Privacy Policy

Last Updated: 24 January 2026

Effective Date: 24 January 2026

Introduction

Welcome to Replenish! This Privacy Policy explains how Replenish ("we," "our," or "us") collects, uses, discloses, and protects your personal information when you use our mobile application and services (collectively, the "Services"). By using Replenish, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

Quick Summary

What we collect: Account information, food and nutrition data, body measurements, health and fitness data, photos, and usage information.

How we use it: To provide personalised nutrition tracking, generate insights, sync with health apps, and improve our services.

Do we sell your data? No, we do not sell your personal information to third parties.

Your rights: You can access, update, or delete your data at any time through the app settings or by contacting us.

Information We Collect

Information You Provide Directly Account and Profile Information:

  • Name (first and last name).

  • Email address.

  • Date of birth.

  • Biological sex (male, female, or other).

  • Height and weight.

  • Measurement system preference (metric or imperial).

  • Profile photo (optional).

  • Dietary requirements and preferences.

  • Nutrition and fitness goals.

  • Fasting preferences and schedules.

Food and Nutrition Data:

Food and meal entries, including:

  • Food items consumed (including from text search, barcode scanning and photos).

  • Meal timing and types (breakfast, lunch, dinner, snacks).

  • Calorie and macronutrient information (protein, carbohydrates, fat) - Micronutrient information (vitamins, minerals).

  • Custom recipes and meals.

  • Fasting periods and intermittent fasting data.

  • Note: When you use barcode scanning, we query the OpenFoodFacts public API using only the barcode number. We do not share any personal information with OpenFoodFacts.

Body Measurements and Progress Tracking:

  • Weight logs and history.

  • Waist circumference measurements.

  • Body fat percentage

  • Progress photos (front, side, and back views) - Note: Progress photos are stored locally on your device and are not sent to any external servers or third-party services

  • Body composition tracking over time.

Activity and Lifestyle Data:

  • Hydration logs (water, coffee, tea and juice intake).

Exercise and workout data:

  • Sleep data.

  • Step count.

  • Active minutes.

  • Notes and observations about your progress.

Communications:

  • Support requests and customer service communications.

  • Feedback and survey responses.

  • Any other information you choose to provide.

Information Collected Automatically

Device and Usage Information:

  • Device type, model, and operating system.

  • Unique device identifiers.

  • IP address.

App usage patterns, including Features used

  • Time spent in the app.

  • Screen views and navigation paths

  • Interactions with app features.

  • Thumbs up/down feedback when AI Actionable Insights are generated and you select an option.

  • App performance and crash reports (collected via Sentry)

  • Error logs and debugging information (collected via Sentry for troubleshooting)

  • Session replay data when errors occur (to help us diagnose and fix issues)

  • Push notification tokens.

Health Data from Third-Party Sources (With Your Permission) - Apple HealthKit (iOS): Steps, distance, active energy burned, heart rate, sleep analysis, workouts, weight, body mass index, body fat percentage, and nutrition data - Google Health Connect (Android): Steps, distance, active calories, heart rate, sleep, workouts, weight, BMI, and nutrition data Please note: We only access health data from these sources with your explicit permission. You can revoke these permissions at any time through your device settings or the app's privacy settings.

Information from Third-Party Authentication

If you choose to sign in using:

  • Google Sign-In: We may receive your name, email address, and profile picture from Google

  • Apple Sign-In: We may receive your name and email address from Apple

How We Use Your Information

We use the information we collect for the following purposes: Service Provision - Create and manage your account - Provide food tracking and nutrition logging features - Calculate and display your daily nutritional intake - Generate personalised calorie and macro targets based on your profile - Provide body composition tracking and progress visualisation - Generate daily, weekly and monthly analytics and insights - Sync data with Apple HealthKit and Google Health Connect (with your permission) - Send push notifications for reminders and updates (with your consent) - Provide customer support and respond to your inquiries.

