Privacy Policy

Satomi is an AI health coach built by Imbram Wojdak, an independent developer based in the United Kingdom. This policy explains what data the app collects, why we collect it, who we share it with, and the rights you have over it. It is written in plain English on purpose.

1. Who this policy applies to

Satomi is built for adults aged 18 and over. We do not knowingly collect information from anyone under 18, and we ask for your date of birth during sign-up to enforce this. If you believe a minor has created an account, email imbramwdev@gmail.comand we will delete the account and its data.

2. Who is responsible for your data

The data controller under UK GDPR is:

• Imbram Wojdak (sole developer, trading as “Satomi”)
• Contact: imbramwdev@gmail.com

Because Satomi is a one-person operation, we are not required to appoint a Data Protection Officer, but imbramwdev@gmail.com is the single point of contact for every privacy question, request, or complaint.

3. What we collect

3.1 Account information

• Email address (used to sign you in and contact you about the service).
• Password (only if you create an account with email and password — it is hashed and stored by Firebase Authentication, we never see your password in plain text).
• If you use Sign in with Apple: your Apple user identifier, and, the first time you sign in, your first and last name. Apple lets you hide your email using its private relay service; we respect that choice.
• If you use Sign in with Google: your Google account email, display name, and profile photo URL.
• A unique Satomi user ID generated by Firebase.

3.2 Onboarding profile

During onboarding, you choose to share:

• First and last name
• Gender
• Date of birth (we use it to calculate your age and to confirm you are 18+)
• Height and weight, plus your preferred units
• Your fitness goal (for example, lose weight, build muscle, sleep better)
• Activity level and diet type
• Self-reported sleep quality and the barriers that get in your way
• A profile photo, if you upload one

3.3 Health data (Apple HealthKit)

With your permission, Satomi reads the following from Apple Health on your device:

• Heart rate and resting heart rate
• Heart rate variability (HRV)
• Active energy burned (calories)
• Step count
• Sleep analysis — bedtime, wake time, and sleep stages (core, deep, REM)

Satomi only readsfrom HealthKit — we never write data back to Apple Health. Apple’s rules forbid us from using HealthKit data for advertising, data mining, or sale, and we do not. You can revoke HealthKit access at any time in iOS Settings → Privacy & Security → Health → Satomi.

3.4 Meal photos and nutrition estimates

When you log a meal, Satomi takes or imports a photo, sends it to Google Gemini for analysis, and stores the resulting title, calorie estimate, protein estimate, and list of food components. The photo file itself is saved on your device. Meal photos are sent to Gemini only at the moment of analysis; we do not upload them to our own servers.

3.5 Chat messages

Your conversations with the Satomi AI coach — both typed and voice messages — are stored on your device and sent to Google Gemini so the coach can reply. If you use voice input, iOS converts your speech to text on-device or via Apple’s Speech Recognition service; the raw audio is not kept.

You can choose how long chat history is kept in Settings: forever, 30 days, or 7 days. Messages are automatically deleted from the app after that window.

3.6 Streaks and usage

• Current streak, longest streak, last active date
• Basic device information that Firebase needs to sign you in and protect your account from abuse

3.7 What we do not collect

• We do not collect your location.
• We do not access your contacts, calendar, or photos beyond the ones you pick for meal logging.
• We do not use advertising identifiers (IDFA) or third-party analytics.
• We do not use crash-reporting SDKs such as Crashlytics or Sentry.
• We do not ask for App Tracking Transparency permission because we do not track you across other apps or websites.

4. How we use your data

• To provide personalised coaching that reflects your body, goals, and habits
• To analyse your meal photos and estimate calories and protein
• To sign you in, sync your data across devices, and restore it if you reinstall the app
• To enforce the 18+ age requirement
• To protect the service from abuse and fraud (via Firebase App Check)
• To fix bugs and improve the app based on our own testing
• To respond to you when you contact us

We do not sell your data, rent it, share it with advertisers, or use it to profile you for marketing. We do not make automated decisions that have legal or similarly significant effects on you.

5. Our legal bases (UK GDPR)

• Performance of a contract (Art. 6(1)(b)) — we process your account, profile, meal, and chat data because you have asked us to provide the Satomi service.
• Explicit consent (Art. 6(1)(a) and Art. 9(2)(a)) — health data is special-category data, so we only process it after you give specific, informed consent during onboarding. You can withdraw that consent at any time by turning off HealthKit, clearing the relevant data, or deleting your account.
• Legitimate interests (Art. 6(1)(f)) — for security, abuse prevention, and basic service-reliability work. We have considered your rights and reached the view that this processing is proportionate.
• Legal obligation (Art. 6(1)(c)) — where we must keep records to comply with a legal requirement (for example, a subpoena).

6. Who we share data with

Satomi is a small app that relies on a few well-known service providers. They act as our data processors — we only share what is necessary for the feature to work.

