of certain interest based advertising, you may still continue to receive contextual ads based on other non-personal information, such as ads related to the content of other digital products you are using.

Opt-out of Location Data Processing

If you don’t want third-party service providers to use your precise location data, or street-level location information about you please follow the instructions below:

• iOS 11 or later: turn Location Services off for the applicable Product via the menu “Settings > Privacy > Location Services”. Then select the applicable App and set the “Share My Location” status to “Never”. Please see additional information here: https://support.apple.com/en-us/HT203033.
• Android 5.0 or later: turn Location off for the applicable Product via the menu “Settings > Apps > [applicable Product] > Permissions > Location”. Then turn off the “Location” button.

Advertising Industry Opt Out Tools

You may also limit the collection of cross-app data for interest-based ads and exercise your right to opt out using the following Advertising Industry Opt Out Tools:

• Digital Advertising Alliance: https://optout.aboutads.info
• European Interactive Digital Advertising Alliance (EDAA) https://youronlinechoices.eu;
• Network Advertising Initiative: https://optout.networkadvertising.org

If you do not wish for the information you provide when answering questions in the Website's quiz to be used for personalizing our in-App services, you may replace this information with alternative information in the App’s settings, or contact us via the “Contact Us” form available on the Website.

For newsletters and other communications you receive via email: If you subscribe to newsletters, you may unsubscribe, opt-out of receiving newsletters to your email address by using the resignation link provided in each email you receive from us. Your unsubscribe request shall be honored within a reasonable period of time. Even if you unsubscribe from newsletters, we may still use your email address to send you some necessary information related to the HitMeal Calorie & Food Tracker App and/or the Website functioning.

IX. SECURITY

The security of your personal information is highly important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it.

We take reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal information.

We implement appropriate technical and organizational measures, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing. We seek your personal data to be encrypted with proper and strong encryption algorithms, including hashing where possible.

Unfortunately, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We do our best to protect your personal data, nevertheless, we cannot guarantee its absolute security. In the event that your personal information is compromised as a breach of security, we will promptly notify you in compliance with applicable law.

If you have any questions about the security of our App, you can contact us through the contact form displayed below.

X. CHILDREN’S PRIVACY

Our App is not intended for children under the age of 18. Therefore, we do not knowingly collect or solicit any personal information from children under 18. No one under age 18 may provide any personal information to the App. If you are under 18, do not use or provide any information on this App or through any of its features. Do not provide any information about yourself, including your email address. If we learn that we have collected personal information from a child under age 18 without verification of parental consent, we will erase that information as quickly as possible. If you believe that we might have any information from or about a child under 18, please contact us.

XI. CHANGES TO THE PRIVACY POLICY

This Privacy policy is updated regularly.

Whenever we change this Privacy policy, we will post those changes to this Privacy policy and other places that we consider appropriate. Additional forms of notice of modifications or updates as appropriate under the circumstances may be provided to you.

XII. HOW TO CONTACT US

If you have any questions about this Privacy policy, please feel free to contact us via support form.

Copyright © 2019-2025 AIBY Inc.

Annex to Privacy Policy

U.S. Multistate Privacy Notice

INTRODUCTION. THE SCOPE OF APPLICATION

This U.S. Multistate Privacy Notice (“Notice”) supplements the information contained in Privacy Policy and may apply to individual residents of the U.S. states (“Covered U.S. Individual Residents”) that have enacted comprehensive data privacy laws including but not limited to California Consumer Privacy Act of 2018 (CCPA) as amended by California Privacy Rights Act of 2020 (CPRA), Texas Data Privacy and Security Act of 2023 (TDPSA), Virginia Consumer Data Protection Act of 2021 (VCDPA), Colorado Privacy Act of 2021 (CPA), Connecticut Data Privacy Act of 2022 (CTDPA) and others (collectively referred to as “U.S. State Privacy Laws” and separately as “U.S. State Privacy Law”). Notice addresses specific requirements common to U.S. State Privacy Laws and outlines additional information on the rights of Covered U.S. Individual Residents. It also describes how we collect, use, disclose and protect your personal information in compliance with these U.S. State Privacy Laws.

Applicability. Please note that if you are a user of our App and a resident of one of the U.S. states where the corresponding U.S. State Privacy Law was enacted, you’ll be regarded a Covered U.S. Individual Resident and this Notice shall apply to you only if the processing of your personal data in connection with your use of the App falls within the scope of such U.S. State Privacy Law. Please refer to the corresponding U.S. State Privacy Law for further details. If you are still unsure whether this Notice is applicable to you, please do not hesitate to contact us and we will spare no effort to assist you.

The correlation between Privacy Policy and Notice. This Notice does not replace and cannot be used interchangeably with Privacy Policy. On the contrary, Notice serves as a supplemental part of Privacy Policy for Covered U.S. Individual Residents.

