Intercept
Back to home

Privacy Policy

Last updated: July 6, 2026

1. Introduction

Intercept ("we", "our" or "app") values the privacy of our users. This Privacy Policy describes how we collect, use, store and protect your personal information when you use our health and wellness application.

By using Intercept, you agree to the collection and use of information in accordance with this policy. This policy complies with applicable data protection regulations including the General Data Protection Regulation (GDPR), the Brazilian General Data Protection Law (LGPD — Lei nº 13.709/2018), and the California Consumer Privacy Act (CCPA).

2. Data We Collect

We collect the following types of data to provide and improve our services:

2.1 Health & Biometric Data

  • Food and nutrition records (manual entry, photo analysis, API lookups)
  • Body weight, body fat percentage, and body measurements
  • Hydration and caffeine intake data
  • Exercise and workout records (including via Apple Health, Google Health Connect, Strava, and Fitbit integrations)
  • Sleep patterns, heart rate, heart rate variability (HRV), and resting heart rate (via health platform integrations)
  • Body composition data (manually entered or imported from health platforms) including weight, body fat, muscle mass, water percentage
  • Menstrual-cycle symptom check-ins, if you turn on cycle tracking (optional; e.g. period days, cramps, low energy) — stored only on your device and retained on a rolling 180-day window
  • Self-declared pregnancy or postpartum status, if you enable it, used only to adapt training suggestions (optional; stored only on your device)
  • Training readiness, recovery, and energy-level indicators derived from the above (including low-energy-availability signals)
  • Food craving and impulse interception records

2.2 Behavioral & Emotional Data (Sensitive)

  • Emotional states during food impulses (e.g., sad, anxious, angry, ashamed, motivated)
  • Impulse intensity levels and outcomes (resisted or yielded)
  • Behavioral trigger patterns (time of day, day of week, emotional context)
  • Success and setback history for impulse interception
  • Daily commitments and post-setback reflections (user-written text)
  • Coach feedback ratings (thumbs up/down)
  • AI Coach weekly memory — aggregated weekly summaries (success rate, dominant emotional pattern, peak-difficulty period, narrative without personal identifiers) computed from the above; stored server-side for cross-device continuity. See Section 2.2-A.

This data is classified as sensitive personal data under GDPR Article 9 and LGPD Article 11. We process raw entries only on your device; aggregated weekly summaries are also processed server-side under the same Art. 9 / Art. 11 basis (see Section 2.2-A). Both layers require your explicit consent. Two of the most sensitive categories are handled with extra restraint and are stored ONLY on your device: (a) your eating-disorder awareness answer — if you provide one, it is never transmitted to our servers, our AI provider, or analytics, and is used solely on-device to make the app safer for you; and (b) reproductive and menstrual-cycle data — opt-in, symptom-based, never sold, and never disclosed to third parties or authorities except where strictly required by valid legal process.

2.2-A AI Coach Memory — Server-side Layer (Cross-device)

When you grant AI Coaching consent, the Service maintains a small server-side memory layer specifically for the AI coach (Ember), separate from the on-device behavioral data above. This subsection discloses exactly what is persisted, where, and how it is protected:

  • What is stored: Up to 8 weekly summaries, each containing aggregated counts (victories, setbacks, success rate), a dominant emotional pattern key, a peak-difficulty time-of-day key, an optional trigger-food string, and a narrative paragraph. Raw interception records, raw food entries, photos, and free-text reflections are NEVER sent to this layer.
  • Where it is stored: Cloudflare KV (key-value store), at edge data centers operated by Cloudflare, Inc. The KV key is namespaced solely by device identifier (no name, email, or other personal identifier appears in keys or values).
  • Retention: Automatic 90-day expiry (KV TTL) on each summary, or until you exercise your right to deletion via Settings > Data & Privacy > Delete Data, whichever occurs first.
  • PII minimization: Before any weekly summary leaves your device, the Service replaces your first name in the narrative with a neutral pronoun placeholder. The KV blob therefore contains no direct identifiers.
  • Double-consent gate: Persistence requires both (a) your local AI Coaching consent (Settings > Privacy) AND (b) a per-request HTTP header signaling that consent. A misconfigured client cannot silently persist this data.
  • Data subject rights: This layer is included in /api/data/export (Art. 18 II/V) and is erased by the deletion pipeline (Art. 18 VI). You can verify this at any time by exporting your data and inspecting the `aiMemory` category.