Service Improvement - Analyse usage patterns to improve app functionality and user experience - Develop new features and services - Conduct research and analytics (using aggregated, anonymised data) - Detect and prevent errors, bugs, and security issues - Monitor app performance, crashes, and errors using error tracking services - Perform troubleshooting and technical support.

Personalisation - Provide personalised nutrition recommendations - Generate AI-powered insights based on your data (processed through secure backend services) - Customise your experience based on your preferences and goals - Show relevant content and suggestions.

Important Note Regarding AI Services - When we use OpenAI or other AI services to generate insights, we only send nutritional data, sleep data, and exercise data in anonymised or aggregated form. Your personal information (such as name, email address, account details, or any personally identifiable information) is never shared with OpenAI or any other AI service provider.

Legal and Safety - Comply with applicable laws and regulations - Respond to legal requests and enforce our terms of service - Protect the rights, property, and safety of Replenish, our users, and others - Prevent fraud and abuse.

How We Share Your Information

We do not sell your personal information to third parties. We may share your information only in the following circumstances:

Service Providers: We work with trusted third-party service providers who help us operate our Services. These providers have access to your information only to perform services on our behalf and are obligated not to disclose or use it for any other purpose:

  • Firebase (Google LLC): For authentication, data storage (Firestore), cloud storage, and analytics.

  • Sentry (Functional Software, Inc.): For error tracking, crash reporting, performance monitoring, and debugging. Sentry collects error logs, stack traces, device information, app performance data, and user identifiers (user ID and email only, no sensitive personal data) to help us identify and fix technical issues. Session replay data may be captured when errors occur to help us diagnose problems. We have configured Sentry to sanitise sensitive information (such as passwords, tokens, and API keys) before sending data. Data is retained for 30 days for troubleshooting purposes.

  • OpenAI (via secure backend): For natural language food search, image recognition, barcode scanning processing, and to generate daily, weekly, and monthly analytics and insights. Important: Your personal information (such as name, email, or account details) is never passed to OpenAI or any other AI service. Only nutritional data, sleep data, and exercise data (in anonymised or aggregated form) may be processed by OpenAI to generate insights. Your queries are processed securely and we do not store your search queries long-term.

  • OpenFoodFacts: For barcode scanning, text searches, and packaged food product information (we only send barcode/product queries and search terms to their public API; no personal information is shared).

  • ZenQuotes (zenquotes.io): For providing inspirational quotes displayed on the home page (we only fetch quotes from their public API; no personal information is shared).

  • SendGrid (Twilio SendGrid): For processing and managing customer support communications and email services.

  • Railway.app: For hosting our backend services and API infrastructure.

  • Expo: For push notification services and app infrastructure.

  • Apple Inc.: For Apple Sign-In and Apple HealthKit integration.

  • Google LLC: For Google Sign-In and Google Health Connect integration.

  • Health Data Integration: With your explicit permission, we may read data from and write data to Apple HealthKit or Google Health Connect - We do not use health data for advertising or marketing purposes - Health data remains governed by Apple's and Google's respective privacy policies.

  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). Business Transfers In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

  • Aggregated and Anonymised Data: We may share aggregated, anonymised data that does not identify you personally for research, analytics, or business purposes.

Data Storage and Security

Where Your Data is Stored:

  • Your data is stored securely using Firebase (Google Cloud Platform) servers, which may be located in the United States or other countries.

  • Data is encrypted in transit and at rest.

  • We implement industry-standard security measures to protect your information.

Security Measures:

  • Encrypted data transmission (HTTPS/TLS) for all data in transit.

  • Encrypted data at rest using industry-standard encryption.

  • Secure authentication and password hashing (passwords are hashed and salted, and we never store plain text passwords).

  • Access controls and authentication requirements with role-based permissions.

  • Regular security assessments and vulnerability testing.

  • Secure cloud storage with Firebase using Google Cloud Platform's security infrastructure.

  • Firestore security rules to restrict database access.