The concept of personal data under U.S. State Privacy Laws. Applying Notice, you should also bear in mind that it pertains only to the processing of personal data which is understood as information linked or reasonably linkable to an identified or identifiable individual. Generally U.S. State Privacy Laws do not apply to the processing of de-identified, aggregated data or publicly available information, as these categories fall outside the scope of personal data.

THE CATEGORIES OF PERSONAL DATA PROCESSED. PURPOSES OF PROCESSING

Detailed information about the categories of personal data that may be processed when you use the App is contained in Section II of Privacy Policy >>

To learn about the purposes of personal data processing please review Section III of Privacy Policy >>

SHARING OF PERSONAL INFORMATION WITH SERVICE PROVIDERS (PROCESSORS). CLARIFICATIONS ON ISSUES OF DATA SELLING

U.S. State Privacy Laws require us to provide you with information about who we share your personal data with and for what purposes. You can find comprehensive data in this regard in Section IV of Privacy Policy >>. The legal entities indicated in Section IV of our Privacy Policy act as our “service providers” or “processors” within the meaning of U.S. State Privacy Laws and process your information on our behalf for business purposes. The examples of business purposes are the following: auditing related to current interaction with users, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions; providing customer service, advertising, marketing, analytic services; detecting security incidents; debugging; provision of App services to users; improving, enhancing, upgrading the App functionality. Please refer to the table in Section IV of our Privacy Policy to learn what specific services the processors/service providers perform for the App. When we use the services of our processors/service providers and disclose your information for business purposes, we enter into corresponding written contracts with them. These contracts incorporate data processing provisions, parts, sections or annexes that require our processors/service providers not to use personal information transferred by us other than for the purpose of performing the services specified in the contracts. Additionally, the contracts with our processors/service providers specifically prohibit them from and/or do not contain permissions for selling the personal information transferred by us.

We do not “sell” you personal information for monetary gain, which means that we do not and will not disclose your personal information to third parties in direct exchange for money or some other form of payment. However, certain U.S. State Privacy Laws provide expansive definition of the term “sell”, which leads to cases where some disclosures of personal information to a third party even for non-monetary benefit of the disclosing party (“valuable consideration”) may qualify as data selling. In particular, sharing of personal information with third parties for the purposes of “interest-based advertising”/ “cross-context behavioral advertising” may constitute a sale under broad definition and interpretation of this and similar terms (“sell”/”selling”/”sold”) according to some U.S. State Privacy Laws. Even if such kind of data sharing qualifies as sale under U.S. State Privacy Law applicable to you, you’ll always have an option to opt out (see the subsection Instructions on Online Tracking Opt Out below for more details on available opt out mechanisms).

PRIVACY RIGHTS

If you are a Covered U.S. Individual Resident and this Notice applies to you, you’ll be able to exercise all user privacy rights specified in Section VII of Privacy Policy >>, particularly:

• the Right to Know (also referred to as the Right to Access);
• the Right to Data Portability;
• the Right to Correct Inaccuracies (also referred to as the Right to Rectification);
• the Right to Data Deletion (also referred to as the Right to Erasure or the Right to Be Forgotten);
• the Right to Restriction of Processing;
• the Right to Object to Processing of Personal Data.

User privacy rights listed above have similar content and exceptions in different jurisdictions. Their general meaning is addressed in Section VII of Privacy Policy. However, some minor aspects related to these rights may vary slightly from one jurisdiction/state to another, therefore, you may want to consider these differences when submitting your user privacy request.

Besides the rights referred to above, U.S. State Privacy Laws specifically mention the following additional data privacy rights you have:

The Right to Opt Out of the processing of the personal data for purposes of (a) targeted advertising, sometimes also referred to as “cross-contextual behavioral advertising” or “interest-based advertising”; (b) the “sale” or “sharing” of your personal data; (c) profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning you. The specified Right to Opt Out is exercised with due regard to the context of our interaction with you as with the user of our App and accompanying data processing activities. To learn the details on how you can exercise your Right to Opt Out, please refer to the subsection Instructions on Online Tracking Opt Out below.

The Right to Non-Discrimination. This right means that you will not receive discriminatory treatment for exercising your privacy right(s). Inter alia, we will not deny you the App services, charge different prices or rates, or provide a different level or quality of services for you if you choose to exercise your user privacy right(s).

The Right to Appeal. If we deny and refuse to take an action on your initial user privacy request, you may have the right to appeal that decision under some U.S. State Privacy Laws. See the subsection How to Appeal Initial Decision Regarding Privacy Request below for more details.

HOW TO EXERCISE YOUR PRIVACY RIGHTS

Depending on the specific user privacy right you choose to exercise, different methods may be available to you.

