Privacy Policy for "CarbVista"

Last updated: June 2026

1. General Information

We take the protection of your personal data very seriously. Personal data is processed only in accordance with applicable data protection laws, in particular the General Data Protection Regulation (GDPR).

Personal data is any information relating to an identified or identifiable natural person.

CarbVista is an app for estimating nutrition information from meal photos. The app lets users take or select a meal photo, optionally add additional information, send the request to a backend server for analysis, and view estimated calories, carbohydrates, protein, fat, detected foods, confidence information, details, and warnings.

This privacy policy explains which data is processed when using CarbVista.

2. Data Controller

Christian Rothhaar
Querweg 4
25336 Elmshorn
Germany

Email: contact@carbvista.com

3. Data Processing Overview

CarbVista processes personal data only to the extent necessary to provide the app, secure the service, prevent abuse, manage analysis credits, provide account functionality, enable subscriptions, and, where enabled, display limited advertising to non-premium users.

The processing includes:

• Meal analysis based on photos and optional user-provided information
• Backend communication for analysis, quota handling, authentication, and billing status
• Google Sign-In for account creation, login, and access to analysis features
• Optional subscriptions via Google Play Billing
• Voluntary anonymous feedback submitted by the user
• Voluntary support requests submitted by the user
• Local storage of saved analyses, meal diary entries, nutrition goals, and app settings on the user's device
• Server-side logging and security measures
• Advertising through Google AdMob for non-premium users, where advertising is enabled
• Consent handling through Google's User Messaging Platform, where required for advertising
• Optional usage analytics and stability diagnostics through Firebase Analytics and Firebase Crashlytics, where consent has been given
• Optional campaign measurement through the Meta SDK, where consent has been given

Premium users, and users whose subscription status is unclear are not shown AdMob banner advertising in the app.

4. Meal Photo Analysis

To analyze a meal, the app sends the selected or captured image to the CarbVista backend server. The backend processes the request and forwards the image, together with optional additional information entered by the user, to an AI service provider for analysis.

The following data may be processed for meal analysis:

• Meal photo selected or captured by the user
• Optional additional text entered by the user
• Technical request data, such as IP address, request time, content type, and compressed image size
• Pseudonymous device identifier generated by the app
• User ID, if the user is logged in
• Analysis result, including estimated calories, carbohydrates, protein, fat, detected foods, confidence, details, and warnings

Meal photos are transmitted to the backend only when the user actively starts an analysis. The backend does not permanently store the original meal photo. The backend may temporarily process the image in memory or in temporary processing steps required to perform the analysis.

For service operation and troubleshooting, the backend stores analysis audit metadata such as request time, success or failure status, technical image metadata, used AI model, device identifier, IP address, and user reference where applicable. Optional additional information entered by the user and complete analysis responses are stored server-side only if the corresponding backend audit configuration is explicitly enabled. The image file itself is not stored in this audit data.

The analysis result is an estimate and is not medical advice.

Legal Basis

• Art. 6(1)(b) GDPR (performance of the contract / provision of app functionality)
• Art. 6(1)(f) GDPR (legitimate interest in providing, securing, and improving the service)

Our legitimate interest lies in operating the meal analysis service, preventing abuse, troubleshooting technical problems, and maintaining service reliability.

5. AI Service Provider

CarbVista uses OpenAI services to analyze meal images and generate nutrition estimates.

For this purpose, the backend may transmit the meal photo and optional additional information entered by the user to OpenAI. The response from OpenAI is processed by the backend and returned to the app.

Data transmitted to OpenAI may include:

• Meal photo
• Optional user-provided additional information
• Technical request content required for the analysis

Users should avoid including sensitive personal information in photos or additional text unless it is necessary for the intended analysis.

More information about OpenAI's privacy practices:
https://openai.com/policies/privacy-policy

Legal Basis

• Art. 6(1)(b) GDPR (performance of the contract / provision of app functionality)
• Art. 6(1)(f) GDPR (legitimate interest in providing the requested analysis functionality)

6. Google Sign-In

CarbVista uses Google Sign-In for account creation and login. Some features, including meal analysis, may require a logged-in account. Google Sign-In is used to identify the user securely and to link usage, credits, quota, and subscription status to an account.

When using Google Sign-In, Google may provide the following data to CarbVista:

• Google account identifier
• Email address
• Email verification status
• Display name
• Profile picture URL

CarbVista does not receive or store the user's Google password.

The backend validates the Google ID token and then issues CarbVista's own app session tokens. Session tokens are used to authenticate requests to the backend. Refresh tokens are stored by the backend only in hashed form.

