Privacy Policy

Last updated: June 11, 2026

Foosma ("Foosma", "we", "us") is a mobile app by Dynaspirits Design Inc. that lets you photograph meals, get AI-generated nutrition estimates, and keep a personal map of where you ate. This policy explains what data we collect, why, and what control you have over it.

The short version: we collect only what the app needs to work — your account details, your meal photos, and where you ate. We do not run ads, we do not use advertising or analytics tracking SDKs, and we do not sell your data.

Data we collect

Account information

Email address (used to sign in and to send account-related emails such as deletion confirmation codes).
Optional profile details: name, phone number, avatar photo, city, and dietary preferences.
If you sign in with Google or Apple, we receive and store the account identifier those providers issue ("subject" ID) and the email address associated with it. We never see your Google or Apple password.
If you sign up with a password, we store only a salted cryptographic hash of it — never the password itself.

Meal content you create

Meal photos you capture or upload.
The location (latitude/longitude) where a meal was logged, if you grant location permission. Location is used to place meals on your map.
Dish names, descriptions, ratings, and reviews you write.
AI-generated analysis attached to your meals (estimated ingredients, nutrition, health score, drink pairings).

Technical and security data

When you sign in, we store the device user-agent string and IP address alongside your session's refresh token. This is used solely to detect token theft and secure your account. Sessions expire after 90 days.
IP addresses are used transiently for rate limiting (abuse prevention).
If you submit in-app feedback, we store your message together with the app version and basic device information you include.

What we do not collect

No advertising identifiers, no ad networks.
No third-party analytics or tracking SDKs.
No contacts, no background location, no health-platform data.

How we use your data

To operate the app: store your meals, render your map, and sync across sessions.
To analyze your meal photos with AI (see below) and show you nutrition estimates.
To secure accounts: session management, abuse and fraud prevention.
To send transactional email only (e.g., account-deletion confirmation codes). We do not send marketing email.

AI photo analysis (third-party processing)

When you log a meal, your meal photo is sent to OpenRouter, a third-party AI gateway, which routes it to a vision model that estimates the dish name, ingredients, and nutrition. Only the photo and a fixed analysis prompt are sent — your name, email, and location are not included. OpenRouter's handling of submitted content is described in OpenRouter's privacy policy. AI output is an estimate and is stored with your meal so you don't need to re-analyze.

Where your data is stored

Database: account and meal records are stored in our managed PostgreSQL database.
Photos: meal photos are stored on Cloudflare R2 object storage.
Email delivery: transactional emails are delivered through our email service provider.

We share data with these infrastructure providers only as needed to run the service. We do not sell or rent personal data to anyone.

Data retention

Account and meal data are kept while your account is active.
Sign-in sessions (refresh tokens, with their IP/user-agent record) expire after 90 days and expired records are purged.
Temporary data such as menu-scan sessions and unconfirmed deletion codes are automatically cleaned up by scheduled background jobs.

Deleting your account and data

You can delete your account at any time, directly in the app (Profile → Account → Delete account). To prevent accidental or malicious deletion, we email you a 6-digit confirmation code which you enter in the app. Once confirmed:

Your account record, meals, ratings, reviews, sessions, and related data are permanently deleted from our database immediately.
Your meal photos are deleted from storage; removal from storage systems and backups completes within 30 days.

Deletion is permanent and cannot be undone. See the account deletion page for full steps, including what to do if you have already uninstalled the app.

Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data. Your meals and profile are viewable and editable in the app, and deletion is available in-app as described above. For anything else, contact us at support@foosma.com and we will respond within 30 days.

Children

Foosma is not directed at children under 13 (or the minimum age in your jurisdiction), and we do not knowingly collect data from them. If you believe a child has created an account, contact us and we will delete it.

Changes to this policy

If we make material changes, we will update this page and the "last updated" date above, and where appropriate notify you in the app.

Contact

Dynaspirits Design Inc.
support@foosma.com