GDPR & Your Data Rights

This page explains how AVGusto complies with the EU General Data Protection Regulation (GDPR) and the UK GDPR. It applies to you if you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland. It supplements — and should be read together with — our Privacy Policy.

AVGusto is the data controller responsible for your personal data. For any data-protection question or to exercise the rights described below, contact us at ciao@avgusto.app. If we ever appoint a representative or data-protection officer, we will list their details here.

We only process your personal data when we have a lawful basis to do so under Article 6 GDPR:

• Performance of a contract (Art. 6(1)(b)): creating and maintaining your account, analysing your meal photos, syncing your data across devices, and managing subscriptions and scan packs.
• Consent (Art. 6(1)(a)): accessing your camera and photo library, connecting Apple Health / Health Connect, and showing personalized rewarded ads. You can withdraw consent at any time.
• Legitimate interests (Art. 6(1)(f)): keeping the app secure, preventing abuse, fixing crashes, and understanding which marketing channels bring users (UTM attribution) — balanced against your rights.
• Legal obligation (Art. 6(1)(c)): retaining transaction records where required by tax or consumer-protection law (handled by Apple / Google as the merchants of record).

Health Data (Special Category)

Activity and body-weight data read from Apple Health or Health Connect is special-category data under Article 9. We process it only on the basis of your explicit consent (Art. 9(2)(a)), given when you connect the integration, and you can revoke it at any time in your device’s Health settings.

The categories of data we process — account details, profile and nutrition goals, meal photos and analysis results, purchase and scan-tracking data, optional health/activity data, and crash diagnostics — are described in full in our Privacy Policy. We do not sell your personal data, and we do not use it for automated decision-making that produces legal or similarly significant effects.

Under the GDPR you have the following rights, free of charge:

• Right of access — obtain a copy of the personal data we hold about you.
• Right to rectification — correct inaccurate or incomplete data (most profile data is editable directly in the app).
• Right to erasure (“right to be forgotten”) — request deletion of your account and associated data.
• Right to restriction — ask us to limit how we use your data while a concern is resolved.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on our legitimate interests.
• Right to withdraw consent — withdraw any consent you have given (e.g. camera, health, personalized ads) without affecting prior processing.
• Right to lodge a complaint — contact your local data-protection supervisory authority.

Many actions are available directly in the app: edit your profile, delete individual meals or all local data, disconnect Apple Health / Health Connect, and request account deletion. For anything else, email ciao@avgusto.app. We will respond within one month, as required by Article 12(3), and may ask you to verify your identity before disclosing data.

Some of our processors — OpenAI (image analysis), Google / Firebase (authentication, database, storage, crash reporting), RevenueCat (subscriptions), and Google AdMob (rewarded ads) — process data on servers located outside the EEA, including in the United States. Where data is transferred internationally, it is protected by appropriate safeguards such as the EU Standard Contractual Clauses or an adequacy decision. Health data read from Apple Health / Health Connect stays on your device and is not transferred to these processors.

• Account, profile, and synced data: retained until you delete your account, after which it is removed from Firebase.
• Meal photos: stored locally on your device and never uploaded to our servers; cleared when you delete them or uninstall the app.
• Images sent to OpenAI: not used to train AI models; OpenAI may retain API data temporarily (up to 30 days) for abuse monitoring before deletion.
• Crash diagnostics: retained only as long as needed to investigate stability issues.

For any GDPR request or question about how we handle your data, contact us:

• Email: ciao@avgusto.app
• Website: avgusto.app