Legal

Privacy Policy

Effective from: [EFFECTIVE DATE]
Last updated: [EFFECTIVE DATE]

Who we are

This Privacy Policy describes how [COMPANY NAME LTD] ("Mackro", "we", "us", "our") collects, uses, and shares personal data when you use the Mackro mobile app (iOS and Android) and the website at mackro.co.uk (together, the "Service").

[COMPANY NAME LTD] is a private company limited by shares registered in England and Wales under company number [COMPANY NUMBER], with its registered office at [REGISTERED OFFICE]. We are registered with the UK Information Commissioner's Office (ICO) under registration number [ICO REGISTRATION NUMBER].

We are the data controller for personal data processed in connection with the Service.

If you have any questions about this Privacy Policy or your personal data, contact us at privacy@mackro.co.uk.

In short

We collect the minimum data we need to run the Service: account details, the food you log, photos of food you upload, messages you send to your coach, and basic usage telemetry.
If you are a client linked to a coach, your coach can see the data you log in Mackro. That is the core point of the Service.
We process food photos through Google Gemini for AI recognition. Photos are sent to Google for processing; Google does not train its models on this data.
We use a small number of trusted suppliers (subprocessors) to run the Service. They are listed below.
You can delete your account at any time from inside the app. Your data is permanently deleted within 30 days of the request.
The Service is for users aged 16 and over. We do not knowingly collect data from anyone younger.
You have rights over your data, including access, correction, and deletion. Contact us at privacy@mackro.co.uk to exercise them.

What data we collect

We collect data in three ways: data you give us, data generated as you use the Service, and data we receive from third parties (limited).

Data you give us

Account data

Email address
Password (stored hashed using industry-standard algorithms; we never see it in plaintext)
Display name
Account role (coach or client)
For coaches: business name, profile photo, accent colour and logo for client branding
For clients: optionally, the unique invite code linking you to a coach

Profile and onboarding data (clients)

Date of birth (used to derive age, not stored as a marketing field)
Height, weight, biological sex (used by the macro calculator)
Activity level and goal (used by the macro calculator)
Optional photo

Logged food data

Foods you log and the macros associated with them
Portion sizes
Photos you upload of meals
Recipes you save
Notes you attach to meals

Messages

Direct messages between coaches and their linked clients
Messages remain visible to both parties for the lifetime of the account

Payment data (limited)

For coaches: payment is processed by Stripe. Stripe holds your card details. We receive only your subscription status, plan, billing email, and a Stripe customer ID. We never see or store full payment card details.
For clients on Premium: payment is processed by Apple App Store or Google Play. RevenueCat tells us only whether you have an active Premium entitlement. We never see your payment details.

Support data

If you contact support@mackro.co.uk or use in-app help, we keep the contents of your message and our reply.

Data generated as you use the Service

Usage analytics

Screens visited, features used, key actions taken (e.g., meals logged, photos uploaded, messages sent — counts and timing, not contents)
Anonymous device information (device type, OS version, app version)
We use this to understand how the Service is used and to spot bugs and abuse. We use PostHog (see Subprocessors below).

Error and crash logs

If the app crashes or hits an error, we log technical information about what happened. We use Sentry (see Subprocessors below).
We strip personal data from these logs (no email addresses, no names, no food photos).

Network and device metadata

IP address (used to detect abuse and apply rate limits; not retained against your account beyond 30 days)
App user-agent string

Cookies and similar technologies

The Mackro mobile app does not set cookies. It uses a secure authentication token stored on your device.
The mackro.co.uk website uses essential cookies for the Service to function and analytics cookies to understand site traffic. See our Cookie Policy at mackro.co.uk/cookies for details.

Data we receive from third parties

From Stripe: subscription status, plan, billing email, customer ID
From Apple App Store / Google Play (via RevenueCat): IAP entitlement status
From Google Gemini: the result of AI photo recognition (we send a photo, we get back identified foods + estimated macros)

We do not buy data from data brokers. We do not enrich your profile from third-party sources.