Google (Firebase Authentication, Cloud Firestore, App Check)

Your email, profile, meal metadata (title, calories, protein, timestamps), health snapshots, and streak data are stored in Firebase so that you can sign in from any device. Meal photos are notuploaded to Firebase — they live on your phone. Firebase’s handling of data is described in Firebase’s Privacy and Security in Firebase documentation and Google’s Privacy Policy.

Google (Gemini API)

Every time you send a chat message or analyse a meal, Satomi sends the following to the Gemini API: your message or meal photo, recent chat context, and a short summary of your profile and latest health metrics, so the model can give relevant advice. Google’s handling of Gemini API data is described in the Gemini API Additional Terms of Service. We use the paid Gemini API tier, and per Google’s terms, the content you send is not used to train Google’s generative models.

Apple

Apple processes your Sign in with Apple credentials and provides HealthKit on your device. Apple also delivers in-app purchases and manages subscriptions. See the Apple Privacy Policy.

No one else

We do not work with advertising networks, data brokers, analytics vendors, A/B testing services, email-marketing tools, CRMs, or any other third-party platform that processes your personal data. If that ever changes, we will update this policy and ask for fresh consent where the law requires it.

7. International data transfers

Firebase and the Gemini API are operated by Google and run on Google’s global infrastructure, which is primarily located in the United States. That means your personal data — including special-category health data — may be transferred to, stored in, or processed in the US and other countries outside the United Kingdom and European Economic Area.

To keep these transfers lawful under UK GDPR we rely on:

• Google’s Standard Contractual Clausesand the UK International Data Transfer Addendum, which are part of Google’s Data Processing and Security Terms.
• Your explicit consent, which we capture during onboarding, after clearly telling you that US data-protection laws may offer less protection than UK law. You can withdraw that consent at any time by deleting your account.

8. Where your data lives

• On your iPhone:your onboarding profile, meal photos and their metadata, chat history, health snapshots, and streak data are stored locally in iOS’s standard app storage (UserDefaultsand the app’s Documents directory). This storage is protected by iOS device encryption while your phone is locked.
• In Firebase Firestore: a copy of your profile, meal metadata (no images), health snapshots, and streaks so that you can sign in on another device. Google encrypts this data in transit (TLS) and at rest.
• In transit to Gemini: chat messages, meal photos, and a short health summary, sent over HTTPS, only at the moment of a request.

9. How long we keep your data

• Your account and cloud-synced data (profile, meals, health snapshots, streaks) are kept until you delete your account.
• Chat history is kept for the retention window you choose in Settings (forever, 30 days, or 7 days).
• When you delete your account from Settings, Satomi erases your Firestore data, your Firebase Authentication record, and the local copies of your data on the device.
• Google may keep Gemini API request logs for a short period to run and secure the service; those retention periods are controlled by Google, not by us.
• Correspondence you send to imbramwdev@gmail.com may be kept for up to 24 months so we can answer follow-up questions and keep a record of support history.

10. Your rights under UK GDPR

You have the right to:

• Access — ask for a copy of the personal data we hold about you.
• Rectification — ask us to correct data that is wrong or out of date. You can update most of your profile directly in the app.
• Erasure — ask us to delete your data. The fastest way is to tap Delete Account in the app; you can also email imbramwdev@gmail.com.
• Portability — ask for a machine-readable copy of the data you gave us. Email imbramwdev@gmail.com and we will send you a JSON export.
• Restriction — ask us to stop using your data in certain ways while we resolve a dispute about it.
• Objection — object to processing we do under legitimate interests.
• Withdraw consent — for health data and international transfers, at any time, by deleting your account or revoking HealthKit permission.
• Complain to the ICO— the UK Information Commissioner’s Office at ico.org.uk. We would appreciate the chance to resolve your concern first, but you are not required to contact us before contacting them.

We will respond to any rights request within one month. If we need more time because the request is complex, we will tell you within that first month.

11. Security

We use the built-in security features of Firebase and iOS to protect your data:

• All traffic between the app and our providers uses TLS (HTTPS).
• Firebase encrypts data at rest.
• Passwords are handled by Firebase Authentication; we never see or store them in plain text.
• Firebase App Check helps stop malicious clients from impersonating the app.
• Local data on your device is protected by iOS data protection while your phone is locked.

To be transparent: local data in UserDefaultsis not separately encrypted beyond iOS’s own protections, so please keep a passcode on your phone. No system is perfectly secure, and we cannot guarantee absolute security, but if we become aware of a breach that affects your data we will notify you and the ICO as required by law.

12. Children

Satomi is not directed at children. You must be 18 or older to use the app. If you are a parent or guardian and believe a child has given us personal data, email imbramwdev@gmail.com and we will delete it.

13. Changes to this policy

If we make a material change — for example, adding a new third-party service or changing what data we collect — we will update this page, change the effective date at the top, and let you know in the app before the change takes effect. Smaller wording improvements will just be reflected in a new effective date.

14. Contact

For any privacy question, correction, export, or deletion request:

• Email: imbramwdev@gmail.com
• Controller: Imbram Wojdak, United Kingdom

You can also write to us by post; email first and we will share a postal address if you need one.