Privacy Policy

1. Introduction

MacroM8 ("we", "us", or "our") operates the MacroM8 web application. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our service.

By creating an account or using MacroM8, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Full name (optional)
• Profile photo (optional)
• Authentication data (managed by Supabase Auth)

If you sign up via Google OAuth, we receive your email address and profile picture from Google. We do not access your Google contacts, calendar, or any other Google data.

2.2 Nutrition Data

When you use MacroM8, you provide:

• Nutrition goals (calorie and macro targets, goal type, date ranges)
• Meal logs (food items, quantities, meal type, date)
• Custom food entries (name, nutritional values)

This data is used solely to provide the macro tracking service and is not shared with third parties for advertising or profiling purposes.

2.3 Payment Information

Subscription payments are processed by Stripe. We do not store your credit card number, CVV, or full card details on our servers. Stripe handles all payment data in compliance with PCI DSS standards. We only store your Stripe Customer ID to manage your subscription.

2.4 Automatically Collected Data

We may automatically collect:

• Browser type and version
• Device type
• IP address (for security and abuse prevention)
• Pages visited and feature usage patterns

3. How We Use Your Information

We use your information to:

• Provide and maintain the MacroM8 service
• Calculate daily macro summaries and weekly insights
• Process subscription payments via Stripe
• Send essential service communications (password resets, account notifications)
• Improve the application based on usage patterns
• Detect and prevent fraud or abuse

We do not sell, rent, or trade your personal information to third parties. We do not use your nutrition data for advertising purposes.

4. Third-Party Services

MacroM8 relies on the following third-party services:

• Supabase — Authentication and file storage (profile photos). Data is stored in Australia (ap-southeast-2 region). See Supabase Privacy Policy.
• Stripe — Payment processing for Pro subscriptions. See Stripe Privacy Policy.
• Vercel — Application hosting and delivery. See Vercel Privacy Policy.

5. Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Supabase in the ap-southeast-2 (Sydney, Australia) region. Profile photos are stored in Supabase Storage.

We protect your data with:

• Encryption in transit (TLS/HTTPS)
• Encryption at rest (database-level encryption)
• Row-level security policies on database tables
• Secure authentication via Supabase Auth (bcrypt password hashing)
• Server-side validation on all API endpoints

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law (e.g., financial transaction records).

Custom foods are soft-deleted (marked as removed but retained for referential integrity with past meal records). They are not visible or accessible to you after deletion.

7. Your Rights

You have the right to:

• Access — Request a copy of your personal data
• Correction — Update or correct inaccurate data
• Deletion — Request deletion of your account and data
• Portability — Request your data in a machine-readable format
• Withdraw Consent — Withdraw consent for optional data processing at any time

To exercise any of these rights, contact us at support@macrom8.com.au.

8. Cookies

MacroM8 uses essential cookies for authentication session management (Supabase auth tokens) and application functionality. We do not use third-party advertising or tracking cookies.

9. Children's Privacy

MacroM8 is not intended for users under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of MacroM8 after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, contact us at:

• Email: support@macrom8.com.au