In particular, when appropriate technical capabilities are accessible to you within the App and/or in your device settings, some rights (e.g. the Right to Correct Inaccuracies, the Right to Data Deletion, the Right to Opt Out) can be exercised by you independently without our assistance and the need to submit us the corresponding request. For instance, in certain circumstances the App may provide you with a possibility to change, update, correct inaccuracies or delete certain pieces of your personal data via your App account settings.

Instructions on Online Tracking Opt Out.

Further, there are a number of ways you can exercise the Right to Opt Out of data processing for the purposes of activities that under U.S. State Privacy Laws may qualify as targeted advertising; “sale” (under broad interpretation) or “sharing” of personal data; profiling. Follow the instructions below to stop online tracking activities across third party apps and websites and sharing your data with third parties for personalized ads.

Blocking Advertising ID use in your mobile device settings. Your mobile device settings enable you to make choices about the collection, use or transfer of your Advertising ID to third parties for the purposes of targeted advertising and/or ad measurement. To manage your activity tracking permissions and the use of your Advertising ID, please follow the relevant instructions in Section VIII of our Privacy Policy >>

Advertising Industry Opt Out Tools. Even if you block the access to and use of your Advertising ID, you might still see personalized ads from other companies and ad networks. You have an opportunity to send your opt out request to some of such other companies and ad networks who participate in self-regulatory programs using special Advertising Industry Opt Out Tools. See Section VIII of our Privacy Policy to know which Advertising Industry Opt Out Tools you may choose to use >>

Ad and Analytics Platforms Opt Out Mechanisms. Some third party ad platforms and analytics service providers have their own privacy management tools that allow you opt out and/or make your privacy choices directly. Here there are some examples:

• Google My Ad Center
• “About Facebook Ads” page
• AppsFlyer Opt Out page

Therefore, we recommend you to check the privacy options of our service providers (processors) regularly. The up to date list of our service providers (processors) is presented in Section IV of Privacy Policy >>.

Submission of a user privacy request to exercise privacy right(s)

To exercise any user privacy right that cannot be managed by you independently, please contact us anytime through our contact form with the corresponding privacy request. When submitting your request, please include in its text the phrase “Exercising my rights to maintain confidentiality in … State”, replacing '...' with the name of the state of your residence. We will make every effort to satisfy any request you make to exercise any of your privacy rights.

AUTHENTICATION OF USER PRIVACY REQUESTS. INSTRUCTIONS ON HOW TO APPEAL OUR INITIAL DECISION REGARDING YOUR PRIVACY REQUEST

When you submit any user privacy request via our contact form in order to exercise your privacy right(s), the relevant procedure of request authentication shall be put in place. The details and rules for such authentication procedure are provided below.

We shall comply with your user privacy request only if we are able to authenticate you as the user of our App and as a Covered U.S. Individual Resident. Therefore, when submitting a verifiable user privacy request, you should be ready to:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or such person’s authorized agent, which (depending on the circumstances) may include: name, address, city, state, zip code and email address. We may use this information to surface a series of security questions to you to verify your identity. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide written authorization confirming their authority to represent your interests or a power of attorney, signed by you.

• Describe your privacy request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We will not be able to respond to your privacy request or provide you with personal information if we cannot: (i) verify your identity or authority to make the request; or (ii) confirm that the personal information relates to you. We may ask you for additional information or documents to verify your identity before taking any action with your privacy request. This is regarded as a safeguard measure to prevent disclosure of your personal information under a fake or scam request.

We ensure that personal information provided in a verifiable user privacy request will be used only to verify the requestor’s identity or authority to make the request and not for any other purpose. We will keep it for the adequate term reasonably needed for the purpose described above and delete after the purpose is fulfilled.

We try to respond to a verifiable user privacy request within forty-five (45) days of its receipt. If we require more time and it is reasonably necessary, we may extend the response period. In this case we will inform you of the reason and the applicable extension period in writing.

How to Appeal Initial Decision Regarding Privacy Request.

In cases when we have a reasonable basis, we may choose to decline to take an action regarding the user privacy request. For example, this may happen when we are unable to authenticate a request, or when the request is manifestly unfounded or fraudulent. In this particular case we’ll inform you of the justification for declining to take action within a reasonable period of time after receiving your initial request.

If we decline to take action with respect to your initial request, you may be entitled to appeal our decision under some U.S. State Privacy Laws. To do so, you will need to provide us with the missing information and explanations reasonably necessary to address your request effectively. Within the term prescribed by the applicable U.S. State Privacy Law we’ll inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for our decision.

CHANGES TO THIS NOTICE. FINAL PROVISIONS

We may update this Notice from time to time. To stay informed of updates, please review the latest published version of Notice regularly.

If you reasonably believe that certain U.S. State Privacy Law provides you with additional rights or options not outlined or referred to in this Notice, please contact us through our contact form. We will do our best to address all your concerns and reply to your request effectively.

Copyright © 2025 AIBY Inc.