More information about Google Sign-In:
https://support.google.com/accounts/answer/12921417

Legal Basis

• Art. 6(1)(b) GDPR (account creation, login, and authenticated app functionality)
• Art. 6(1)(f) GDPR (legitimate interest in secure authentication and abuse prevention)

7. Subscriptions and Google Play Billing

CarbVista may offer paid subscriptions through Google Play Billing. Subscriptions are used to provide extended usage limits or premium access.

Payment processing is handled by Google Play. CarbVista does not receive or store full payment details such as credit card numbers or bank account details.

For subscription handling, the following data may be processed:

• Google Play product ID
• Purchase token, stored by the backend only in hashed form
• Last characters of the purchase token for troubleshooting
• Order ID, if provided by Google Play
• Subscription status
• Package name
• Current billing period or expiration information, if available
• Billing-related events and status messages
• User ID linked to the subscription

This data is used to verify and manage subscription status, provide premium access, prevent abuse, and handle support requests.

Subscriptions can be managed through Google Play:
https://play.google.com/store/account/subscriptions

Legal Basis

• Art. 6(1)(b) GDPR (subscription management and paid functionality)
• Art. 6(1)(c) GDPR (legal obligations, where applicable)
• Art. 6(1)(f) GDPR (legitimate interest in fraud prevention, troubleshooting, and account support)

8. Backend / Server Communication

The app communicates with a backend server to provide its functionality.

During this process, the following data may be processed:

• IP address

Used for security, stability, debugging, rate limiting, and abuse prevention

• Approximate country code derived from request metadata

Used to understand the regional distribution of CarbVista users and operate the service. CarbVista does not access GPS or precise device location for this purpose.

• Pseudonymous device identifier (generated device ID)

Used for technical app identification, session support, security, and abuse prevention

• Authentication data

Used to maintain logged-in sessions and protect authenticated requests

• Usage and quota data

Used to determine remaining free analyses and subscription-based usage limits

• Diary usage counter

Used to understand whether analysed meals are saved to the local diary and to improve the app experience. This counter does not include meal names, images, macro values, diary timestamps, or diary contents.

• Request and response metadata

Used for debugging, support, and service reliability

The generated device identifier does not directly identify a person by itself, but it may be linked to usage data and, if the user logs in, to the user's account.

Play Integrity

CarbVista may use Google Play Integrity for security and abuse prevention. Where this protection is enabled, the app requests an integrity token from Google Play for protected analysis requests and sends that token to the CarbVista backend. The backend uses the token to verify that the request comes from the expected app and to evaluate integrity signals required for abuse prevention.

The integrity token is used for verification of the protected request and is not used by CarbVista for advertising or profiling.

Storage Duration

Server-side data is stored only as long as necessary for the purposes described in this policy or as required by law.

In particular:

• Server logs are kept for the limited period required for troubleshooting, security, and abuse prevention.
• Account and authentication data is stored while the account exists or while sessions remain active.
• Usage, quota, billing, and subscription data is stored as long as necessary to provide the service, verify entitlements, handle support, prevent abuse, or comply with legal obligations.
• Analysis audit metadata may be stored for service operation, debugging, quota tracking, and support purposes.
• Optional analysis additional information and complete analysis responses are stored only where the corresponding audit configuration is enabled and then only as long as needed for the configured audit purpose.

Legal Basis

• Art. 6(1)(b) GDPR (performance of the contract / app functionality)
• Art. 6(1)(f) GDPR (legitimate interest in ensuring security, stability, abuse prevention, debugging, and support)

9. Local Storage on the Device

CarbVista may store data locally on the user's device to provide app functionality.

Locally stored data may include:

• Saved meal analyses
• Saved meal photos selected by the user for local meal/gallery functionality
• Local meal diary entries with saved meal names, times, fixed nutrition values, and small thumbnails
• Nutrition goals, selected relevant macros, and preferred nutrition value display mode
• App settings
• Generated device identifier
• CarbVista session data, if the user is logged in

Saved meal analyses and local meal diary entries are separate local app functions. Saved meal analyses keep the selected locally saved image and the analysis information for later viewing. Diary entries keep fixed nutrition values and a small local thumbnail for tracking purposes.

Local data remains on the user's device unless it is sent to the backend as part of an analysis, authentication, billing, or other user-initiated request described in this policy. Users can delete supported local data inside the app, or remove local app data through the Android system settings.

Legal Basis

• Art. 6(1)(b) GDPR (providing app functionality requested by the user)
• Art. 6(1)(f) GDPR (legitimate interest in maintaining app settings and session continuity)

10. Permissions

CarbVista may request Android permissions required for its functionality.

These may include:

• Camera access

Used to take meal photos for analysis

• Image/media access or share intent handling

Used when the user selects or shares an image with the app

• Internet access

Used to communicate with the backend server, Google Sign-In, Google Play Billing, Google Play Integrity, feedback handling, advertising and consent services where enabled, and analysis services

Permissions are used only for the app functionality described in this policy.

