Privacy Policy – Solc AI

Effective: 10 July 2026 · Last updated: 10 July 2026

Google API Services User Data Disclosure

To comply with the Google API Services User Data Policy, we clearly disclose our data practices regarding Google user data:

  • Data Accessed: Our application accesses your Google account name (display name), Google email address, and Google user ID via OAuth 2.0.
  • Data Usage: This data is used solely for authentication, secure account creation, and identifying your user account within our system. We do not use Google user data for marketing, advertising, or any third-party profiling.
  • Data Sharing: Your Google data is shared only with Google Firebase (Authentication provider) and RevenueCat (Subscription management). No other third parties receive your Google user data.
  • Data Storage & Protection: Data is stored in Firebase Firestore (encrypted at rest) and transmitted via HTTPS/TLS encryption. Access is restricted to authenticated requests only.
  • Data Retention & Deletion: Data is retained until account deletion. Users can delete their account in-app (Settings → Delete Account) or by contacting support.solcai@gmail.com. All data is permanently deleted within 30 days of the request.

1. Introduction and scope

This Privacy Policy ("Policy") describes how we collect, use, store, share, and protect personal data when you use the Solc AI mobile application, any related web interfaces, and the backend systems that operate the service (together, the "Service"). Solc AI is an AI-powered calorie and nutrition tracker that estimates the nutritional content of food from photos, barcodes, and menus.

By using the Service, you acknowledge that your personal data will be processed as described in this Policy, unless applicable law requires otherwise.

2. Data controller

The data controller is the provider of Solc AI. As we operate as an independent developer entity, you may contact us directly for any privacy concerns.

Privacy contact email: support.solcai@gmail.com

3. Legal framework

If you are in the European Economic Area (including Hungary), the General Data Protection Regulation (EU) 2016/679 ("GDPR") and national laws (e.g. Hungarian Act CXII of 2011 on informational self-determination) apply.

This Policy explains: what data we process; why and on what legal basis; how long we keep it; who we share it with; your rights; and how to exercise them.

4. Categories of personal data (overview)

Depending on how you use the Service, we may process:

  • Account & identity data: Email address, unique user ID, display name (username) provided by you or your auth provider.
  • Authentication data: OAuth identifiers and secure tokens from Google or Apple, or an email/password credential managed by Firebase Authentication.
  • Profile & health-related inputs: Gender, age, height, current and target weight, activity level, and dietary goals you enter during onboarding or in Settings.
  • Nutrition & activity data: Logged meals (food names, calories, protein, carbohydrates, fat, portion sizes, meal type, date), water intake, weight logs, favorites, and daily nutrition goals.
  • Image & media data: Photos of food, menus, or product packaging that you capture or upload for AI analysis.
  • Product lookup data: Barcode numbers you scan, which may be sent to a public food database to retrieve product nutrition information.
  • Technical & log data: IP address, device model, OS version, app version, crash logs, and (if enabled) push notification tokens.

5. Purposes and legal bases (GDPR Article 6)

5.1. Performance of Contract (Art. 6(1)(b)). We process your data to provide the core services you signed up for: analyzing food photos, barcodes, and menus to estimate nutritional values; calculating personalized calorie and macronutrient goals from your profile; logging your meals, water, and weight; synchronizing your data across devices; and displaying your progress and statistics.

5.2. Legitimate interests (Art. 6(1)(f)). We process technical logs to ensure the security of our infrastructure, prevent fraudulent or abusive use of AI resources, and perform basic analytics to improve app performance and reliability.

5.3. Consent (Art. 6(1)(a)). We rely on your explicit consent when you grant the app permission to use your Camera, access your Photo Library, or send you Push Notifications. You can withdraw these permissions at any time in your device settings.

5.4. Legal obligation (Art. 6(1)(c)). We may process data to comply with tax laws regarding subscriptions or to respond to valid legal requests from authorities.

