Macropass Privacy Policy

Last updated: June 4, 2026

Macropass is operated by Iulia Brezeanu ("Macropass", "we", "us", or "our"). This Privacy Policy explains what information Macropass collects, how it is used, how it is stored, and how you can contact us about your data.

Contact: support@macropass.app

What Macropass Does

Macropass is an AI-native calorie and macro tracker. You can connect an AI assistant such as Claude or ChatGPT to Macropass using OAuth and MCP. The assistant can log, read, update, delete, summarize, and search your Macropass meal and nutrition data when you ask it to do so.

Macropass is not a medical device and does not provide medical advice, diagnosis, or treatment.

Information We Collect

We collect the information needed to operate Macropass:

• Account information: your sign-in provider identifier and, when available, your email address.
• Authentication information: OAuth client records, scopes, redirect URIs, access-token hashes, refresh-token hashes, authorization state, and short-lived email verification records.
• Food and nutrition data: meal names, timestamps, calories, macros, fiber, sugar, notes, itemized meal details, source client, goals, and optional weekday goal schedules.
• Operational information: request metadata needed for security, abuse prevention, rate limiting, troubleshooting, and service reliability.
• Product-usage information: we record non-identifying product events (for example: signing in, connecting an AI client, that a meal was logged, and subscription status changes) tied to a pseudonymous account identifier, to understand how Macropass is used and to improve it. This usage information does NOT include your meal names, notes, food descriptions, or any of the dietary content itself — only that an action happened, when, and which AI client performed it. Precise values such as calories are recorded only as coarse ranges, never exact numbers.
• Support information: anything you choose to send when contacting us for help.

Macropass does not collect Claude memory, Claude chat history, conversation summaries, or files uploaded to Claude. Macropass only receives the data sent to its MCP tools or app endpoints.

Health and Nutrition Data

Meal logs, calories, macros, goals, and related notes may reveal information about your diet, wellness habits, or health. We treat this as sensitive personal data. Macropass stores it so the app and your authorized AI clients can show your food log, nutrition totals, history, summaries, and goals.

Do not use Macropass for medical emergencies or as a substitute for professional medical, nutrition, or dietetic advice.

Analytics and Legal Basis

We use first-party, privacy-preserving product analytics (PostHog, hosted in the EU) to understand how Macropass is used so we can improve it. We do not use cookies or device-storage tracking for analytics, we do not use analytics for advertising, and we do not track you across other apps or websites. Your dietary and health content is never shared with our analytics provider.

Where the European Union General Data Protection Regulation (GDPR) applies, our legal basis for this non-identifying usage analytics is our legitimate interest in operating and improving Macropass (Article 6(1)(f)). You can ask us to stop processing your usage data for analytics, or to delete it, by contacting support@macropass.app. When you delete your account, your analytics records are queued for deletion with our analytics provider.

How We Use Information

We use your information to:

• Create and maintain your Macropass account.
• Authenticate you and your authorized AI clients.
• Store and display your meals, nutrition totals, goals, trends, history, and connected clients.
• Let authorized AI clients perform actions you request through Macropass tools.
• Send email verification codes when you choose email sign-in.
• Prevent abuse, enforce rate limits, secure the service, and debug failures.
• Measure and improve activation, onboarding, the AI-connection flow, reliability, and conversion, using non-identifying product-usage analytics.
• Respond to support, privacy, or legal requests.

We do not sell your personal information. Macropass does not serve advertisements or use third-party advertising trackers.

How Information Is Shared

We share information only as needed to operate the service:

• Cloudflare provides hosting, serverless compute, database, key-value storage, routing, security, and related infrastructure.
• Apple may process information when you use Sign in with Apple.
• Resend may process your email address to send verification codes if you use email sign-in.
• PostHog provides product analytics. We send PostHog non-identifying usage events (such as sign-in, AI-client connection, meal-logged, and subscription status) tied to a pseudonymous identifier. We do NOT send PostHog your meal content, food descriptions, notes, email address, or precise nutrition values. PostHog processes this data on our behalf as a data processor, hosted in the European Union (Frankfurt, Germany).
• AI clients you choose to connect, such as Claude or ChatGPT, may send requests to Macropass and receive the Macropass data needed to answer your request. Their use of your prompts and AI conversations is governed by their own policies.
• We may disclose information if required by law, to protect rights and safety, or to investigate abuse or security issues.