This layer is exclusively for cross-device continuity of the AI coach (so the same Ember context follows you between iPhone and iPad, for example). It is not used for advertising, profiling, third-party sharing, or any automated decision producing legal effects.

2.3 Usage Data

  • App interactions and feature usage history
  • Preferences and settings
  • Progress statistics and gamification data (streaks, points, levels, achievements)
  • Session duration and engagement patterns

2.4 Technical Data

  • Device type, model, and operating system version
  • Unique device identifier (used for authentication, stored securely)
  • Error and crash logs (via Sentry, with your consent)
  • App version and platform (iOS/Android)

3. How We Use Your Data

  • Provide personalized app features and AI-powered coaching
  • Generate health insights, behavioral pattern analysis, and recommendations
  • Sync data between devices and maintain your progress history
  • Improve user experience through anonymized analytics (with your consent)
  • Send relevant notifications (with your permission)
  • Perform aggregated and anonymous analysis for service improvement

3-A. Legal Basis for Processing

We process your data under the following legal bases, as required by GDPR Article 6, LGPD Article 7, and CCPA:

  • Contractual necessity (GDPR Art. 6(1)(b) / LGPD Art. 7(V)): Core app functionality — food logging, progress tracking, streak management, data synchronization, and subscription management. This processing is necessary to deliver the Service you have contracted.
  • Explicit consent (GDPR Art. 6(1)(a) + Art. 9(2)(a) / LGPD Art. 11(I)): Health and biometric data, emotional/behavioral data, reproductive and menstrual-cycle data, self-declared pregnancy or postpartum status, eating-disorder awareness answers, Apple Health/Google Health Connect integration, Strava/Fitbit integration, AI coaching personalization, and analytics/crash reporting (Mixpanel, Sentry). Each of these is optional and opt-in; you may withdraw consent at any time via Settings > Privacy.
  • Legitimate interest (GDPR Art. 6(1)(f) / LGPD Art. 7(IX)): Fraud prevention, service security, rate limiting, and essential technical logging. We have conducted a Legitimate Interest Assessment (LIA) confirming these interests do not override your fundamental rights.
  • Legal obligation (GDPR Art. 6(1)(c) / LGPD Art. 7(II)): Retention of financial transaction records as required by tax and consumer protection laws.

Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal. After withdrawal, we will cease processing the relevant data categories, though core app functionality requiring contractual processing will continue.

4. Storage and Security

Your data is stored securely:

  • Sensitive data is encrypted using AES-256
  • Secure communication via HTTPS/TLS 1.3
  • Local storage protected by Keychain (iOS) and Keystore (Android)
  • Encrypted backups on secure servers
  • Certificate pinning to prevent MITM attacks

We keep your data for as long as necessary to provide services or as required by law. You can request deletion at any time.

5. Data Sharing

We do not sell your personal data. We may share data only:

  • With essential service providers (e.g., cloud hosting)
  • When required by law or court order
  • With your explicit consent
  • In aggregated and anonymous form for research

6. Your Rights

Under data protection regulations, you have the following rights:

  • Access: Request a copy of all your data
  • Correction: Correct incorrect or outdated data
  • Deletion: Request deletion of your data
  • Portability: Receive your data in structured format
  • Revocation: Withdraw consent at any time
  • Information: Know who we share your data with
  • Objection: Object to data processing

