Privacy Policy

1. Who We Are

Data Controller: Apptite Labs UG (haftungsbeschränkt)

Address: Bagelstr. 132, 40479 Düsseldorf, Germany

Email: privacy@decidish.app

Under the GDPR, we are the data controller, meaning we determine the purposes and means of processing your data. We are not required to appoint a Data Protection Officer under Section 38 of the German Federal Data Protection Act (BDSG), as we have fewer than 20 employees engaged in automated data processing. You can reach us directly at the email address above for any privacy-related questions.

2. What Data We Collect

We are committed to collecting only what is necessary for Decidish to work. Here is an exhaustive list of the data involved, organized by where it goes.

2.1 Data Stored Locally on Your Device

The following data is stored only on your iPhone using Apple's UserDefaults system. We do not send these values to our servers.

• Food Preference — Your dietary preference (e.g., omnivore, vegetarian, vegan) used to tailor recommendations.
• Selected Goal — Which of the five recommendation goals you have chosen (e.g., Healthy Pick, Calories, Protein & Refuel, Salt & Fat Smart, Seasonal Pick).
• A/B Test Variant — A variant identifier used to test different versions of onboarding and paywall screens.

Food preferences and goals are stored only on your device. We do not receive or access these settings on our servers. You can change them at any time in the app. To delete this data, simply uninstall Decidish from your iPhone.

Note: If analytics are enabled, your A/B test variant code may be included as part of anonymous usage events sent to TelemetryDeck. This code is non-identifying and cannot be linked to you or your device.

2.2 Data Sent to Third Parties

When you scan a menu, certain data is transmitted to third-party services to provide you with results. Each transmission is described below.

Menu Photos

When you take a photo of a menu, the image is sent to OpenAI's Vision API through Vercel Edge Functions for the sole purpose of extracting the text from the menu. We do not configure Vercel to persist menu images. Transient processing occurs to route requests to our AI provider. OpenAI retains API inputs for up to 30 days for abuse monitoring, then deletes them. OpenAI does not use API data to train its models.

Analytics Events

We use TelemetryDeck, a privacy-first analytics provider based in Germany, to understand how the app is used (for example, which features are popular or where users encounter issues). TelemetryDeck is designed to operate without collecting personal identifiers. Basic network metadata may be processed transiently by infrastructure providers. All analytics data is stored within the EU (AWS Frankfurt and Hetzner Germany).

Subscription Data

Decidish offers subscriptions managed entirely through Apple's StoreKit framework. We receive only a purchase confirmation and subscription status from Apple. We do not see or store your payment details, Apple ID, or billing address. Apple processes all payment data under its own privacy policy.

Service Provider Logs

Our service providers may process IP addresses and basic request metadata for security, fraud prevention, and service reliability. We do not use this data to identify you.

2.3 Is Providing Your Data Required?

For some data, providing it is necessary for Decidish to function. For other data, it is optional. Here is a clear breakdown:

• Menu photo — Required. Without a menu photo, Decidish cannot extract menu items or generate recommendations. This is the core service.
• Goal selection — Required. Decidish needs to know which goal to use for ranking your menu. A default (Healthy Pick) is pre-selected.
• Food preference — Optional. If you do not set a food preference, Decidish still works but recommendations are less personalized.
• Analytics (TelemetryDeck) — Enabled by default; you can disable at any time in Settings > Privacy. Anonymous, privacy-preserving analytics help us improve the app. No email required. Your choice takes effect immediately and applies to future analytics events.
• Subscription data — Required for paid features. If you do not subscribe, you can use the free trial. Apple handles all payment data.

2.4 Data Stored on Our Servers

None. We do not store your scans on our own servers. Our service providers may retain limited data as described in Section 4 (Sub-Processors). We do not operate a backend database and do not maintain user profiles, accounts, or any persistent record of who you are.

3. Why We Collect It (Purposes and Legal Basis)

Under the GDPR, every instance of data processing requires a lawful basis. Here is a transparent mapping of each processing activity to its purpose and legal basis.

