Privacy Policy.

Account information: When you sign in with Apple or Google, we receive your email address and name from the authentication provider. We do not see or store your Apple or Google password.

Body and health data: During onboarding, you provide your gender, birthday, height, weight, fitness goal, workout frequency, and workout schedule. This data is used exclusively to calculate your personalized macro targets using the Mifflin-St Jeor equation.

Dietary preferences: Your diet type (classic, vegetarian, etc.), cooking skill level, weekly grocery budget, excluded allergens, and excluded ingredients. These are used to generate meal plans that match your needs.

Meal activity: Meal plans we generate for you, recipes you cook or skip, ratings and feedback you leave, recipes you favorite, leftovers you track, grocery items you check off, pantry items you add, and ingredient substitutions you make.

Photos and audio: If you use our Eat Out Advisor, Fridge Scan, or Meal Logging features, you may provide photos of menus, your fridge, or meals. If you use voice dictation to create a recipe, you provide an audio recording. These are sent to our AI service for processing and are not stored after the response is generated.

We do not collect precise location data, contacts, browsing history, or any data from your device beyond what you explicitly provide through the app.

Personalization: Your body data and dietary preferences are used to calculate daily calorie and macro targets, generate weekly meal plans, create grocery lists, and filter recipes to match your needs.

AI features: Your dietary preferences and excluded ingredients are included in prompts sent to our AI service to generate recipes and meal recommendations that respect your restrictions. Photos you provide for menu analysis, fridge scanning, or meal logging are processed by AI to identify foods and estimate nutritional content.

On-device AI: Some features — including recipe adaptation, cooking step explanations, and nutrition nudges — run entirely on your device using Apple's Foundation Models framework. No data leaves your device for these features.

Communication: We use your email address for account-related messages such as sign-in verification. We do not send marketing emails without your explicit consent.

We do not sell your personal information. We do not use your data for advertising. Your dietary information is never shared with insurers, employers, or data brokers.

WorkOS: Handles sign-in with Apple and Google via OAuth. WorkOS receives your email and name to create your identity record. When you delete your account, we also delete your WorkOS identity record.

RevenueCat: Manages subscriptions and in-app purchases through Apple's App Store. RevenueCat receives your anonymous app user ID and purchase transaction data. We do not store credit card numbers or payment details — those are handled entirely by Apple.

Cloudflare: Our backend runs on Cloudflare Workers, and our database is hosted on Cloudflare D1. AI features (recipe generation, menu analysis, fridge scanning, meal estimation, voice transcription) use Cloudflare Workers AI. Per Cloudflare's data processing terms, Workers AI does not train on customer data, and input data is processed transiently — it is not retained after the response is generated.

USDA FoodData Central: We query the USDA's public food database to look up nutritional information for ingredients (calories, protein, carbs, fat per 100g). Only generic ingredient names are sent — no user-identifying information.

Open Food Facts: When you scan a barcode, the barcode number is sent to Open Food Facts (an open, non-profit food database) to identify the product. No user-identifying information is included in the request.

Apple HealthKit: If you opt in, we write meal nutrition data (calories, protein, carbs, fat) to Apple Health after you finish cooking. This data is stored entirely on your device by Apple and is never sent to our servers.

Apple Foundation Models: On-device AI features process data locally using Apple's built-in language model. No data is sent to Apple or to our servers for these features.

Your data is stored in Cloudflare D1 (a serverless SQL database) within Cloudflare's global network. All data is encrypted in transit using TLS. Cloudflare provides infrastructure-level security including DDoS protection and SOC 2 compliance.

We do not store passwords. Authentication is handled entirely through Apple and Google OAuth via WorkOS. Session tokens are cryptographically random, expire after 30 days, and are stored in your device's secure Keychain.

Photos sent for AI analysis (menus, fridge contents, meals) are processed in memory and are not written to persistent storage. Audio recordings for voice dictation are deleted from the device immediately after upload.

Locally on your device, we cache your current meal plan and grocery list for offline access. These caches are stored in the app's Caches directory and are automatically managed by iOS.

We retain your account data for as long as your account is active. Expired sessions are automatically cleaned up by a scheduled task.

You can delete your account at any time from the app's settings. When you delete your account, we perform a complete cascade deletion of all your data: meal plans, cooking history, ratings, pantry items, grocery checks, achievements, preferences, sessions, and the account record itself. We also delete your identity record from WorkOS.

Account deletion is permanent and cannot be undone. All data is removed within 24 hours of the deletion request.

If you would like a copy of your data before deletion, please contact us at privacy@getgust.app and we will provide an export within 30 days.

Regardless of where you live, you have the right to: access the personal data we hold about you, correct inaccurate data, delete your account and all associated data, and withdraw consent for optional features (HealthKit, notifications) at any time.

If you reside in the European Economic Area (EEA), you have additional rights under GDPR including: the right to data portability, the right to restrict processing, the right to object to processing, and the right to lodge a complaint with your local data protection authority.

If you are a California resident, you have rights under the CCPA including: the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at privacy@getgust.app. We will respond within 30 days.

The Gust mobile app does not use cookies or web tracking technologies. We do not use third-party analytics SDKs, advertising identifiers, or cross-app tracking.

Our marketing website (getgust.app) uses only essential first-party cookies for basic functionality. We do not use third-party tracking pixels, retargeting scripts, or participate in ad networks.

Gust is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@getgust.app.

We may update this privacy policy to reflect changes in our practices, legal requirements, or the features we offer. When we make material changes, we will notify you through in-app notifications or email at least 14 days before the changes take effect.

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy. If you do not agree with the updated terms, you may delete your account at any time.

If you have questions about this privacy policy or how we handle your data, contact us at privacy@getgust.app. We aim to respond within 5 business days.

65FN LLC, Wyoming, United States.