6. Special categories of data

Solc AI does not intentionally collect "sensitive" data within the meaning of GDPR Article 9. The profile inputs used to calculate your goals (such as weight, height, and age) are treated as ordinary personal data used solely to provide the tracking functionality. If you choose to enter notes about allergies, medical diets, or health conditions, you provide this data voluntarily, and we process it only to display it back to you within your account. Please avoid entering sensitive information you do not wish to store.

7. Automated decision-making and profiling

Our AI features provide estimates and suggestions (for example, recognizing that a photo shows an apple and estimating its calories, or recommending the healthiest dish on a menu). These are technical suggestions that you can review and edit before saving. They do not constitute automated decision-making producing legal or similarly significant effects under GDPR Article 22.

8. Processors and third-party services

We use the following specialized providers to operate the app:

  • Google Firebase – cloud hosting, Firestore database, and user authentication.
  • Google Gemini AI – analyzes your food, menu, and packaging images and text to estimate nutritional content. Images are transmitted to Gemini through our own secure backend proxy for the sole purpose of returning the analysis.
  • Railway – hosts our backend processing logic (including the AI proxy) that connects the app to the Gemini service.
  • Open Food Facts – a public food-product database queried by barcode number to retrieve packaged-product nutrition information. Only the barcode number is sent; no account or personal data is shared.
  • RevenueCat – securely manages mobile and web subscriptions.
  • Apple / Google Sign-In – allows you to sign in securely without creating a separate password.

We enter into data processing agreements with our processors where required, and they may only process your data on our instructions.

9. International transfers

Our processors (such as Google) operate globally. This means your data may be transferred to and stored in the United States or other countries. We ensure these transfers are protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure a high level of data protection.

10. Data retention

We follow the principle of storage limitation:

  • Active account data: kept as long as you have an account.
  • Logged meals, water, weight, and goals: kept until you delete them or your account is closed.
  • Uploaded images: processed for analysis and are not retained on our servers longer than necessary to return the result; the analyzed values you save are stored as text in your account, not the original photo (unless a feature explicitly states otherwise).
  • Technical logs: automatically deleted or anonymized after 30 to 90 days.
  • Account deletion: upon request, all your data is permanently purged from our active systems within 30 days.

11. Your rights (GDPR)

You have the following rights, which you can exercise at any time:

  • Right of Access: obtain a copy of your personal data.
  • Right to Rectification: ask us to correct inaccurate information.
  • Right to Erasure: request the deletion of your account and data.
  • Right to Restriction: ask us to stop processing your data temporarily.
  • Right to Data Portability: receive your logged data in a structured, commonly used format.
  • Right to Object: object to processing based on legitimate interests.
  • Right to Withdraw Consent: withdraw any consent (camera, photos, notifications) at any time.

To exercise these rights, email us at support.solcai@gmail.com. You may also delete your account directly in the app via Settings → Delete Account.

12. Security measures

We protect your data using industry-standard measures. All data in transit is encrypted via TLS/SSL. Database storage is encrypted at rest. Access to your data is restricted to authenticated requests, and we strictly limit internal access to production databases to only what is necessary for maintenance and support. API keys and credentials for AI services are held server-side and are never embedded in the app.

13. Children's privacy

Solc AI is not intended for children under the age of 16. We do not knowingly collect personal data from children. If we discover that such data has been collected without appropriate consent, we will take immediate steps to delete it.

14. Cookies and local storage

On mobile devices, we use local storage to remember your session and preferences (for example, your language choice and "Remember me" sign-in) so you don't have to log in every time. On any web interface, we use only strictly necessary cookies required for the functioning of the site and subscription management.

15. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. We will notify you of any material changes by posting a notice in the app or sending an email notification. Your continued use of the app after such changes constitutes acceptance.

16. Contact and complaints

If you have questions about this Policy or our data practices, please contact us at support.solcai@gmail.com.

You also have the right to lodge a complaint with a data protection authority. In Hungary, this is the NAIH (Nemzeti Adatvédelmi és Információszabadság Hatóság, www.naih.hu).