Privacy Policy

1. Information We Collect

Personal information

• WhatsApp phone number
• Name(s) and family profiles (e.g. parent and child profiles)

Food and routine data

• Meal descriptions or photos shared with Yummbak
• Eating routines and meal timing

Health and symptom data

• GI symptoms (type, severity, timing) when self-reported by the user
• Bowel movements (Bristol Stool Scale type, timing) when self-reported
• Weight, height, or growth measurements (only if voluntarily provided)
• Health goals or context the user chooses to share

Conversation data

• Messages exchanged with Yummbak, used to maintain context and memory across sessions

2. How We Use Your Information

We use your information solely to:

• Track meals and eating routines
• Remember preferences and family profiles
• Generate personalised summaries and gentle reminders
• Help you and your family build consistent, low-stress eating habits

We do not:

• Sell your data
• Use your data for advertising
• Share your data with third parties for marketing purposes

3. Legal Basis & Consent

By initiating or continuing a conversation with Yummbak on WhatsApp, you consent to the collection and processing of your personal data as described in this policy. You may withdraw consent or request deletion at any time.

4. Children's Data

• Children's data is collected only with parental involvement and consent
• We do not use children's data for advertising, profiling, or external sharing
• Children's data is handled with heightened care and restricted access

5. Data Storage & Security

• Stored securely in a Supabase database with encryption at rest
• Protected using Row-Level Security (RLS) — no user can access another user's data
• Transmitted over encrypted HTTPS connections only
• Access to production data is restricted to authorised personnel only

6. Data Retention & Deletion

• We retain personal data only for as long as necessary to provide the service
• You can request deletion at any time by messaging “delete my data” to Yummbak or emailing us
• Upon request, all personal data and associated profiles are removed within a reasonable timeframe

7. Third-Party Services

• WhatsApp Cloud API (Meta) — message delivery. Messages between you and Yummbak are end-to-end encrypted in transit. Meta may collect message metadata (such as timestamps and frequency of messages) per their own privacy policy. Be aware that if you have iCloud or Google Drive backups enabled for WhatsApp, your message history may be backed up to those services. You can disable WhatsApp backups in your phone settings.
• Google Gemini (paid API) — used to identify foods from photos and structure conversational logs. We use the paid Gemini API under Google's Data Processing Agreement. Your data is not used by Google to train or improve their AI models. AI processing is observational only — Yummbak surfaces data and patterns; clinical interpretation remains with your dietitian or healthcare professional.
• Supabase — secure data storage
• NZ Food Composition Database (FOODfiles 2024) — NZ food reference data, provided by Plant & Food Research and the New Zealand Ministry of Health. Data is used unaltered and subject to the NZFCD Terms of Use. No personal data is shared.
• USDA FoodData Central — food reference data (no personal data shared)

8. For Practitioners

If you are a registered dietitian, nutritionist, or health professional using Yummbak with clients:

• Practitioners using the Yummbak practitioner dashboard can view structured client data only after the client has explicitly consented to share that data with their named practitioner
• Clients can withdraw consent and revoke practitioner access at any time
• Yummbak's infrastructure is designed to comply with the NZ Health Information Privacy Code 2020, including Rules 5 (secure storage) and 8–11 (secure disclosure)
• Data is stored in Supabase with encryption at rest and Row-Level Security enforced at the database level
• Practitioner access events are logged for auditability
• For questions about clinical data handling, contact us at pranav@yummbak.com

9. Cross-Border Data Processing

Your data is stored in Supabase's ap-southeast-2 region (Oceania, Sydney, Australia). AI processing via Google Gemini may occur on Google infrastructure outside Australia and New Zealand under Google's Data Processing Agreement; we do not retain prompts or responses outside our Sydney database. This approach is consistent with the NZ Privacy Act 2020 and the Health Information Privacy Code 2020.

10. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate information
• Request deletion of your data
• Withdraw consent at any time

To exercise these rights, contact us at pranav@yummbak.com or message Yummbak directly on WhatsApp.

11. Health & Nutrition Disclaimer

Yummbak is an AI-powered food and symptom tracking tool. It is not a substitute for professional medical advice, diagnosis, or treatment.

• Always consult a qualified healthcare professional or registered dietitian before making changes to your diet
• Do not rely on Yummbak for medical decisions, especially for children's growth and weight management
• Nutritional estimates are approximate and may not account for individual health conditions

12. Changes to This Policy

We may update this policy as Yummbak evolves. Significant changes will be communicated clearly.