11. Anonymous Feedback

CarbVista offers a voluntary feedback form in the app. Feedback is intended to help improve the app and its analysis experience.

The feedback form may process:

• The user's rating of how helpful CarbVista was
• The user's rating of how accurate the estimates appeared
• The user's improvement suggestion
• The submission time

Feedback is stored without account, device, meal image, or meal analysis reference. Users should not include personal data or sensitive information in feedback text.

As with other requests to the backend, technical server communication and security logging may process request metadata such as IP address, request time, and technical access information for security, debugging, and rate limiting purposes.

Legal Basis

• Art. 6(1)(f) GDPR (legitimate interest in improving the app and processing voluntary feedback)

Our legitimate interest lies in understanding voluntary user feedback and improving CarbVista.

12. Support Requests

CarbVista offers a voluntary support form in the app. Users can submit a support request if they need help.

The support form may process:

• The email address provided by the user for replies
• The user's support message
• Technical context such as app version, platform, locale, and submission time
• The user's account reference, if the user is signed in while submitting the request

Support requests are used only to process and answer the request, troubleshoot issues, and improve service reliability. The email address is used only for replying to the specific support request.

As with other backend requests, technical server communication and security logging may process request metadata such as IP address, request time, and technical access information for security, debugging, and rate limiting purposes.

Legal Basis

• Art. 6(1)(b) GDPR (processing necessary to respond to a user-initiated support request)
• Art. 6(1)(f) GDPR (legitimate interest in support, troubleshooting, and service reliability)

13. Data Recipients

Personal data may be shared with the following categories of recipients:

• Hosting or infrastructure providers used to operate the backend
• OpenAI, for meal image analysis
• Google Ireland Limited and/or Google LLC, for Google Sign-In, Google Play Billing, Google Play Integrity, Firebase Analytics, Firebase Crashlytics, Google AdMob, and Google's User Messaging Platform
• Meta Platforms Ireland Limited, for optional campaign measurement where the user has consented
• Technical service providers required for operation, security, support, or maintenance

Data is shared only to the extent necessary for the respective purpose.

14. Data Transfers to Third Countries

Some service providers may process data outside the European Economic Area, including in the United States.

Where data is transferred to countries outside the European Economic Area, appropriate safeguards are used where required, such as Standard Contractual Clauses approved by the European Commission or other legally recognized transfer mechanisms.

There is a possibility that authorities in third countries may access personal data under local laws.

15. Data Retention and Deletion

We store personal data only as long as necessary for the purposes described in this policy or as required by law.

In particular:

• Voluntary feedback is kept as long as needed to review it and use it for app improvement, unless it is deleted earlier.
• Deletion request records are kept as long as needed to process and document the request, protect against misuse, or comply with legal obligations.

Users may request deletion of their account and associated personal data through the online deletion request form:
https://carbvista.de/request-delete

Users may also contact:
contact@carbvista.com

The deletion request form processes the information needed to handle the request. This may include the submitted email address, optional user ID, optional message, request time, IP address, and browser user agent.

When an account is deleted, personal data associated with the account will be deleted unless retention is required for legal obligations, billing records, security, fraud prevention, or the establishment, exercise, or defense of legal claims.

Local data stored on the user's device can also be removed by deleting saved analyses and diary entries in the app where supported or by deleting the app data through Android system settings.

16. Your Rights

Under the GDPR, you have the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent at any time (Art. 7(3) GDPR), where processing is based on consent

To exercise your rights, please contact:
contact@carbvista.com

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in your country of residence or with the competent supervisory authority in Germany.

17. Security

Data transmission between the app and the backend is encrypted using HTTPS (TLS), where the production backend is used.

CarbVista uses technical and organizational measures intended to protect personal data against unauthorized access, loss, misuse, or alteration. Session tokens and billing purchase tokens are handled with security measures such as hashed server-side storage where applicable.

18. Optional Analytics, Marketing, Advertising and Consent

CarbVista Privacy Choices

Where required, signed-in users are shown CarbVista's own privacy choices before optional analytics or campaign measurement services are activated. Users can separately choose whether to allow:

• Analytics and app improvement through Firebase Analytics and Firebase Crashlytics
• Marketing and campaign measurement through the Meta SDK and Meta App Events

These choices are voluntary. CarbVista can be used without enabling either optional category. The selected preferences and a technical consent version are stored locally on the user's device. For signed-in users, CarbVista also stores the current analytics and marketing choices and which consent action was used (accept all, customize, or continue without optional services) with the CarbVista account. This supports consent administration and aggregate evaluation of the privacy flow. Users can change their choices later in the app settings. Withdrawing consent affects future collection and does not affect the lawfulness of processing carried out before the withdrawal.

