Privacy Policy

This Privacy Policy explains how Burn Book (“we,” “us,” or “our”) handles information when you use our mobile and web applications and related services (the “Service”). We designed Burn Book to store most personal health and usage data on your device; we do not operate a user account server that stores your full food diary in the cloud.

1. Information we collect

1.1 Information you provide

• Profile and goals: age, sex, height, weight, activity level, weight goal, unit preferences, light/dark theme, and custom or guideline-based macro targets
• Food and intake data: foods logged, quantities, timestamps, and optional manual nutrition entries
• Pantry data: item names, quantities, units, and depletion status (Premium / trial where offered)
• Recipes: saved recipes, imported recipes, and community recipes you submit
• Body weight log: weight entries and dates you record
• Sign in with Apple (optional): an Apple user identifier used to link subscription status; Apple may provide a private relay email if you choose to share it

1.2 Information collected automatically

• Device / app data: basic technical data needed to run the app (e.g., platform type, app version where shown in settings)
• Local storage: preferences, caches (such as nutrition estimate caches), and onboarding or trial timestamps stored in your browser or on-device storage
• Subscription status: entitlement and purchase information processed by Apple and RevenueCat to unlock Premium features

1.3 Information sent to our servers

When you use features that search nutrition data, discover recipes, import recipe URLs, or request guideline calculations, the Service sends relevant requests to our backend API, such as:

• Food search queries and barcode numbers
• Recipe import URLs and ingredient lists for parsing
• Pantry item names for recipe suggestions
• Profile parameters used to compute guideline targets (age, sex, height, weight, activity, goal)
• Community recipes you choose to publish to the shared cookbook

We use these requests to return results; we do not use them to build a persistent advertising profile. Server logs may temporarily record IP address, request time, and error diagnostics for security and reliability.

2. How we use information

• Provide nutrition search, logging, pantry, recipe, and statistics features
• Calculate guideline-based calorie and macro targets you request
• Process and validate subscriptions through Apple and RevenueCat
• Improve reliability, fix bugs, and protect against abuse
• Comply with legal obligations

We do not sell your personal information.

3. Where data is stored

• On your device: most logs, pantry items, settings, and saved recipes (via local storage / on-device persistence)
• On our servers: API request handling, optional community recipe catalog, cached nutrition/recipe catalog data, and short-lived server logs
• With Apple and RevenueCat: purchase history and subscription entitlement status necessary for Premium access

4. Third-party services

We use service providers that may process limited data on our behalf:

• Apple — Sign in with Apple, App Store, in-app purchases, subscription management
• RevenueCat — subscription and entitlement management
• Nutrition data providers — e.g., USDA FoodData Central, national food composition databases, Open Food Facts (barcodes), and chain restaurant sources where available
• TheMealDB and similar sources — recipe discovery and attribution
• Hosting providers — for our API and this legal website (Cloudflare Pages)

Each third party has its own privacy policy. Apple’s privacy practices are described at apple.com/legal/privacy.

5. Apple App Store privacy labels

When submitting Burn Book to the App Store, we disclose data types collected in App Store Connect’s App Privacy section consistent with this policy, including:

• Health & fitness–related data you enter (stored primarily on device)
• Purchase and subscription information (via Apple / RevenueCat)
• Identifiers (Apple user ID when Sign in with Apple is used)
• User content (food names, recipes, pantry items sent to APIs when you use those features)

We do not use your data for third-party advertising or tracking across other companies’ apps and websites.

6. Health data

Information you enter about food, weight, and goals may be considered sensitive. Burn Book is not a HIPAA-covered entity. Do not use the Service to store information you are required to keep under specific medical privacy rules unless you accept the risks of local and API-based processing described here.

7. Children’s privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact us via Support and we will take appropriate steps to delete it.

8. Data retention and deletion

• On-device data: remains until you delete it or uninstall the app / clear site data in your browser
• Server logs: retained for a limited period for operations and security, then deleted or aggregated
• Community recipes: may remain in the shared catalog until removed by us or a future removal process
• Subscriptions: managed by Apple; deleting the app does not cancel an active subscription

To delete local data, remove the app or clear browser storage for the site. For subscription cancellation, use Apple’s subscription settings.

9. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or export personal information.

• Access / correction: most data is editable in Settings or within the app
• Deletion: uninstall the app or clear local storage; contact us for server-side concerns
• California (CCPA/CPRA): we do not sell personal information; California residents may request information about our practices via Support
• EEA / UK (GDPR): lawful bases include contract (providing the Service), legitimate interests (security, improvement), and consent where required (e.g., optional sign-in)

10. Security

We use reasonable technical and organizational measures to protect data in transit (HTTPS) and on our servers. No method of transmission or storage is 100% secure; use the Service at your own risk and keep your device secured.

11. International transfers

If you use the Service from outside the United States, your information may be processed in the United States or where our providers operate. By using the Service, you consent to such transfers where permitted by law.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page with an updated “Last updated” date. Continued use after changes constitutes acceptance where permitted by law.

13. Contact

Privacy questions or requests: Support.