How we use your data (lawful basis under UK GDPR)

What we do	Why we do it	Lawful basis
Create and maintain your account	To provide you with the Service you signed up for	Contract
Send you service emails (verification, password reset, billing receipts)	To run the Service	Contract
Process your food logs, photos and macros	To provide the core feature of the Service	Contract
Share your logged data with your linked coach (clients)	Required for the core coach-client feature; you opt in by linking a coach	Contract + consent
Process payments	To collect subscription fees	Contract
Detect and prevent fraud, abuse, and security incidents	To protect the Service and our users	Legitimate interests
Send AI photo recognition through Google Gemini	To provide the AI food recognition feature	Contract
Improve the Service via aggregated analytics	To understand how the Service is used and prioritise improvements	Legitimate interests
Comply with legal obligations (e.g., tax record-keeping, responding to lawful requests)	To meet our legal duties	Legal obligation
Send marketing emails	To tell you about new features (only if you opted in)	Consent

You can withdraw consent at any time for marketing emails by clicking unsubscribe at the bottom of any marketing email. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

How coaches and clients share data

This is the core of how Mackro works, so it deserves its own section.

When a client uses an invite code to link to a coach, the client consents to share with that coach:

The food they log
The macros they hit each day
Photos of meals they upload
Messages they send through the in-app chat
Their name and profile photo
Their goals and current weight (if logged)

The coach receives this data through the Mackro platform — they do not get a copy outside the app, and they cannot export it in bulk.

A client can unlink from a coach at any time. Once unlinked:

The coach loses access to the client's data going forward.
Historical data the coach has already viewed remains in the coach's record only as part of any messages or notes they personally created. The coach cannot continue to view the client's logs or meals.

If a coach blocks or removes a client, the same applies in reverse — the client retains their own data but loses access to that coach.

We are the data controller for client data throughout this flow. Coaches use the data through us and within the bounds of these terms; they are not separate data controllers and they cannot use the data outside the Mackro Service.

How we use AI (Google Gemini)

We use Google's Gemini 2.5 Flash large language model to identify foods in photos you upload. When you upload a meal photo:

The photo is sent to Google's Gemini API for processing.
Gemini returns identified foods and estimated macros.
We store the result against your account.

Important things to know:

No model training. We use the enterprise tier of the Gemini API. Per Google's terms for that tier, your photos and the inferred results are not used to train Google's models.
Data location. Photos are processed in Google's infrastructure. They may be processed in any region Google operates Gemini in, including outside the UK / EEA. We rely on the UK ICO's adequacy decision for transfers to the EEA, and on Standard Contractual Clauses (SCCs) for transfers further afield. See International transfers below.
Cache. We hash photos with SHA-256 and cache the AI result. If you (or anyone) uploads an identical photo, we return the cached result rather than re-processing. This reduces cost and latency. The hash is one-way — we cannot reconstruct your photo from the hash.
Disclosure in-app. Every screen that uses AI shows an "AI" disclosure indicator. The result is an estimate — verify it before relying on it for tracking.
Kill-switch. If the AI cost-protection system trips (e.g., abnormal usage), AI photo recognition is automatically disabled platform-wide until manually re-enabled. You can still log foods manually during this time.

You can use Mackro without AI photo recognition — every food log can be entered manually.

Subprocessors (third parties we use)

We rely on a small set of trusted third parties to run the Service. Each is bound by a data processing agreement that requires them to handle your data only on our instructions and to apply appropriate security.

Subprocessor	Purpose	Data shared	Location
Supabase	Database, authentication, file storage	All account, profile, log, message, photo data	EU (Ireland)
Stripe	Payment processing for coaches	Billing email, name, payment card (held by Stripe, not us)	UK + US
Apple App Store / Google Play	In-app purchases for client Premium	Apple ID / Google Account email, payment	Apple/Google global
RevenueCat	IAP entitlement management	Anonymous app user ID, entitlement status	US
Google Gemini API	AI photo recognition	Meal photos, account ID (not email)	Google global
Sentry	Error and crash logging	Technical context (no PII)	EU (Frankfurt)
PostHog	Product analytics	Anonymous user ID, feature usage	EU (Frankfurt)
Resend	Transactional emails	Email address, message content	US
Vercel	Marketing site hosting	Site visit metadata only (not app data)	US
Cloudflare	DNS and edge security for marketing site	Standard HTTP request metadata	Cloudflare global

A current version of this list is also available at mackro.co.uk/subprocessors. We will update this list when subprocessors change.

We will give you reasonable notice (typically 30 days) before adding a new subprocessor that materially changes how we process your data.