7. Third-Party Integrations & Data Processors

Intercept integrates with the following third-party services. All integrations (except essential infrastructure) are optional and require your explicit consent:

7.1 Health Platforms (Consent-Based)

  • Apple Health (HealthKit) — Read/write health, workout, sleep, heart rate, and dietary data. Data stays on-device; processed locally.
  • Google Health Connect — Read/write activity, sleep, and body metrics on Android. Data stays on-device; processed locally.
  • Strava (OAuth 2.0) — Sync workout activities, distance, elevation, duration. OAuth tokens stored securely; client secret handled server-side only.
  • Fitbit (OAuth 2.0 PKCE) — Sync activities, sleep, steps, weight, heart rate. Tokens stored in device secure storage.
  • Bluetooth Smart Scales (BLE) & Manual Entry — Receive weight and body composition data from compatible Bluetooth Low Energy scales. Connection is local device-to-device only; data is not transmitted to third parties. Body composition can also be entered manually or imported from health platforms.

7.2 Data Processors (Infrastructure & Services)

We use the following service providers to operate the Service. Data Processing Agreements (DPAs) are in place with each processor as required by GDPR Article 28 and LGPD Article 39:

  • Cloudflare, Inc. (USA) — API hosting, CDN, database (D1), and key-value store (KV — includes the AI Coach memory namespace `ai_memory_v1`, see Section 2.2-A). Processes: device ID, synced user data, AI Coach weekly summaries (aggregated), API requests. Transfer mechanism: EU Standard Contractual Clauses (SCCs, 2021 version).
  • RevenueCat, Inc. (USA) — Subscription and in-app purchase management. Processes: user ID, product IDs, purchase tokens, entitlement status. Transfer mechanism: EU SCCs + DPA.
  • Anthropic, PBC (USA) — AI coaching via Claude API (backend proxy; no direct client connection). Processes: anonymized user context for coaching responses. Transfer mechanism: EU SCCs + DPA.
  • Sentry (Functional Software, Inc., USA) — Error tracking and crash reporting (consent-required). Processes: stack traces, device info, breadcrumbs. No PII logged. Transfer mechanism: EU SCCs. Data residency: configurable.
  • Mixpanel, Inc. (USA) — Analytics (consent-required). Processes: anonymized event data, feature usage. EU data residency endpoint used (api-eu.mixpanel.com). Transfer mechanism: EU SCCs + EU data hosting.
  • FatSecret Platform API (Australia) — Food database searches. Processes: search query strings only (no user identifiers). Requests proxied through backend.
  • Nutritionix API (USA) — Food database searches. Processes: search query strings only (no user identifiers). Requests proxied through backend.
  • OpenAI, Inc. (USA) — Fallback AI provider (if primary unavailable). Processes: anonymized user context for coaching responses (same scope as Anthropic). Transfer mechanism: EU SCCs + DPA.

Additional fitness and nutrition services (for example Hevy, Withings, MyFitnessPal, and Open Food Facts) can be connected at your option; connecting one shares the relevant data with that provider under its own privacy policy. You can disable any optional integration at any time via Settings > Integrations or Settings > Privacy. Disabling will immediately stop data sharing with that service.

8. Minors

Intercept is not intended for anyone under 18 years of age. We enforce age verification before granting access to the Service. We do not knowingly collect data from minors. If you are a parent/guardian and believe your child has provided us with personal data, please contact us immediately at [email protected]. See also Section 17 (Age Requirements by Jurisdiction) for jurisdiction-specific rules.

9. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes through the app or by email. We recommend reviewing this policy regularly.

10. Contact

To exercise your rights or ask questions about privacy:

Privacy: [email protected]

Data Protection Officer (DPO): [email protected]

11. International Data Transfer

Your data may be processed on servers located outside your country of residence. We ensure such transfers are protected by:

  • European Commission Standard Contractual Clauses
  • Adequacy certifications (where applicable)
  • Appropriate technical and organizational measures in compliance with GDPR and applicable laws

Infrastructure providers and their specific transfer safeguards:

Cloudflare, Inc. (USA) — API hosting, CDN, and KV (includes AI Coach memory `ai_memory_v1` namespace — see Section 2.2-A). Transfer: EU SCCs (2021 version) + Cloudflare DPA.