• Menu photo analysis via OpenAI — Purpose: Extract text from menu to generate recommendations. Legal Basis: Art. 6(1)(b) — Performance of contract. AI-powered menu analysis is the core service you subscribe to. Sending your menu photo to our AI provider is technically necessary to deliver this service. Before your first scan, Decidish displays an information screen explaining what data is sent and to whom.
• Stateless routing via Vercel — Purpose: Transmit your menu photo to OpenAI securely. Legal Basis: Art. 6(1)(b) — Performance of contract. Technical infrastructure necessary to deliver the service.
• Analytics via TelemetryDeck — Purpose: Understand app usage, fix bugs, improve the product. Legal Basis: Art. 6(1)(f) — Legitimate interest. We process anonymous, privacy-preserving usage analytics based on our legitimate interests to maintain and improve Decidish, measure performance, and fix bugs. You can opt out at any time in Settings > Privacy. We have balanced these interests against your rights and freedoms by using a privacy-minimizing analytics setup, avoiding advertising tracking, and providing an easy opt-out.
• Subscription management via Apple — Purpose: Process your subscription and verify your plan. Legal Basis: Art. 6(1)(b) — Performance of contract. Necessary to provide you with the subscription you purchased.
• Local preferences (UserDefaults) — Purpose: Remember your food preference and selected goal. Legal Basis: Art. 6(1)(b) — Performance of contract. Part of the personalization service you use Decidish for.

Regarding analytics: TelemetryDeck is designed to work without advertising identifiers or cross-app tracking and to minimize data collection. Anonymous analytics are enabled by default. You can disable them at any time in Settings > Privacy. No email required. Your choice takes effect immediately and applies to future analytics events. Disabling analytics does not affect any other functionality of the app.

4. Who We Share It With

We share data only with the service providers listed below. We do not sell, rent, or trade your data to anyone.

4.1 Sub-Processors

The following providers act as data processors under a Data Processing Agreement (DPA) with us.

• OpenAI, Inc. (via OpenAI Ireland Ltd. for EEA users) — Location: United States. Purpose: Vision API — text extraction from menu photos. Data Received: Menu photo images.
• Vercel Inc. — Location: United States. Purpose: Edge Functions — request routing between app and OpenAI. Data Received: Menu photo images (transient processing).
• TelemetryDeck GmbH — Location: Germany. Purpose: Privacy-first analytics. Data Received: Anonymized usage events (no personal data).

We maintain Data Processing Agreements (DPAs) with OpenAI, Vercel, and TelemetryDeck to ensure they handle your data in accordance with applicable data protection laws.

4.2 Independent Controllers

Apple Inc. acts as an independent data controller for App Store transactions, payments, and subscription management. We receive subscription status information from Apple as part of service delivery. Apple is not our sub-processor and we do not have a DPA with Apple for these activities. Apple's data processing is governed by Apple's own Privacy Policy and developer terms.

We do not share data with advertising networks, data brokers, social media platforms, or any other third parties beyond those listed above.

5. AI-Powered Analysis

Decidish uses artificial intelligence to read your menu and generate food recommendations. This section explains exactly how that works, what data is involved, and what happens to it.

5.1 How It Works

When you photograph a restaurant menu, the image is sent through a secure connection (TLS/HTTPS) to Vercel Edge Functions, which routes it to OpenAI's Vision API. OpenAI's AI model reads the text on the menu and returns a structured list of dishes. Decidish then applies its own scoring and ranking logic on your device to generate personalized recommendations based on the goal you selected.

The AI is used for two purposes: extracting text from menu images, and generating supplementary content such as short descriptions and calorie estimates for individual dishes. The final ranking and recommendations are determined by Decidish's own algorithms, not by the AI model alone.

5.2 Disclosure

Before your first scan, Decidish displays an information screen explaining that menu photos are sent to OpenAI for text extraction and analysis. This screen describes what data is sent, to whom, and why. You must acknowledge this disclosure before any data leaves your device. Because AI-powered menu analysis is the core service Decidish provides, this processing is necessary to deliver the service you subscribe to (see Section 3, Legal Basis).

5.3 What Data Goes to OpenAI

• The photo you take of the restaurant menu.
• No personal data (name, location, preferences, or device identifiers) is included in the request to OpenAI.

Decidish is designed to process only menu text. However, photos you take may incidentally capture other information visible in the frame, such as faces of other diners, personal items on the table, or other surroundings. You control what you photograph. Please ensure your menu photos contain only menu content and avoid capturing personal items, faces, or other non-menu information. If this concerns you, you can crop your photo to show only the menu before scanning.

