Privacy Policy

Last updated: July 6, 2026

1. Introduction

Trajectory Labs, LLC ("we," "us," or "our") operates the DishDecoded mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

The short version: your data is used to run the app for you. We don't sell it, we don't show ads, and we don't use your data to train AI models.

By using DishDecoded, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

Account information. When you create an account, we collect your email address, display name, and an optional profile photo. Authentication is handled through Supabase, and you can sign in with email/password, Google, or Apple (including Apple's Hide My Email).

Nutrition profile (optional). Height, weight, birth date, biological sex, activity level, and goals — used only to calculate your calorie and macro targets. You can skip all of this.

Food and meal data. The meals you log, recipes you save or import, and daily logs (including optional water, notes, and mood) are stored on our servers so your history syncs across devices and survives reinstalls.

Photos you analyze. When you use AI analysis on a photo of your food or a recipe, the image is processed to produce the result and is not stored on our servers. Profile photos you explicitly set are stored.

Recipe links. When you import a recipe from a website, the page content is processed to extract the recipe, and the structured result is cached on our servers so future imports of the same page are faster for everyone.

Notifications. If you enable push notifications, we store a push token for your device (via Firebase Cloud Messaging). Disabling notifications or uninstalling the app invalidates it.

Payment information. Subscription payments are processed by the app stores (Apple App Store, Google Play Store) and managed through RevenueCat. We receive your subscription status only — never your payment card details.

We do not currently use third-party analytics or advertising SDKs.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To analyze food descriptions and photos using AI to generate nutrition estimates
  • To import and parse recipes from URLs you provide
  • To generate your daily, weekly, and monthly nutrition recaps
  • To send transactional and account emails (e.g., welcome, password resets) via Resend — any future non-essential emails will include a working unsubscribe link
  • To send push notifications via Firebase Cloud Messaging (if you opt in)
  • To process subscription status via RevenueCat

4. AI Processing and Third-Party Services

DishDecoded uses Google's Gemini models to analyze food descriptions, photos, and recipe pages. When you use these features, the relevant text and/or image is sent to Google for processing as our service provider, governed by Google's Privacy Policy. We do not use your data to train AI models. AI nutrition estimates are informational only — they are estimates, not medical or dietary advice.

Third-Party Services We Use

  • Supabase — Authentication
  • Railway — Application servers and database hosting (United States)
  • Google Gemini — AI-powered nutrition analysis
  • Firebase Cloud Messaging — Push notifications
  • RevenueCat — Subscription management
  • Resend — Email delivery
  • Cloudflare — Image storage and delivery
  • Pexels — Stock food imagery shown for recipes without photos

Each of these services has its own privacy policy governing how they handle data. We do not sell your personal data, and we do not share it with advertisers.

5. Data Retention and Deletion

We retain your data for as long as your account is active. You can delete your account at any time from the app. Deletion is scheduled 30 days out as a grace period — signing back in within those 30 days cancels the deletion. After the grace period, your account and all associated data (meals, recipes, logs, and push tokens), including your login, are permanently deleted from our systems, except where we are required to retain information by law.

6. Data Security

Data is encrypted in transit (TLS), and access to production systems is restricted. We implement commercially reasonable technical and organizational measures to protect your personal data. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Children's Privacy

DishDecoded is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly.

8. Your Privacy Rights

For All Users

You may access, update, or delete your account information through the app. You may also contact us to request a copy of your data.

European Economic Area (GDPR)

If you are in the EEA, you have the right to access, rectify, port, and erase your data, as well as the right to restrict and object to certain processing. To exercise these rights, contact us at the email below.

California Residents (CCPA)

California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell your personal information. To exercise your rights, contact us at the email below.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Trajectory Labs, LLC
Email: support@dishdecoded.io