🎉 50% Early Bird Discount - Limited Time Only!
    WhatTheFood

    Privacy Policy

    Last Updated: December 18, 2025

    This Privacy Policy describes how ECOMDIMES LTD ("Company," "we," "us," or "our"), the operator of What The Food (whatthefood.io), collects, uses, and discloses your personal information when you use our website and services.

    1. Data Controller

    The data controller responsible for your personal information is:

    ECOMDIMES LTD182-184 High Street North
    London, UK

    As a company registered in the United Kingdom, we are committed to protecting your personal data and your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

    2. Information We Collect

    We collect information that identifies, relates to, describes, or is capable of being associated with you ("Personal Data").

    A. Information You Provide to Us

    CategoryData PointsPurpose of CollectionLegal Basis (UK GDPR)
    Account DataEmail addressTo create and manage your free or premium account, and to send occasional promotions and updates.Performance of a contract; Legitimate Interests (marketing).
    Optional Profile DataName, Country, Age, Height, Weight, Health GoalsTo provide the "Personalized health context" feature and improve the accuracy of the nutrition analysis.Consent (provided by voluntarily entering the data).
    User ContentFood photos uploaded for scanning, Scan history, Meal plans, Widget configurations.To provide the core service, save user progress, and enable the customizable widget feature.Performance of a contract.
    Payment DataBilling address, payment method details (handled by our payment processor).To process subscription payments for Premium accounts.Performance of a contract.

    B. Information Collected Automatically

    When you use our service, we automatically collect certain information:

    • Usage Data: Information about how you access and use the service, such as your IP address, browser type, operating system, pages viewed, and the time and date of your visit.
    • Analytics Data: Data collected via third-party analytics tools (Umami, Google Analytics) to understand site traffic, user behavior, and service performance.
    • Tracking Data: Data collected via Google Search Console to monitor traffic and performance from search engines.

    3. How We Use Your Information

    We use the collected information for the following purposes:

    1. To Provide and Maintain the Service: To operate the "What The Food" AI scanner, process food photos, and deliver nutrition analysis results.
    2. To Personalize the Service: To use optional profile data (age, weight, goals) to provide a more relevant and personalized health context with each scan.
    3. To Process Transactions: To manage your Premium subscription and process recurring payments via our payment gateway, Stripe.
    4. To Provide Customer Support: To respond to your inquiries and provide support via our Tawk.to widget.
    5. For Advertising (Free Users): To display personalized advertisements via TinyAdz to users on the Free tier, which is a core part of our freemium monetization model. Premium users receive an ad-free experience.
    6. For Marketing and Communications: To send you occasional promotions, updates, and news about the service, based on our legitimate interest in promoting our business. You can opt-out of these communications at any time.
    7. For Analytics and Improvement: To monitor and analyze usage and activity trends to improve the functionality and user experience of our service.

    4. Sharing and Disclosure of Your Information

    We do not misuse or sell your Personal Data. We only share your information with the following third parties as necessary to operate our business:

    Third Party ServicePurposeData SharedStorage Location
    StripePayment processing and recurring billing.Payment details, billing address, subscription status.Global (adheres to strict security standards).
    Tawk.toCustomer support and live chat widget.Email, chat content, IP address.Global (adheres to data protection laws).
    TinyAdzPersonalized advertising for Free users.Usage data, IP address, device information (for ad targeting).Global.
    Umami, Google Analytics, Google Search ConsoleWebsite analytics, traffic monitoring, and performance tracking.Usage data, IP address, browser information.Global.
    SupabaseDatabase hosting and storage of all user and service data.All collected data (Email, Optional Profile Data, User Content).Stored in accordance with UK law.

    We may also disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, or protect the personal safety of users of the service or the public.

    5. Data Storage and Security

    Your data is stored on our own database hosted by Supabase. We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption and access controls.

    While we strive to use commercially acceptable means to protect your Personal Data, no method of transmission over the Internet or method of electronic storage is 100% secure.

    6. Your Data Protection Rights (UK GDPR)

    Under UK GDPR, you have the right to:

    • The right to access: You have the right to request copies of your Personal Data.
    • The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
    • The right to erasure (Right to be Forgotten): You have the right to request that we erase your Personal Data, under certain conditions.
    • The right to restrict processing: You have the right to request that we restrict the processing of your Personal Data, under certain conditions.
    • The right to object to processing: You have the right to object to our processing of your Personal Data, under certain conditions, particularly for direct marketing.
    • The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

    If you make a request, we have one month to respond to you. To exercise any of these rights, please contact us using the details provided in Section 1.

    7. Children's Privacy

    Our service is not intended for use by children under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

    8. Changes to This Privacy Policy

    We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

    Contact Us

    If you have any questions about this Privacy Policy, please contact us at the address provided in Section 1.