RevenueCat, Inc. (USA) — Subscription management. Transfer: EU SCCs + RevenueCat DPA.

Anthropic, PBC (USA) — AI coaching provider. Transfer: EU SCCs + Anthropic DPA. Data proxied through backend; no direct client-to-Anthropic connection.

Sentry / Functional Software, Inc. (USA) — Error monitoring (consent-required). Transfer: EU SCCs + Sentry DPA.

Mixpanel, Inc. (USA) — Analytics (consent-required). Transfer: EU SCCs + EU data residency (api-eu.mixpanel.com).

FatSecret (Australia) — Food database API. Transfer: Adequacy determination (where applicable) + contractual safeguards.

Nutritionix (USA) — Food database API. Transfer: EU SCCs + contractual safeguards.

All transfers use the European Commission's 2021 Standard Contractual Clauses (SCCs) as the primary transfer mechanism, supplemented by technical measures including encryption in transit (TLS 1.3), encryption at rest (AES-256), and access controls. We regularly assess the legal framework in recipient countries and implement supplementary measures where necessary, in accordance with the Schrems II ruling.

12. Data Retention Periods

We retain your data for the following specific periods, in accordance with the data minimization principle (GDPR Art. 5(1)(e) / LGPD Art. 16):

  • Account data: While account is active + 30 days after deletion request
  • Health and behavioral data: Retained for the entire period the account is active. After deletion request, data is permanently removed within 30 days (see deletion steps below).
  • AI Coach weekly memory (server-side, KV): 90 days from last update (automatic KV TTL), or until you exercise the right to deletion — whichever occurs first. See Section 2.2-A.
  • Financial transaction records: As required by applicable tax and consumer protection laws (typically 5 years)
  • Technical and error logs: 90 days
  • Analytics data: 2 years (anonymized after 6 months; raw identifiers deleted after 6 months)

Upon account deletion request:

  1. Immediate logical deletion (data no longer accessible to you or our systems)
  2. Physical deletion from primary databases within 7 days
  3. Physical deletion from backups within 30 days
  4. Anonymized, non-reversible aggregated data may be retained for statistical analysis

12-A. Records of Processing Activities

In compliance with GDPR Article 30 and LGPD Article 37, we maintain detailed Records of Processing Activities (ROPA) documenting all categories of data processing, their purposes, legal bases, retention periods, and security measures. This register is available for inspection by data protection authorities upon request.

13. Automated Decision-Making (GDPR Art. 22 / LGPD Art. 20)

The Service uses automated processing, including artificial intelligence and machine learning, in the following ways:

  • AI Coaching: Personalized motivational messages and behavioral insights generated by AI (Anthropic Claude). To provide continuity across your devices, the Service stores aggregated weekly summaries (success rate, dominant emotional pattern, peak-difficulty period, narrative without personal identifiers) server-side in Cloudflare KV, with an automatic 90-day retention limit (or until you exercise your right to deletion, whichever comes first). Raw interception entries never leave your device. These outputs are informational and motivational only — they do not produce legal effects or similarly significant effects on you.
  • Nutritional Analysis: AI-powered plate scanning and food log analysis to estimate calorie and macro content. These are approximate estimates, not medical assessments.
  • Behavioral Pattern Detection (on-device only): Your risk scoring runs on a local heuristic. In addition, a small on-device neural network (MiniNN, pure JavaScript running entirely on your device) trains on your own interception history once there is enough of it, and only influences your risk score after it has been validated on held-out data to predict more accurately than the heuristic baseline — otherwise the heuristic alone is used. The MiniNN model and its inputs never leave your device. This is separate from the AI Coaching memory described above, which does persist aggregated summaries server-side under explicit consent.
  • Coaching Tier System: Automated content gating based on data sufficiency (e.g., cards are only shown when enough food log entries exist). This ensures relevant, non-misleading content.
  • Engagement Intelligence: Analysis of session patterns and feature usage to optimize the user experience and detect potential churn risk.

