Privacy Policy

MacroSight is a nutrition tracker built so the developer can never see what you eat. This document is the full accounting of what data exists, where it lives, and what leaves your device.

1. Information we collect

The app handles four categories of data:

• Diet & Nutrition — food entries you log, including name, brand, serving size, macronutrients, micronutrients, meal type, time, and any notes you attach.
• Photos — photos of meals or nutrition labels that you choose to attach to entries.
• Health & Fitness (Apple Health / HealthKit) — opt-in integration; nothing happens unless you explicitly grant permission. With your permission MacroSight reads body mass, body mass index, body-fat percentage, lean body mass, dietary energy, dietary protein, dietary carbohydrates, and dietary fat from Apple Health. With your permission MacroSight writes dietary energy, protein, carbohydrates, fat, fiber, sugar, sodium, saturated fat, cholesterol, calcium, iron, potassium, vitamin C, vitamin D, and body mass to Apple Health. You choose which of these categories to share in the system permission sheet, and can revoke any of them at any time in iOS Settings → Health → Data Access & Devices → MacroSight. Health data never leaves your device by way of MacroSight.
• App Settings — display preferences (units, photo quality, AI provider choice, your Anthropic API key if you provide one).

That's everything. We do not collect: names, email addresses, phone numbers, location, contacts, advertising identifiers, device fingerprints, crash analytics tied to a user, or any third-party SDK telemetry.

2. Where your data lives

• Diet, photos, and weight entries are stored in your private CloudKit database — i.e. your iCloud account. Apple operates this storage; the developer of MacroSight cannot read or query it. CloudKit treats this data the same way it treats your iCloud Photos.
• Your AI API key is stored on-device in the iOS Keychain and, if you use more than one device, synced between them via iCloud Keychain, which is end-to-end encrypted — meaning not even Apple can read it. It is accessible only to MacroSight itself.
• Other app settings (units, photo quality, AI-provider choice, and similar display preferences) are stored locally on each device. None of these contain personal information.
• Health data is stored in Apple Health. MacroSight reads/writes it only with your explicit permission, granted in Settings → Health.

3. What leaves your device

• AI Estimate — when you tap "AI Estimate" on a meal photo, the photo and a short prompt are sent to Anthropic's Claude API. Per Anthropic's API policy, inputs are not used to train their models. You can disable AI estimation entirely by removing your API key, or opt to use Apple's on-device Foundation Model (no network) instead.
• Catalog search (USDA / Open Food Facts) — when you search for a food or scan a barcode, the query is sent to a Vercel proxy that forwards it to USDA FoodData Central or directly to Open Food Facts. These requests contain only the search term or barcode. They do not contain a user identifier, account info, or anything that could associate the lookup with you.
• Vitalis sync (optional) — if you have the developer's other app, Vitalis, installed on the same iCloud account and you leave "Sync with Vitalis" enabled in Settings (you can turn it off at any time), today's nutrition is written to a shared iCloud Key-Value namespace so Vitalis can display and correlate it. This includes your daily macro totals and goals and a list of today's individual meals — each meal's name, time, and macros (photos are never included). This stays within your own iCloud account and never leaves Apple's servers; note that iCloud Key-Value storage is encrypted in transit and at rest under Apple-managed keys, rather than end-to-end encrypted like the Keychain. Turning the toggle off stops these writes.
• iCloud sync (CloudKit) — your diet entries are mirrored between your Apple devices via Apple's CloudKit. They never touch any developer-owned server.

That's the complete list of network endpoints MacroSight contacts.

4. Tracking and advertising

MacroSight does not track you. No analytics SDKs (Firebase, Mixpanel, Amplitude, etc.), no advertising SDKs, no third-party fingerprinting libraries, no attribution networks. The app does not request the App Tracking Transparency permission because it has nothing to track.

5. Children

MacroSight is rated 4+ in the App Store. It does not knowingly collect data about anyone, including children, because it does not collect data at all beyond what's needed to run the app on your own device.

6. Your rights and how to exercise them

• See everything we have on you: Settings → Data → Export. Produces a CSV of every food entry, supplement, weight, and water log.
• Delete everything:
  • In-app: Settings → Data → Clear all data (wipes the local store and the matching CloudKit records).
  • iCloud-side cleanup: iOS Settings → Apple ID → iCloud → Manage Storage → MacroSight → Delete Data.
  • Removing the app deletes the local copy.
• Stop AI estimation: delete your Anthropic API key in Settings → AI Provider, or disable the on-device toggle.
• Stop Health integration: revoke any category in iOS Settings → Health → Data Access & Devices → MacroSight.

You don't need to email anyone or open a ticket — every operation above is available directly in the app or in iOS Settings.

7. Data retention

MacroSight does not retain anything on its own servers because it does not have any. Your data persists in your iCloud account until you delete it. Anthropic and the USDA may log API requests according to their own policies; those policies are linked below.

• Anthropic API privacy
• USDA FoodData Central terms
• Open Food Facts terms of use

8. Security

• All network requests use HTTPS with the system default Transport Security Settings (no exceptions, no certificate pinning bypass).
• Your Anthropic API key is stored in the iOS Keychain, which uses hardware-backed encryption.
• The app contains no embedded secrets — third-party API keys live on a server the developer controls (or in your own Keychain in the case of Anthropic).
• The food-search proxy and this website send a strict set of HTTP security headers (HSTS, Content-Security-Policy, and frame/MIME protections) on every response, and the food-search service accepts requests only over an authenticated, rotatable channel. None of these requests carry a user identifier.

9. Changes to this policy

If this policy materially changes, we'll bump the "Last updated" date at the top and surface the change in the app on next launch.

10. Attributions

• USDA FoodData Central — nutrition data and barcode lookups for US-marketed products. Public-domain US Government work; no licence required, attribution provided as best practice. See fdc.nal.usda.gov.
• Open Food Facts — international barcode and product database, used as a fallback when USDA returns no result. Licensed under the Open Database License (ODbL) v1.0; we credit Open Food Facts wherever its data is shown to comply with that licence. See world.openfoodfacts.org.
• Anthropic Claude API — powers AI-based nutrition estimation when you supply your own API key. See Anthropic's privacy policy.
• Apple HealthKit — device-side framework for the Apple Health integration described above. Apple, Apple Health, and HealthKit are trademarks of Apple Inc.

11. Contact

Questions, complaints, or requests: support@macrosightapp.com