If Google's User Messaging Platform indicates that its advertising consent flow is not required for the user's region, CarbVista may enable these services according to the applicable regional configuration. Users can still change the CarbVista privacy choices in the app settings.

Firebase Analytics and Firebase Crashlytics

If the user enables "Analytics & App Improvement", CarbVista may use Firebase Analytics to understand app usage and Firebase Crashlytics to identify crashes, stability issues, and technical failures. These services are provided by Google Ireland Limited and/or Google LLC.

Processed data may include app events, app version, device and operating-system information, event times, crash traces, diagnostic information, and technical identifiers generated by the respective SDK. CarbVista does not intentionally include meal photos, nutrition estimates, optional meal notes, email addresses, usernames, or CarbVista device IDs in its own Firebase events.

If this category is disabled, CarbVista disables Firebase Analytics and Firebase Crashlytics collection and does not send CarbVista's own Firebase events.

More information about Firebase privacy and data processing:
https://firebase.google.com/support/privacy

Meta SDK and Campaign Measurement

If the user enables "Marketing & Campaign Measurement", CarbVista may use the Meta SDK and Meta App Events to measure campaign performance and understand which marketing channels help users discover and use CarbVista.

Depending on device settings, app configuration, and Meta's processing, Meta Platforms Ireland Limited may process technical event data such as app identifier, device and app information, IP address, event time, app interaction events, and advertising-related identifiers where available and legally permitted. CarbVista does not intentionally include meal photos, nutrition estimates, optional meal notes, email addresses, usernames, or CarbVista device IDs in its own Meta events.

If this category is disabled, CarbVista disables Meta campaign measurement and does not send CarbVista's own Meta events.

More information about Meta's privacy practices:
https://www.facebook.com/privacy/policy/

Google AdMob and User Messaging Platform

CarbVista may display Google AdMob banner advertising in limited areas of the app, for example in the saved meals area, and only for users without active premium access. Advertising is not displayed on the scan, analysis, diary, profile, support, feedback, or meal creation forms.

AdMob is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Depending on the user's region, consent choices, device settings, and Google's configuration, Google may process data such as:

• Device information
• Advertising ID or similar identifiers, where available
• IP address
• Approximate location derived from technical data
• App and ad interaction data
• Diagnostic and performance information

Where required, CarbVista uses Google's User Messaging Platform to request and manage consent before ads are requested. Users may be shown a Google consent form and can make the choices offered there. Advertising settings may also be managed through Android and Google account settings where available.

More information about Google's advertising technologies:
https://policies.google.com/technologies/ads

More information about Google AdMob:
https://admob.google.com/

Legal Basis

• Art. 6(1)(a) GDPR (consent), for optional Firebase analytics, crash diagnostics, Meta campaign measurement, and where consent is required for advertising or personalized advertising
• Art. 6(1)(f) GDPR (legitimate interest in financing and operating the app), where legally permitted for non-personalized advertising, security, fraud prevention, measurement, and technical ad delivery

19. Landing Page Analytics

The CarbVista landing page uses a very limited, privacy-friendly analytics mechanism operated by CarbVista itself.

Only the following anonymous events are counted:

• Page views of the landing page
• Clicks on links to the Google Play Store
• First app launches after installation

For this purpose, the landing page and app send only the event type, such as `page_view`, `playstore_click`, or `first_launch`, to the CarbVista backend. CarbVista does not use cookies, local storage, session storage, fingerprinting, external analytics services, advertising pixels, user IDs, or user profiles for this analytics.

The analytics event table stores only the event type and the time of the event. CarbVista does not store IP addresses, user-agent data, referrers, UTM parameters, or other personal data in this analytics event table.

Legal Basis

• Art. 6(1)(f) GDPR (legitimate interest in understanding whether the landing page is viewed and whether visitors click through to Google Play)

Our legitimate interest lies in measuring basic, anonymous landing page performance without identifying or tracking individual visitors.

20. Automated Decision-Making

CarbVista uses automated analysis to estimate nutrition information from meal photos. The result is an informational estimate generated by AI and should not be treated as medical, dietary, or professional advice.

CarbVista does not use automated decision-making that produces legal effects concerning the user or similarly significantly affects the user within the meaning of Art. 22 GDPR.

21. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect legal, technical, or functional changes.

The current version will be made available in the app or through the app's store listing.

Imprint

Information according to Section 5 TMG / Section 5 DDG

Christian Rothhaar
Querweg 4
25336 Elmshorn
Germany

Contact:
Email: contact@carbvista.com

Electronic contact via email is sufficient and responses will be provided promptly.