We do not perform facial recognition or biometric identification. Images are processed only to extract menu text and generate menu insights.

5.4 How OpenAI Handles Your Data

• Retention: OpenAI retains API inputs for up to 30 days for safety and abuse monitoring, then permanently deletes them.
• No model training: OpenAI does not use data submitted through its API to train or improve its models.
• Sub-processors: OpenAI uses its own sub-processors as documented in its Data Processing Addendum. We have reviewed these and executed a DPA with OpenAI.
• EU entity: For EEA users, data processing is governed by OpenAI Ireland Limited.

We may change AI models or providers over time to improve the service. If we change our AI provider in a material way, we will update this policy before the change takes effect and list the new provider. We will comply with applicable AI transparency requirements, including those under the EU AI Act, as they come into effect.

5.5 Limitations

AI-generated recommendations and calorie estimates are approximations. They can contain errors. Actual nutritional values vary based on portion size, preparation method, and ingredients not visible in the menu text. Decidish does not identify, detect, or warn about allergens. If you have food allergies or intolerances, always confirm ingredients with restaurant staff. See our Terms of Use for our full wellness and allergen disclaimer.

Decidish's recommendations do not constitute automated decision-making with legal or similarly significant effects within the meaning of GDPR Article 22. The recommendations are informational only and do not restrict your choices at the restaurant.

6. International Data Transfers

Apptite Labs UG is based in Germany (European Union). Some of the third-party services we use are located in the United States. When data is transferred from the EU to the US, we ensure it is protected by one of the following legally recognized mechanisms.

6.1 EU-US Data Privacy Framework (DPF)

Vercel Inc. is certified under the EU-US Data Privacy Framework, including the UK Extension and the Swiss-US Data Privacy Framework. Transfers to Vercel are based on the European Commission's adequacy decision for the DPF.

6.2 Standard Contractual Clauses (SCCs)

OpenAI, Inc. is not certified under the DPF. Transfers to OpenAI are protected by Standard Contractual Clauses (Module 2: Controller to Processor), as adopted by the European Commission on June 4, 2021, and incorporated into our Data Processing Agreement with OpenAI. For EEA users, the contracting entity is OpenAI Ireland Limited.

We maintain a Transfer Impact Assessment to evaluate the level of data protection provided when transferring data to OpenAI in the United States. Based on this assessment, we have determined that the combination of SCCs and OpenAI's technical and organizational safeguards provides adequate protection for your data. A summary of this assessment is available upon request.

6.3 No Transfer Required

TelemetryDeck GmbH is based in Germany and stores all data within the European Union (AWS Frankfurt and Hetzner Germany). No international data transfer occurs.

7. How Long We Keep It

We aim to be transparent about how long data is retained. Where we control retention, we state specific periods. Where data is retained by a processor, we explain the criteria and link to their policy.

• Menu photos at OpenAI — Up to 30 days, then permanently deleted. OpenAI does not use API data for model training.
• Menu photos at Vercel — We do not configure Vercel to persist menu images. Transient processing occurs to route requests to OpenAI.
• Analytics events at TelemetryDeck — TelemetryDeck retains anonymized, aggregated analytics data. We do not store analytics data on our own infrastructure. For TelemetryDeck's specific retention practices, see their documentation at telemetrydeck.com.
• Subscription data at Apple — Managed by Apple under its own retention policy. We receive only subscription status, which we do not store.
• Local preferences on your device — Stored until you uninstall Decidish or reset app data via iPhone Settings.

We do not maintain any server-side database. There is no data on our systems to retain or delete.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data. These rights apply to all users, regardless of location. We extend GDPR-level rights to all our users as our baseline standard.

