Privacy Policy

# Privacy Policy Last updated: April 2026 ## Introduction LBN ("we", "our", or "us") is a nutrition and fitness tracking application operated by the LBN team. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices you have. By using LBN you agree to this policy. Contact: [email protected] ## Data We Collect - **Account information:** username, email address, password (hashed with bcrypt), and optional profile photo. - **Health and fitness data:** date of birth, sex, height, weight history, dietary preferences, calorie and macronutrient logs, water and caffeine intake, alcohol units, workouts, fasting windows, and fitness goals. - **Usage data:** food logs, barcode scans, recipe saves, feature interactions, ad engagement metrics, and crash diagnostics. - **Device information:** device model, operating system version, language, time zone, and anonymised identifiers used for analytics and crash reporting. - **Purchase history:** in-app purchase records via Google Play Billing (Android) and Stripe (web). ## Permissions and How They Are Used LBN requests certain device permissions so that specific features can work. Permissions are only used for the purposes described below and are requested at the point the feature is used. - **Camera (android.permission.CAMERA):** used to scan product barcodes, capture meal photos for the AI meal scan feature, take progress photos, and set a profile picture. Photos you capture are stored on your device and, where you choose to upload them (for example progress photos or profile picture), are uploaded to our secure Cloudflare R2 storage and associated with your account. - **Microphone (android.permission.RECORD_AUDIO):** used only for the optional voice search feature when logging food. Audio is streamed to the device's on-device speech-to-text engine and is not recorded or uploaded to our servers. - **Location (ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION):** used only when you choose GPS-based step tracking mode. Location is read while the feature is active to calculate distance and steps. We do not store raw GPS coordinates after the session ends; only the aggregated step and distance totals are saved. - **Activity recognition (ACTIVITY_RECOGNITION):** used by the on-device step counter to read step counts from the Android pedometer. - **Health Connect (READ_STEPS, READ_WEIGHT, READ_HEART_RATE, READ_ACTIVE_CALORIES_BURNED, READ_EXERCISE):** with your explicit opt-in, we read step counts, weight entries, heart rate, active calories, and exercise sessions from Android Health Connect so your existing data is reflected in LBN. We do not write data back to Health Connect without your consent. - **Bluetooth (BLUETOOTH_SCAN, BLUETOOTH_CONNECT):** used to connect to supported Bluetooth smart scales so weight readings can be transferred to LBN. Scans are performed only when you initiate a scale pairing. - **Notifications (POST_NOTIFICATIONS), exact alarms, boot-completed, full-screen intent:** used to deliver reminders (meals, water, workouts, streaks) and to reliably fire scheduled local notifications. You can disable notifications at any time in system settings. - **Internet and vibrate:** required for syncing data with our servers and for standard UI feedback. ## Photos and Media - Photos you capture via the camera (meal photos, progress photos, profile pictures) are stored on your device first. - Profile pictures and progress photos you choose to save are uploaded to our secure Cloudflare R2 storage and are linked to your account so they can sync across devices. - AI meal-scan photos are sent to our backend for analysis; we do not retain the image after the analysis completes. - You can delete any uploaded photo from within the app at any time. ## How We Use Your Data - Provide and personalise nutrition and fitness tracking. - Calculate calorie, macro, and hydration summaries and your progress toward goals. - Deliver reminders, streak notifications, and progress alerts. - Process in-app purchases and manage your subscription status. - Display advertisements to free-tier users via Google AdMob (Premium users see no ads). - Improve stability and diagnose crashes via Firebase Crashlytics. - Respond to support requests. We do not sell your personal data. Health and fitness data is never used for advertising. ## Data Sharing We share data only with the following processors, each bound by its own privacy policy: - **Google** (Firebase Analytics, Crashlytics, AdMob, Play Billing, Health Connect) — analytics, crash reporting, advertising (free-tier only), payment processing, and Health Connect integration. - **Stripe** — web payment processing. - **Cloudflare** — hosting, D1 database, R2 object storage, and Turnstile bot protection. We may disclose information if required by law or to protect our rights and the safety of users. ## Data Storage and Security - All data is transmitted over TLS (HTTPS). - Account passwords are hashed with bcrypt; we cannot read or recover your password. - Data is stored on Cloudflare infrastructure within the EU / UK where possible. ## Data Retention We retain your account data for as long as your account is active. If you delete your account, all personal data is permanently removed within 30 days. Anonymised, aggregated usage statistics may be retained indefinitely. ## Your Rights Depending on your location, you may have the right to: - Access the personal data we hold about you - Correct inaccurate data - Request deletion of your data ("right to be forgotten") - Object to or restrict processing of your data - Data portability You can delete your account and all associated data at any time from Settings → Account → Delete Account, or by emailing [email protected]. ## Children LBN is not directed at children under 13. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it. ## Changes to This Policy We may update this policy from time to time. Significant changes will be announced in-app or by email. Continued use of LBN after changes constitutes acceptance. ## Contact For privacy questions or data requests, email [email protected].