Biscai — Privacy Policy
Last updated: 30 June 2026
This Privacy Policy explains how Biscai ("Biscai", "we", "us") collects, uses, and protects your information when you use the Biscai mobile application (the "App"). The App is operated by Pavel Nikolov, contact support@biscai.ai.
By using the App you agree to this Policy. If you do not agree, please do not use the App.
1. Information we collect
Account information. When you create an account we collect your email address and your display name. Authentication is handled by our backend provider (Supabase).
Food and meal data. To provide the App's features we process:
- Photos you take of ingredients and meals;
- foods identified from those photos, with estimated calories and macronutrients (protein, carbohydrates, fat);
- recipes you generate and save, and your shopping list.
Health and activity data. With your permission, the App reads your step count and active energy burned from Apple HealthKit (iOS) or Google Health Connect (Android) to show your daily activity and estimated calories burned. See Section 4 for how this data is handled.
Preferences. App settings such as your chosen language and your daily calorie/step goals.
We do not intentionally collect special-category data beyond the health and activity metrics described above, and we do not use tracking for advertising.
2. How we use your information
We use your information to:
- provide and operate the App's core features (ingredient scanning, recipe generation, meal logging, calorie/macro and activity tracking);
- save your account, preferences, history, and goals;
- estimate nutrition and calories burned;
- maintain the security and reliability of the service.
We rely on your consent and on the performance of our agreement with you (providing the App) as the legal bases for this processing (GDPR Art. 6).
3. Sharing and service providers (sub-processors)
We do not sell your personal data. We share it only with the service providers needed to run the App:
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Backend: authentication, database | Account data, food/meal data, activity logs (hosted in the EU) |
| Anthropic (Claude AI) | Analyzes meal/ingredient photos to identify food and estimate nutrition | The image you submit and related text, sent through our secure server |
These providers process data on our behalf under their own terms and data protection commitments.
4. AI processing of your photos
When you scan an ingredient or log a meal, the photo and related text are sent to Anthropic's Claude AI (through our secure server) to identify the food and estimate its nutrition. Only what is needed for that analysis is sent, and your photos are not stored on our servers or in our database — they are used only for this real-time analysis. Do not include people, documents, or other sensitive content you would not want processed in your food photos.
5. Health and fitness data (HealthKit / Health Connect)
Health and activity data is treated with particular care:
- it is read only with your explicit permission, which you can revoke at any time in iOS Settings (Health) or the Health Connect app;
- it is used solely to provide in-App activity and calorie features;
- we do not use health or fitness data for advertising or marketing;
- we do not sell it and do not share it with third parties for their own purposes;
- we do not use it for any purpose unrelated to the App's clearly described features.
This reflects Apple's HealthKit and Google's Health Connect requirements.
6. Data storage and international transfers
Account and app data is stored with Supabase on servers located in the European Union (eu-west-1). When photos are analyzed by Anthropic (United States), the relevant data is transferred outside the EU under appropriate safeguards (e.g. Standard Contractual Clauses).
7. Data retention
We keep your data for as long as your account is active. When you delete your account, or ask us to delete your data, we remove your personal data from our systems within a reasonable period, except where we must retain it to comply with the law.
8. Your rights
If you are in the EU/EEA you have the right to access, correct, delete, restrict, or object to the processing of your data, to data portability, and to withdraw consent at any time. To exercise these rights, contact support@biscai.ai. You may also lodge a complaint with your local supervisory authority — in Bulgaria, the Commission for Personal Data Protection (CPDP / КЗЛД).
9. Security
We use industry-standard measures, including encryption in transit and access controls, to protect your data. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.
10. Children
Biscai is not directed at children under 16, and we do not knowingly collect data from them. If you believe a child has provided us data, contact us and we will delete it.
11. Changes to this Policy
We may update this Policy from time to time. We will change the "Last updated" date above and, for material changes, notify you in the App.
12. Contact
Questions about this Policy or your data: support@biscai.ai.