• Right of Access (Art. 15) — You can request a copy of any personal data we hold about you. Because Decidish does not maintain user accounts, we may not be able to associate data access requests with specific devices or past scans. We will make reasonable efforts to assist with your request.
• Right to Rectification (Art. 16) — You can ask us to correct inaccurate personal data. Your food preference and goal are stored locally on your device and can be changed directly in the app's settings.
• Right to Erasure (Art. 17) — You can request deletion of your personal data. Uninstalling the app removes all local data. For data held by our sub-processors (e.g., menu photos retained by OpenAI for up to 30 days), we will assist where feasible. However, because scans are processed without persistent user identifiers, we may not be able to identify the relevant data held by our processors.
• Right to Restriction (Art. 18) — You can ask us to restrict processing of your data in certain circumstances. Practically, this means not using Decidish until your request is resolved.
• Right to Data Portability (Art. 20) — You can request your data in a structured, machine-readable format. Because Decidish does not maintain user accounts, we may not be able to associate data access requests with specific devices or past scans. We will make reasonable efforts to assist with your request.
• Right to Object (Art. 21) — You can object to any processing based on legitimate interest. For analytics, you can opt out at any time in Settings > Privacy. Your choice takes effect immediately. If you object for reasons related to your particular situation, we will stop processing unless we demonstrate compelling legitimate grounds.
• Right to Lodge a Complaint — You have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is listed below.

8.1 How to Exercise Your Rights

Send your request to privacy@decidish.app. We will respond within 30 days (or 45 days for California residents, as required by the CCPA). We will not charge a fee for reasonable requests. If we cannot verify your identity, we will explain why and what steps you can take.

8.2 Supervisory Authority

Our lead supervisory authority is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestr. 8–10
40213 Düsseldorf, Germany
Website: www.ldi.nrw.de

You may also lodge a complaint with the supervisory authority in your country of residence.

9. Children's Privacy

Decidish is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with data, please contact us at privacy@decidish.app and we will take steps to delete it.

Under the US Children's Online Privacy Protection Act (COPPA), we do not collect, use, or disclose personal information from children under 13. Decidish is rated 13+ in the Apple App Store.

In the European Economic Area, the minimum age for consenting to data processing varies by member state (between 13 and 16 years). We recommend that children in the EEA use Decidish only with parental guidance.

10. Data Security

We take the following measures to protect your data:

• Encryption in transit: All communication between Decidish and our service providers uses TLS/HTTPS encryption.
• No server-side storage: We do not operate a backend database. Service providers may retain limited data as described in Section 4.
• Data Processing Agreements: We have executed DPAs with OpenAI and Vercel, ensuring they maintain appropriate technical and organizational security measures.
• Minimal data collection: We collect only what is strictly necessary. No accounts, no emails, no cross-app tracking.
• Privacy-first analytics: TelemetryDeck anonymizes all data on your device before transmission and stores it within the EU.

No system is perfectly secure. If you become aware of a security vulnerability in Decidish, please contact us at privacy@decidish.app.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this policy. For significant changes (such as new categories of data collection or new sub-processors), we will notify you through an app update or via App Store update notes before the changes take effect.

Your continued use of Decidish after a policy update constitutes acceptance of the updated policy. If you do not agree with the changes, you may stop using Decidish and uninstall the app, which will remove all local data.

12. Contact Us

If you have questions about this Privacy Policy, want to exercise any of your rights, or have a privacy concern, please contact us:

Apptite Labs UG (haftungsbeschränkt)
Bagelstr. 132, 40479 Düsseldorf, Germany
Email: privacy@decidish.app

We aim to respond to all privacy inquiries within 30 days.

California Addendum

Supplemental Privacy Disclosures for California Residents

This California Addendum supplements the Decidish Privacy Policy above and provides additional disclosures required under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"). This addendum also addresses the Washington My Health My Data Act and other US state privacy laws.

If there is a conflict between this addendum and the main Privacy Policy, this addendum controls for California residents.

A1. Categories of Personal Information

The following describes the categories of personal information we have collected in the preceding 12 months, as defined by the CCPA.