International transfers

Some of our subprocessors are based outside the UK or process data in the United States or other regions. When personal data leaves the UK we ensure an appropriate transfer mechanism is in place, such as:

The UK adequacy regulations for the European Economic Area
The UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum
Where applicable, certifications such as the UK Extension to the EU-US Data Privacy Framework

Copies of the relevant agreements are available on request from privacy@mackro.co.uk.

How long we keep your data

Data type	Retention period
Account data while account is active	For the lifetime of the account
Account data after deletion request	Permanently deleted within 30 days (see Account deletion below)
Logged food, photos, messages	For the lifetime of the account; deleted with the account
Payment records (Stripe-side, RevenueCat-side)	Per Stripe / Apple / Google retention; we hold only the customer ID
Tax records (invoices, VAT records once registered)	6 years from end of accounting period (UK statutory)
Sentry crash logs	90 days
PostHog analytics events	12 months
Server access logs (with IP)	30 days
Support correspondence	24 months
Marketing email contact (if opted in)	Until you unsubscribe

If you ask us to delete your account before the retention periods above expire, we will delete the data on the schedule described in Account deletion below.

Account deletion

You can delete your account from inside the app at any time:

Mobile app: Settings → Account → Delete account.

When you request deletion:

Your account is immediately marked for deletion. You can no longer log in.
There is a 30-day grace period during which you can email privacy@mackro.co.uk to undo the deletion. This is to protect against accidental or coerced deletion requests.
After 30 days, your account, all logged data, all photos, and all messages are permanently deleted from our production systems.
Backups containing your data are rotated within a further 60 days. After this period, no copy of your data exists in our systems.

We retain only:

A minimal record (account ID, deletion date) to comply with our legal obligations and to handle any future legal claims.
Tax-relevant records (e.g., past invoices) for the statutory retention period.

If you delete your account as a coach, your linked clients are notified and they can choose to either (a) link to a new coach using a new invite code, or (b) continue with a standalone account.

If you delete your account as a client, your linked coach loses access to all your data. Any messages you sent to the coach are deleted from the coach's view as well.

Your rights under UK GDPR

You have the following rights:

Right of access — request a copy of the personal data we hold about you.
Right to rectification — ask us to correct inaccurate or incomplete data.
Right to erasure — ask us to delete your data (see also Account deletion above).
Right to restrict processing — ask us to pause processing in certain circumstances.
Right to data portability — receive your data in a structured, commonly used, machine-readable format. We provide a JSON export from inside the app (Settings → Account → Export my data).
Right to object — object to processing based on legitimate interests, including for analytics.
Right to withdraw consent — where we rely on consent (e.g., marketing emails), you can withdraw it at any time.
Right to be informed — that's what this Privacy Policy is for.
Rights related to automated decision-making — we do not make decisions that have a legal or similarly significant effect on you using automated processing alone.

To exercise any of these rights, email privacy@mackro.co.uk. We will respond within one calendar month. We may ask you to verify your identity before acting on the request.

If you are not satisfied with our response, you can complain to the UK Information Commissioner's Office at ico.org.uk or by phone on 0303 123 1113.

Security

We take security seriously. The measures we use include:

All connections to the Service use TLS 1.2 or higher
Passwords are hashed with industry-standard algorithms; we never store them in plaintext
Optional two-factor authentication on coach accounts
Database access controlled with row-level security so users can only access their own data (and clients can only access data they are authorised to see based on coach-client links)
Logging and monitoring of unusual access patterns
Regular dependency vulnerability scanning
Encrypted backups
Limited and audited internal access — only authorised members of the Mackro team can access production systems

No system is completely secure. If we ever detect a personal data breach that is likely to result in risk to your rights, we will notify the ICO within 72 hours and notify affected users without undue delay.

Children

The Service is intended for users aged 16 and over. We do not knowingly collect personal data from anyone under 16. If we become aware that we have collected personal data from someone under 16, we will delete it promptly. If you believe we may have collected such data, contact privacy@mackro.co.uk.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent change. If we make material changes (for example, adding a significant new use of your data, or adding a subprocessor that materially changes how we process your data), we will notify you in advance — typically 30 days — by email or through an in-app notice.

The latest version is always available at mackro.co.uk/privacy.

Contact us

For privacy questions, data subject requests, or to report a concern:

Email: privacy@mackro.co.uk
Post: Privacy, [COMPANY NAME LTD], [REGISTERED OFFICE]

For complaints, you can also contact the UK Information Commissioner's Office:

Web: ico.org.uk
Phone: 0303 123 1113