Privacy Policy

Last updated: 28 April 2026

This policy explains what information Zadi ("we", "us", "our") collects when you use the Zadi mobile application or visit zadi.ink, why we collect it, who we share it with, and what control you have over it. It is written to satisfy the requirements of the UAE Personal Data Protection Law (PDPL, Federal Decree-Law No. 45 of 2021), Apple's App Store Review Guidelines, and Google Play's User Data policy.

1. Who we are

Zadi is operated from the United Arab Emirates. For privacy questions, contact support@zadi.ink.

2. Information we collect

Category	What it is	Why we collect it
Account	Email, password (hashed), display name, language preference	To create your account and log you in
Profile	Age, sex, height, weight, activity level, goals, food culture preference	To calculate your calorie/macro targets and personalise meal suggestions
Health & food	Meals you log, photos you scan, water intake, fasting timers, weight history	Core app functionality — tracking your nutrition
Subscription	RevenueCat customer ID, subscription status, purchase receipts	To unlock paid features and prevent fraud
Diagnostics	Crash logs, error events, app version	To find and fix bugs
HealthKit (optional)	Apple Health data you explicitly grant access to	Only if you turn HealthKit integration ON

3. How we use your information

Provide the service. Calculate your daily targets, render charts, generate meal plans, scan photos for calories.
Improve the service. Diagnose bugs and improve AI accuracy. We never use the content of your meal photos to train any third-party model.
Communicate. Send transactional emails (account confirmation, subscription receipts) and, only with consent, occasional product updates.
Comply. Honour legal obligations and respond to lawful requests from authorities.

4. Where your data lives

Zadi's backend runs on Supabase (Postgres database hosted in Singapore, ap-southeast-1). All tables that contain personal data have row-level security enabled — at the database level, only your authenticated user ID can read your own rows.

Subscription state is processed by RevenueCat. Payment processing is handled by Apple App Store / Google Play Store. We never see your card or bank details.

AI-assisted features call Anthropic Claude (for chat and dish recognition) and Groq Whisper (for voice logging). These calls are stateless — no personal identifiers are sent.

5. Sharing

We do not sell your personal data and we do not share it with advertisers. We share with the processors above strictly to operate the app, and with authorities only where legally required.

6. Your rights

Under UAE PDPL and equivalent laws, you have the right to:

Access the personal data we hold about you
Correct inaccuracies
Delete your account and the data associated with it
Export your data in a portable format
Withdraw consent for optional processing (e.g. HealthKit)

Account deletion is self-service from inside the app: Profile → Settings → Delete account. The action wipes your auth record and all rows tied to your user ID within 30 days. To exercise any other right, email support@zadi.ink.

7. Children

Zadi is intended for users 16 and older. We do not knowingly collect data from children under 16. If you believe a child has registered, contact us and we will delete the account.

8. Security

Data in transit is encrypted with TLS. Database access is gated by row-level security policies. Passwords are hashed (bcrypt). We can't guarantee perfect security on the public internet, but we apply current best practice and patch dependencies regularly.

9. Changes to this policy

If we materially change how we handle your data, we will update this page and notify active users by email or in-app notice.

10. Contact

Questions, complaints, data-rights requests: support@zadi.ink.