• Identifiers (name, email, account name) — Collected? No. Decidish does not collect identifiers. No accounts, no email, no login.
• Identifiers (IP address, device metadata) — Collected? Yes (limited/transient). Our service providers may process IP addresses and basic request metadata for security and service reliability. We do not use this data to identify you.
• Internet or network activity (browsing history, interactions) — Collected? Yes (limited). Source: Automatically via TelemetryDeck. Business Purpose: Anonymized usage analytics to improve the app. TelemetryDeck is designed to operate without collecting personal identifiers. Basic network metadata may be processed transiently by infrastructure providers.
• Sensory data (audio, visual) — Collected? Yes. Source: User-initiated camera capture. Business Purpose: Menu photos are sent to OpenAI for text extraction. Not stored by us.
• Commercial information (purchase history) — Collected? Yes (limited). Source: Apple StoreKit. Business Purpose: Subscription status only. We do not see payment details.
• Geolocation data — Collected? No. Decidish does not request or collect location data.
• Biometric information — Collected? No. Not collected.
• Professional or employment information — Collected? No. Not collected.
• Education information — Collected? No. Not collected.
• Inferences drawn from PI — Collected? No. We do not build user profiles or draw inferences about consumers.
• Sensitive personal information — Collected? Yes (limited, local only). Source: User-selected in app. Food preference (e.g., vegetarian, vegan) is stored locally on your device. It is never transmitted to our servers or any third party. See also Section A5 (Washington Health Data Notice).

A2. Do Not Sell or Share

We do not sell your personal information. We have not sold personal information in the preceding 12 months and have no plans to do so.

We do not share your personal information for cross-context behavioral advertising. We do not use advertising networks, retargeting pixels, or any form of behavioral advertising.

Because we do not sell or share personal information, there is no need for an opt-out mechanism under CCPA Section 1798.120. However, you can always contact us at privacy@decidish.app if you have questions about our data practices.

A3. Your California Privacy Rights

If you are a California resident, you have the following rights under the CCPA:

• Right to Know / Access — You can request that we disclose the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we share it.
• Right to Delete — You can request that we delete personal information we have collected from you, subject to certain exceptions (such as legal obligations).
• Right to Correct — You can request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale/Sharing — You can opt out of the sale of your personal information or sharing for cross-context behavioral advertising. We do not engage in either activity.
• Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA rights. We will not deny you services, charge different prices, or provide a different quality of service.

We do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA. We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

A4. How to Submit Requests

You can exercise your privacy rights through the following designated channels:

• Email: Send your request to privacy@decidish.app. This is our primary channel for all privacy inquiries and rights requests.
• In-App: Open Decidish > Settings > Privacy & Terms > Contact Us to send a privacy request directly from the app.

Additionally, to delete all data stored locally on your device without submitting a request, simply uninstall Decidish or go to iPhone Settings > General > iPhone Storage > Decidish > Offload App.

Verification

Because Decidish does not maintain user accounts, verifying your identity for a privacy request is challenging. We will work with you in good faith to verify your identity using the information available. This may include asking you to provide details about your interactions with the app.

Response Timeline

We will acknowledge your request within 10 business days and provide a substantive response within 45 calendar days. If we need additional time, we will notify you and may extend the response period by an additional 45 calendar days (90 calendar days total).

Authorized Agents

You may designate an authorized agent to submit a request on your behalf. The agent must provide proof of authorization (such as a signed written permission or power of attorney). We may still ask you to verify your identity directly.

A5. Washington Health Data Notice

Decidish does not collect, share, or sell consumer health data as defined under the Washington My Health My Data Act (RCW 19.373, "MHMD"). Dietary preferences and wellness goal selections are stored exclusively on your device and are never transmitted to our servers or third parties. Because we do not collect consumer health data, the consent requirements under MHMD for collection and sharing do not apply.

For Washington residents, we additionally note:

• Geofencing: Decidish does not collect location data and does not geofence any healthcare facility.
• Deletion: You can delete all locally stored preferences by changing your settings in the app or by uninstalling Decidish.

If you are a Washington resident and wish to exercise your rights under this law, please contact us at privacy@decidish.app.

A6. Other US State Privacy Rights

If you reside in a US state with applicable consumer privacy legislation, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Oregon (OCPA), Indiana (SB 5), Utah (UCPA), or other states that have enacted similar laws, you have rights that are substantially similar to those described in this addendum, including:

• The right to access the personal data we hold about you
• The right to delete your personal data
• The right to correct inaccurate personal data
• The right to data portability
• The right to opt out of the sale of personal data, targeted advertising, or profiling

We do not sell personal data, engage in targeted advertising, or profile consumers for any of the purposes covered by these laws.

To exercise any of these rights, contact us at privacy@decidish.app. If we deny your request, you have the right to appeal. To appeal, reply to our response email with the subject line "Privacy Rights Appeal" and we will review your request again within 60 days.

End of California Addendum