Data Storage and Retention

Macropass stores account, meal, nutrition, goal, OAuth client, and token records for as long as needed to provide the service or until you request deletion, subject to legal, security, and backup retention needs.

Some security and authentication records are short-lived:

• Authorization codes expire quickly.
• Email verification codes are short-lived.
• Access tokens are short-lived.
• Refresh tokens expire after a limited period unless rotated through continued use.
• Cached public signing keys and rate-limit records expire automatically.

OAuth bearer tokens are not stored in plaintext by Macropass; Macropass stores token hashes and verifies tokens by hashing submitted bearer tokens.

Security

Macropass uses HTTPS/TLS for data transmission. OAuth tokens are random bearer secrets, stored as hashes server-side, and access can be revoked. We use rate limiting, short-lived authorization state, and provider token verification to help protect accounts and the service.

No internet service can be guaranteed perfectly secure. If you believe Macropass has a security issue, contact support@macropass.app.

Your Choices and Rights

You can revoke an authorized AI client from Macropass. You can also contact us to request access, correction, export, or deletion of your Macropass data.

If you are in a jurisdiction with privacy rights, such as the European Economic Area, the United Kingdom, Switzerland, California, or another region with applicable privacy law, you may have additional rights regarding your personal information. Contact us at support@macropass.app to exercise those rights.

Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), gives you the following rights regarding the personal information Macropass holds about you. Macropass extends these rights to all users, regardless of location.

• Right to know and access. You can request the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties (service providers) with whom we share it. You can obtain a portable copy of your Macropass data at any time from within the app or by contacting us. The categories we collect are described in "Information We Collect" above (account, authentication, food and nutrition, operational, and support information).
• Right to delete. You can request deletion of your personal information. You can delete your account and all associated data directly from within the Macropass app, which permanently purges your account, meals, goals, and all connected-client tokens and grants. You may also contact us to request deletion.
• Right to correct. You can request correction of inaccurate personal information we hold about you.
• Right to non-discrimination. We will not discriminate against you for exercising any of your privacy rights.

Do Not Sell or Share My Personal Information

**Macropass does not sell your personal information, and does not share it for cross-context behavioral advertising**, as those terms are defined under the CCPA/CPRA. Macropass does not serve advertisements, does not use advertising or analytics trackers, and does not exchange your personal information for money or other valuable consideration. Because we do not sell or share personal information, there is no "Do Not Sell or Share My Personal Information" action you need to take — this practice applies to all users by default, including in the prior twelve months.

We do disclose personal information to service providers (Cloudflare, Apple for Sign in with Apple, and Resend for email verification codes) and to the AI clients you choose to connect, solely to operate the service and perform the actions you request, as described in "How Information Is Shared" above. These are not sales or shares for advertising; service providers are contractually limited to processing the information for Macropass's purposes.

Sensitive Personal Information

Your meal logs, calories, macros, goals, and related notes may constitute sensitive personal information because they can reveal information about your health. We use this information only to provide the Macropass service to you and to your authorized AI clients — never to infer characteristics about you for any other purpose, and never for advertising. You may limit our use of sensitive personal information, but because we already use it only for these necessary service purposes, no further limitation is required.

How to Exercise Your Rights

To exercise any of these rights, use the in-app account deletion and data export features, revoke a connected AI client from within the app, or contact us at support@macropass.app. We will verify your request using your authenticated account or sign-in identifier before acting on it, and we do not require you to create an additional account to make a request. You may use an authorized agent to submit a request on your behalf, subject to reasonable verification.

Children

Macropass is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to Macropass, contact us so we can delete it.

Changes

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above. Material changes will be reflected on this page.

Contact

Iulia Brezeanu
Email: support@macropass.app