Privacy Policy

Effective: 2026-05-02

TL;DR. Macroline is a macro and calorie tracker. We collect what's needed to make the app work — your email, foods you log, goals you set — and process payment info via Stripe. We don't sell your data, run ads, or use your meal logs to train AI models. You can delete your account any time by emailing info@macroline.app.

This policy describes how Macroline ("we", "us", "our", or "Macroline") collects, uses, and shares information about you when you use the Macroline iOS app or visit macroline.app (together, the "Service"). Macroline is operated by Michael Calvert, an individual doing business as Macroline ("Operator"). In this policy, "we" refers to the Operator.

1. Information we collect

You give us

Account information. Email address and a password you create. Passwords are hashed with bcrypt and never stored in readable form.
Diary entries. Foods you log, the quantity, optional meal type (breakfast/lunch/dinner/snack), the timestamp, and any optional notes.
Body and goal data. Calorie and macronutrient targets you set, weight entries you log (if any), display name, and timezone.
Custom foods. Foods you add to your private library that aren't in our public database.
Free-text descriptions. When you use the "Describe meal" feature, the text you submit is sent to our AI provider (Anthropic) for parsing into structured items. The text is not used by Anthropic to train models (per the API terms in effect at the time of this policy).
Customer support communications. If you email us, we keep the message to respond.

Generated automatically

Authentication metadata. Session refresh-token hashes, the user-agent string from your device, and the IP address of the request, recorded when you sign in or refresh a session. Used to detect compromised sessions.
Subscription state. Your current tier (Free or Pro), and identifiers from our payment processors (Stripe customer ID, Apple original transaction ID) used to associate your subscription with your account.
Usage events. Counts of feature use (e.g., "describe meal" call, "barcode scan" call) timestamped per user, used to enforce free-tier quotas. We do not record the content of those events beyond a feature label.
Server logs. Standard request logs (URL, status code, timing) retained for up to 30 days for debugging and security.

What we do NOT collect

HealthKit data, unless you explicitly enable HealthKit sync in a future version of the app.
Location.
Contacts, calendar, or other on-device personal data.
Photos beyond images you take or pick inside the app for food scanning.
Advertising identifiers (IDFA). We do not run advertising.
Cross-app or cross-site tracking data.

2. How we use information

Operate the Service. Authenticate you, store your diary, calculate daily macro/calorie totals, send transactional emails (signup confirmation, password reset).
Personalize. Apply your goals to dashboards and summaries.
Improve the Service. Aggregated, non-identifying analysis of which features get used. We do not use your individual diary content to train AI models.
Communicate. Send service updates, security notices, and replies to your support requests.
Detect and prevent abuse. Block fraudulent signups, payment fraud, and unauthorized access.
Legal compliance. Respond to lawful requests, enforce our Terms.

3. Who we share information with

We share data with the following service providers strictly to operate Macroline. We do not sell your personal information to anyone.

Service	What it processes	Why
Stripe	Payment card data, billing email	Process web subscription payments
Apple	In-app purchase receipt	Process iOS subscriptions
Anthropic	Meal-description text you submit	Parse natural language into structured food items
Resend	Email address, message body	Send signup confirmation, password reset, account notifications
Neon	All structured data described above	Database hosting
Fly.io	Server logs, in-memory request data	Application hosting
Cloudflare	DNS records, edge cache, marketing site requests	Domain DNS, CDN, marketing site hosting, email routing
Upstash	Background-job metadata	Job queue for the food-research worker

Each of these vendors has its own privacy policy. We've selected vendors that have public policies and recognized data-protection practices.

We may also disclose information when required by law (subpoena, court order), to enforce our Terms, or to protect the rights, property, or safety of Macroline or others.

4. Where data is stored

Macroline's primary infrastructure is hosted in the United States (Neon Postgres in AWS US-East, Fly.io in IAD region, Upstash US-East). If you access the Service from outside the United States, your information will be transferred to and processed in the US. By using Macroline, you consent to this transfer.

Email and DNS routing pass through Cloudflare's global network. Cloudflare may temporarily process data through edge locations near you for performance.

5. How long we keep data

Active account data — kept as long as your account is active.
Server logs — up to 30 days.
Deleted account data — fully removed within 30 days of deletion request, except where we are legally required to retain certain financial records (Stripe subscription history is retained per Stripe's policy).
Backups — Neon takes daily automatic backups retained for 7 days. Deleted records may persist in those backups for up to 7 days after deletion.

6. Your rights

You have the right to:

Access the data we have about you. Most of it is visible in the app (Settings, Diary). For a complete export, email us.
Correct any inaccuracies. Edit goals, weight, food entries directly in the app.
Delete your account. Email info@macroline.app with the subject "Delete my data" from the email address tied to your account. We will delete your account, diary, weight history, custom foods, and subscription records within 30 days.
Export your data. Pro users can export their full diary as CSV from the app. Free users can request a JSON export by emailing us.
Withdraw consent for processing where consent is the basis (e.g., describing a meal sends text to Anthropic — you can simply not use that feature).
Object to certain processing or request portability where required by your local law.

For California residents (CCPA/CPRA)

You have the right to know what categories of personal information we collect, to delete your information, to correct inaccurate information, and to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising. To exercise any right, email info@macroline.app. We will not discriminate against you for exercising any CCPA right.

For EU/UK/EEA residents (GDPR)

Our legal bases for processing are: (a) contract — to provide the Service you requested; (b) legitimate interests — to keep the Service secure and improve it; (c) consent — for optional features like meal description text submission to Anthropic; (d) legal obligation — to comply with applicable law. You may lodge a complaint with your local data protection authority. The Operator does not currently appoint an EU representative as we operate below the threshold requiring one; this may change as we grow.

7. Security

Passwords are hashed with bcrypt. All connections to the Service are over HTTPS/TLS. Subscription payment data does not touch our servers — it is handled by Stripe and Apple. Database access is authenticated and role-restricted. We use industry-standard security practices but no system is perfectly secure; if you believe your account has been compromised, contact us immediately at info@macroline.app.

8. Children's privacy

Macroline is intended for users 13 years of age or older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, contact us at info@macroline.app and we will delete the account.

Health note for younger users and their guardians. Calorie and macro tracking can intersect with eating disorders. If you or someone you care about is struggling with food or body image, please consider reaching out to a qualified professional. The National Eating Disorders Association helpline (US) is available at 1-800-931-2237.

9. Cookies and similar technologies

The Macroline iOS app does not use cookies. The marketing site (macroline.app) uses minimal analytics provided by Cloudflare Pages, which counts page views without setting tracking cookies or collecting personally identifiable information. We do not use third-party advertising or social-media tracking pixels.

10. Changes to this policy

We may update this policy as Macroline evolves. The "Effective" date at the top reflects the current version. For material changes, we will notify you by email or by an in-app notice at least 7 days before the change takes effect. Continued use after the effective date constitutes acceptance.

11. Contact

Questions or requests: info@macroline.app