Privacy Policy – Eatoo
Last updated: 21 May 2025
Shanghai Huanjie Tech Ltd. (“Company”, “we”, “our”, “us”) operates the mobile application Eatoo (“Service”). This Policy explains what personal information we collect, how we use it, the choices and rights you have, and how the law protects you.
1. Governing Laws
This Policy complies with:
- Canada – Personal Information Protection and Electronic Documents Act (PIPEDA) and Canada’s Anti-Spam Legislation (CASL).
- Australia – Privacy Act 1988 (Cth) with its 13 Australian Privacy Principles (APPs) and Notifiable Data Breach (NDB) scheme.
If any local law grants stronger protection, we will honour that law.
2. Definitions
- Privacy Officer – the person responsible for privacy compliance.
- Sensitive Information – data about health, biometric identifiers or other information classified as sensitive under APP 3 and PIPEDA guidance.
- Eligible / Real-Risk Breach – a breach likely to cause serious or significant harm under the Privacy Act 1988 or PIPEDA.
3. Privacy Officer
Name / Title: Tianxin Zheng, President
Email: txin@infsols.freeqiye.com
Mail: Room J, Apartment 201, Building 14, No. 655 Fengzhou Road, Jiading District, Shanghai 201801, China
4. What We Collect
| Category | Examples | Purpose |
|---|---|---|
| Account Data | Name, email | Create and manage your account |
| Profile & Health Data | Age, gender, height, weight, past medical conditions, dietary logs, workout stats | Core nutrition & fitness features |
| Images | Photos you upload (meals, body metrics) | AI food recognition & progress tracking |
| Audio Logs | Microphone recordings you create inside the app | Optional voice-based food or workout logging |
| Usage Data | IP address, device IDs, app screens visited, crash logs via Firebase Analytics & Crashlytics | Service improvement and diagnostics |
| Consent Records | Timestamped acceptance of this Policy and other in-app consents | Demonstrate compliance |
Sensitive Information (health images, medical history) is collected only after you tap “I Agree” on the in-app consent pop-up.
5. Legal Bases & Consent
We rely on:
- Meaningful / express consent for all processing of personal and sensitive information.
- Contract – to provide the Service you request.
- Legal obligation – e.g. to maintain tax records.
- Legitimate interests – e.g. fraud prevention and Service security, balanced against your rights.
You may withdraw consent at any time by emailing the Privacy Officer or via Settings → Privacy. Withdrawal does not affect processing already carried out lawfully.
6. How We Use Data
- Deliver, maintain and improve the Service.
- Generate personalised nutrition and workout insights.
- Communicate important updates or security alerts.
- Produce anonymous statistics and trends.
- Support corporate transactions (e.g. merger or acquisition) with prior notice.
- Any other purpose you explicitly authorise.
No direct marketing. We do not send promotional emails or push messages at this time. Should that change, we will first obtain your express opt-in consent and update this Policy.
7. Sharing & Third-Party Services
We do not sell personal data. We share it only as follows:
- Service Providers – Google Firebase (cloud hosting, analytics, crash reporting).
- Professional advisers – auditors, lawyers, insurers.
- Authorities – where the law requires.
- With your consent – e.g. if you export data to another app or service.
All vendors are bound by confidentiality terms and Standard Contractual Clauses (SCCs) or equivalent contractual safeguards.
8. International Transfers
Our primary servers are in East US. When data moves outside your jurisdiction we:
- Encrypt it in transit (TLS 1.3) and at rest (AES-256).
- Rely on Standard Contractual Clauses or equivalent data-protection agreements with suppliers.
- Have completed an internal Transfer Impact Assessment confirming residual risk is low.
9. Data Retention
| Data type | Retention rule |
|---|---|
| Account details | Deleted 2 years after you close your account |
| Health & diet logs | Deleted 12 months after your last activity or immediately on request |
| Crash / analytics logs | 18 months |
| Payment & tax records (if subscriptions are launched) | 7 years |
| Breach-incident logs | 24 months |
Backup copies are purged on the same schedule.
10. Security Measures
We apply ISO 27001-aligned controls, including role-based access, least privilege, multi-factor authentication for administrators, encryption, and annual penetration tests. While no method is 100 % secure, we strive for commercially reasonable protection.
11. Data-Breach Notification
Potential breach → 72 hours risk assessment.
If the breach is an eligible / significant-harm breach, we will notify affected individuals and:
- the Office of the Privacy Commissioner of Canada (OPC) without undue delay;
- the Office of the Australian Information Commissioner (OAIC) as soon as practicable and, where appropriate, publish a public notice.
12. Your Rights
| Canada (PIPEDA) | Australia (APPs) |
|---|---|
| Access, correction, deletion, data portability, withdraw consent, complain to OPC | Access, correction, anonymity/pseudonymity, withdraw consent, complain to OAIC |
Exercising your rights – email txin@infsols.freeqiye.com or use the in-app Settings → Privacy form. We respond within 30 days (Canada) or 28 days (Australia).
13. Children’s Privacy
Eatoo is not directed to children under 13. Age is self-declared during sign-up; accounts stating age < 13 are rejected. If we learn we have unintentionally collected such data, we delete it promptly.
14. Cookies & Analytics
On first launch we display an analytics-consent banner for Firebase. You may decline without losing core functionality, or later toggle analytics under Settings → Privacy.
15. Complaints
If you believe we mishandled your information, please contact our Privacy Officer first. You may also complain to:
- Office of the Privacy Commissioner of Canada – priv.gc.ca
- Office of the Australian Information Commissioner – oaic.gov.au
16. Changes
We may revise this Policy from time to time. Material changes will be emailed to registered users 30 days before they take effect, and the “Last updated” date will change accordingly.
17. Contact
Questions about this Policy? Email txin@infsols.freeqiye.com or write to the postal address in § 3.