  • API authentication and authorization for backend services However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Data Retention

We retain your personal information for as long as necessary to:

  • Provide you with our Services.

  • Comply with legal obligations.

  • Resolve disputes and enforce our agreements.

  • Account Data: Retained while your account is active and for a reasonable period after account deletion to comply with legal obligations

  • Food and Nutrition Logs: Retained until you delete them or your account is deleted

  • Body Measurements: Retained until you delete them or your account is deleted

  • Analytics Data: Aggregated analytics data may be retained indefinitely in anonymised form

  • Error and Crash Reports: Retained for up to 30 days for troubleshooting purposes. This includes data collected by Sentry (error logs, stack traces, session replays on errors, and associated user identifiers)

You can delete your account and all associated data at any time by contacting us. Upon account deletion, we will delete or anonymise your personal information, except where we are required to retain it by law.

Requesting Account or Data Deletion

To request deletion of your Replenish account and associated data, please contact us:

Email: hello@replenishyourself.co.uk

Subject: Account Deletion Request

Please include your account email address in your request.

What Gets Deleted

When you request account deletion, we will delete or anonymise:

  • Your account information (name, email, profile data)

  • All food and nutrition logs

  • Body measurements and progress data

  • Health and fitness data

  • App activity and usage data

Data Retention

We may retain certain information for:

  • Legal compliance (as required by law)

  • Fraud prevention and security

  • Resolving disputes

Data is typically deleted within 30 days of your request, except where legal obligations require longer retention.

Partial Data Deletion

If you only want to delete specific data (not your entire account), please email us at hello@replenishyourself.co.uk with details of what you'd like deleted. We will process your request within 30 days.

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

Access and Portability - Right to Access: You can view your personal information through the app or by contacting us - Right to Data Portability: You can request a copy of your data in a structured, machine-readable format.

Correction and Deletion - Right to Correction: You can update your profile information directly in the app or by contacting us - Right to Deletion: You can delete your account and all associated data through the app settings or by contacting us.

Consent and Preferences - Health Data Permissions: You can manage permissions for Apple HealthKit and Google Health Connect through your device settings or the app's privacy settings - Push Notifications: You can manage push notification preferences through your device settings or the app's notification settings - Camera and Photo Library: You can manage camera and photo library permissions through your device settings.

Marketing Communications - If we send marketing emails, you can unsubscribe using the link provided in the email.

Exercising Your Rights To exercise any of these rights, please:

  • Use the in-app settings to manage your data and preferences,

  • Contact us at: hello@replenishyourself.co.uk.

We will respond to your request within a reasonable timeframe, typically within 30 days.

Children's Privacy

Replenish is not intended for children under the age of 18 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information.

Health Information Notice

Important Health Disclaimer: Replenish is not a medical organization and does not provide medical advice, diagnosis, or treatment. The information provided through our Services is for informational and educational purposes only. Always consult with a qualified healthcare provider before making decisions about your diet, exercise, or health.

Health Data Processing: Some of the information we collect, such as food intake, body measurements, weight, and activity data, may be considered health information under applicable laws. We process this information with your explicit consent to provide our nutrition tracking services. You can withdraw your consent at any time by deleting your account or adjusting your privacy settings. We do not use your health information for advertising, marketing, or any purpose other than providing you with our Services, except as described in this Privacy Policy or with your explicit consent.

International Data Transfers

Replenish is operated from and in the United Kingdom only. Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers (such as Firebase/Google Cloud Platform) are located. These countries may have data protection laws that differ from those in your country.

When we transfer your information internationally, we take appropriate measures to ensure your information is protected in accordance with this Privacy Policy and applicable data protection laws, including:

  • Using standard contractual clauses approved by relevant authorities.

  • Relying on adequacy decisions where applicable.

  • Implementing appropriate technical and organisational safeguards.

Third-Party Services and Links

Our Services may contain links to third-party websites or services that are not owned or controlled by Replenish. This Privacy Policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party services you access through our app.