Your rights regarding automated processing:

  • You have the right to obtain meaningful information about the logic involved in any automated processing
  • You have the right to request human review of any automated decision that significantly affects you
  • You have the right to express your point of view and contest any automated decision
  • No automated decision in this Service produces legal effects or similarly significant effects — all outputs are informational and motivational

We do not use automated decision-making for profiling that produces legal effects. Engagement and propensity scores are used solely for internal product improvement and are never shared with third parties or used to deny service.

14. Data Breach Notification

In the event of a security breach affecting your personal data, we will notify:

  • You, within 72 hours of identifying the incident
  • Relevant data protection authorities as required by law (GDPR, CCPA, LGPD)
  • Other competent authorities, where applicable

We will take immediate steps to mitigate the effects of the breach and prevent recurrence.

15. California Consumer Privacy Act (CCPA) — Additional Rights

If you are a California resident, you have the following additional rights under the CCPA and CPRA:

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do NOT sell your personal information to third parties. We do NOT share your personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Limit Use of Sensitive Personal Information: You may limit our use of your sensitive personal information (health, emotional data) to what is necessary to provide the Service.

DO NOT SELL OR SHARE MY PERSONAL INFORMATION: Intercept does not sell or share personal information as defined under the CCPA/CPRA. No opt-out action is required, but you may contact us at [email protected] for confirmation.

To exercise your CCPA rights, contact us at [email protected] or use the in-app data export and deletion features (Settings > Data Management).

16. Cookies, SDKs, and Tracking Technologies

As a mobile application, Intercept does not use browser cookies. However, we use the following tracking technologies:

  • Analytics SDKs (Mixpanel): Collects anonymized event data and feature usage. Requires your opt-in consent. Can be disabled in Settings > Privacy.
  • Error Tracking SDKs (Sentry): Collects crash reports and performance data. Requires your opt-in consent. Can be disabled in Settings > Privacy.
  • Device Identifier: A unique device ID generated on first launch, stored securely in your device's Keychain (iOS) or Keystore (Android). Used for authentication and data synchronization.
  • AsyncStorage: Local encrypted storage used to persist your app state, preferences, and cached data on your device.
  • Secure Storage (expo-secure-store): Used to store sensitive tokens (OAuth, API keys) with hardware-backed encryption.

You have full control over optional tracking. Essential tracking (device ID, local storage) is required for the Service to function. All optional tracking (analytics, error reporting) can be disabled at any time via Settings > Privacy, and we honor your choice immediately.

17. Age Requirements by Jurisdiction

Intercept is intended for users aged 18 and older. We enforce age verification before allowing access to the Service. The following jurisdiction-specific rules apply:

  • European Union (GDPR Art. 8): Minimum age for data processing consent is 16 years (or lower as set by member states, minimum 13). Intercept sets a stricter requirement of 18+ due to the sensitive nature of health and behavioral data.
  • Brazil (LGPD Art. 14): Processing of children's data (under 12) requires specific and prominent parental consent. Adolescents (12-17) may consent with parental awareness. Intercept sets a stricter requirement of 18+.
  • United States (COPPA): Children under 13 require verifiable parental consent. Intercept sets a stricter requirement of 18+.
  • California (CCPA/CPRA): Additional protections for consumers under 16. Intercept sets a stricter requirement of 18+.

If we discover that a user under 18 has accessed the Service, we will promptly delete all associated data and terminate access. Parents or guardians who believe their minor has used the Service should contact us immediately at [email protected].