Privacy Policy

CutWise helps you track what you eat and reach your goals. This policy explains what we collect, why, who we share it with, and the control you have over it. We’ve tried to keep it plain.

Who we are

CutWise is operated by Carbon Software LTD, a company registered in Northern Ireland (company number NI735624) (“CutWise”, “we”, “us”). We are the data controller for the personal data described here. You can reach us about anything in this policy at dev@mattjs.me.

The short version

• We collect what you log and the profile details needed to compute your targets.
• What you log for AI estimation (text, voice, or meal photos) is sent to our AI provider to read it back as calories and macros.
• We don’t sell your data, show ads, or use advertising trackers.
• You can export everything, or permanently delete your account and all of it, from inside the app at any time.

What we collect

Account & identity. You can use CutWise anonymously — in that case your account is tied to a private key stored on your device, not to your name. If you choose to save your account, we store the email address and name your sign-in provider gives us (Sign in with Apple, Google, or an email and password). If you use Apple’s “Hide My Email,” we only ever see the relay address.

Profile & goals. Sex, date of birth, height, weight, dietary preferences and the goals you set — used to calculate your calorie and macro targets.

What you log. Your meals and exercise, weigh-ins, steps, and water. This includes the text, voice notes, or photos of meals you submit for AI estimation.

Apple Health (optional). Only if you connect it: we read steps, weight, workouts, energy and body measurements, and write your logged meals, water, weight and workouts back. This happens through Apple’s on-device Health permissions, which you control and can revoke in iOS Settings at any time.

Subscription status. Whether you have an active CutWise Pro subscription. Payments are handled by Apple and our subscription provider — we never receive your card or full payment details.

Technical essentials. Authentication tokens and a hashed device-recovery key so your account survives reinstalls, plus basic logs needed to run and secure the service. We do not use advertising identifiers, and we don’t track you across other apps or websites.

Analytics & crash diagnostics. To see how features are used and to find and fix bugs, we use privacy-respecting product analytics (PostHog) and crash/error reporting (Sentry), both EU-hosted. These record in-app events (such as a screen viewed or a meal logged) and technical crash data (device model, OS version, error traces) linked to your account id. Crash reports are configured to exclude your IP address and screenshots, and none of this is used for advertising or shared with data brokers.

Health data

Much of what CutWise handles — your weight, what you eat, your activity — is health-related and treated as a special category of data under UK GDPR. We process it only to provide the features you ask for, on the basis of your explicit consent, which you give by entering it or connecting Apple Health. You can withdraw that consent at any time by disconnecting Apple Health or deleting your account.

How we use it

• To estimate the calories and macros of what you log, via our AI provider.
• To compute your program targets and show your progress over time.
• To sync with Apple Health, when you connect it.
• To run, secure, and support the app, and to manage your subscription.
• To understand how the app is used and to detect and fix crashes and bugs.
• To send essential account and verification emails.

Our legal bases under UK GDPR are: performance of our contract with you (to provide the app and your subscription), your consent (for health data and optional integrations), our legitimate interests (to keep the service secure, stable, and improving), and compliance with our legal obligations.

Who we share it with

We don’t sell your data. We share it only with the service providers that make CutWise work, each acting on our instructions:

• Convex — our database and backend, where your account and logs are stored (hosted in the EU).
• OpenAI (a third-party AI service) — receives the meal/exercise descriptions, voice transcriptions and meal photos you submit, solely to estimate their calories and macros. We ask for your consent in the app before anything is sent. Data is submitted via OpenAI’s API and, under their API terms, is not used to train their models; OpenAI is contractually bound to protect it with the same or equivalent safeguards described in this policy. Nothing else (your weight, health data, or account details) is sent.
• Apple — Sign in with Apple, App Store payments, and on-device Apple Health.
• Google — only if you choose Sign in with Google.
• RevenueCat — manages your subscription entitlement (alongside Apple).
• Resend — sends transactional emails (e.g. sign-in verification).
• Open Food Facts — when you scan a product barcode, only that barcode is sent to this public food database to look up the item; no personal data is shared.
• PostHog — privacy-respecting product analytics (in-app usage events), EU-hosted.
• Sentry — crash and error reporting to keep the app stable, EU-hosted (no IP address, no screenshots).

We may also disclose data if required by law, or to protect our rights, users, or the safety of others.

Where your data goes

Your account and logs are stored in the EU. Some providers above (such as OpenAI, RevenueCat and Resend) process data in the United States. Where data leaves the UK/EU, it is protected by appropriate safeguards such as Standard Contractual Clauses or the providers’ equivalent transfer mechanisms.

How long we keep it

We keep your data for as long as your account exists. Anonymous accounts persist via your device key so your history is there when you come back. When you delete your account, we remove your data from our systems; backups and provider logs age out shortly after in the ordinary course.

Your rights

Under UK GDPR you have the right to access, correct, delete, restrict, or object to our use of your data, and to data portability. The quickest way to exercise the main ones is built into the app:

• Export your data (Settings › Your data › Export data).
• Delete your account and everything in it (Settings › Your data › Delete account).

For anything else, email dev@mattjs.me. If you believe we’ve mishandled your data, you can complain to the UK Information Commissioner’s Office at ico.org.uk.

Security

Data is encrypted in transit, secrets are stored hashed, and access is limited to what’s needed to run the service. No system is perfectly secure, but we take reasonable steps to protect your information.

Cookies & this website

This is a simple marketing and information website. It doesn’t use tracking cookies, advertising pixels, or analytics, and it doesn’t build a profile of your visit.

Children

CutWise is not intended for anyone under 16, and we don’t knowingly collect data from under-16s. If you believe a child has given us their data, contact us and we’ll remove it.

Changes

We may update this policy as the app evolves. We’ll change the date at the top, and for significant changes we’ll make a reasonable effort to let you know.

Contact

Carbon Software LTD (company no. NI735624), registered in Northern Ireland. Questions or requests: dev@mattjs.me.