Third-Party Services We Use:

  • Firebase (Google): Privacy Policy: https://firebase.google.com/support/privacy

  • Sentry (Functional Software, Inc.): Privacy Policy: https://sentry.io/privacy/

  • Apple HealthKit: Privacy Policy: https://www.apple.com/privacy/

  • Google Health Connect: Privacy Policy: https://policies.google.com/privacy

  • OpenAI: Privacy Policy: https://openai.com/privacy

  • OpenFoodFacts: Privacy Policy: https://world.openfoodfacts.org/privacy

  • ZenQuotes: Privacy Policy: https://docs.zenquotes.io/privacy-policy/ (Note: We only use their public API to fetch quotes; we do not share personal information with this service)

  • SendGrid (Twilio SendGrid): Privacy Policy: https://www.twilio.com/legal/privacy

  • Railway.app: Privacy Policy: https://railway.app/legal/privacy

  • Expo: Privacy Policy: https://expo.dev/privacy

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated Privacy Policy in the app.

  • Updating the "Last Updated" date at the top of this Privacy Policy.

  • Sending you a notification through the app or via email (if applicable).

Your continued use of Replenish after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree to the updated policy, you should discontinue using our Services and delete your account.

Cookies and Tracking Technologies

Our app may use cookies and similar tracking technologies to:

  • Remember your preferences.

  • Analyse app usage and performance.

  • Provide personalised experiences.

  • You can control cookies through your device settings, though some features may not function properly if cookies are disabled.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Your Rights

You have the right to:

  • Request access to your personal information: This enables you to receive a copy of the personal information we hold about you.

  • Request correction or rectification of the personal information: We hold about you, which enables you to correct inaccurate or incomplete personal information about you.

  • Request to erase or delete your personal information: That we hold. There may be certain circumstances that prevent us from fully deleting your information at the time of the request due to legal or regulatory reasons. If this is the case, we will advise of these circumstances in response to your request.

  • Request to limit or object to processing: Your personal information where we (or a third party) have a legitimate interest or where we are processing your personal information for direct marketing purposes or using automated processes. In some cases, we will not be able to comply with your request if we have compelling legitimate grounds for the continued processing which override your interests, or for the establishment, exercise, or defence of legal claims.

  • Request to transfer your data in a portable format: You can ask us to provide you or a third party with your personal information in a portable (machine readable) format where we have collected your consent or otherwise perform obligations due to a contractual necessity.

  • Right to object to marketing: You may object at any time to your personal information being processed for direct marketing including profiling.

  • Withdrawal of consent: You may withdraw your consent at any time to any processing of personal information based on your consent, where applicable, without compromising the lawfulness of the processing based on consent carried out prior to such withdrawal.

How to Exercise Your Rights

To exercise your GDPR rights, please contact us using the information provided in the Contact Us section below. We will respond to your request within a reasonable timeframe, typically within 30 days.

Legal Basis for Processing

We process your personal data based on:

  • Consent: For health data and optional features (you can withdraw at any time).

  • Contract Performance: To provide our Services and fulfill our agreement with you.

  • Legitimate Interests: For service improvement, security, and analytics (where permitted).

  • Legal Obligations: To comply with applicable laws

How to Lodge a Complaint

If you consider that the processing of your personal information violates applicable data protection laws, you also have the right to lodge a complaint about our processing of your personal information or our handling of your rights request with the appropriate data protection regulator, i.e. the data protection regulator located where you reside, at your place of work or at the place of the alleged infringement.

Data Protection Authorities:

UK Data Protection Authority: Information Commissioner's Office (ICO) - https://ico.org.uk/

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: Email: hello@replenishyourself.co.uk Address: 275 Long Lane, Hillingdon, UB10 9JS Website: https://www.replenishyourself.co.uk We will respond to your inquiry within a reasonable timeframe, typically within 30 days.

Replenish Privacy Policy Version 1.1 Last Updated: 24 January 2026