Privacy Protocol

Privacy Protocol Matrix

Last Updated: January 14, 2025

This Privacy Policy explains how Macro-Gauge, operated by Web Runner, collects, uses, stores, and protects your personal information. By using our application, you consent to the data practices described in this policy.

01

Information We Collect

Account Information:

  • Username: Your chosen display name
  • Email Address: Used for account verification and password recovery
  • Password: Stored only as a secure bcrypt hash (we never store plain-text passwords)

Nutrition & Health Data You Enter:

  • Daily food logs (foods, portions, calories, macronutrients)
  • Water/hydration intake records
  • Custom nutritional goals (calorie, protein, water targets)
  • Saved favorites and meal combinations
  • Manual food entries you create
  • AI meal planner quiz responses and generated plans

Automatically Collected Data:

  • IP Address: Collected for security and abuse prevention
  • Authentication Tokens: Stored in HTTP-only cookies for session management
  • Database Preferences: Your selected food database source (USDA/Open Food Facts) and country

What We Do NOT Collect:

  • We do NOT use third-party analytics or tracking services
  • We do NOT use advertising cookies or pixels
  • We do NOT collect browser fingerprints for tracking
  • We do NOT access your device contacts, photos, or location
02

How We Use Your Information

Core Service Functions:

  • Authenticate your identity and maintain your session
  • Store and display your nutrition tracking data
  • Calculate and display your daily/weekly progress
  • Generate personalized analytics and streak information
  • Save and retrieve your favorites

AI Meal Planner:

  • Your quiz responses (dietary preferences, restrictions, goals) are sent to OpenAI's API to generate meal plans
  • We send only the quiz data needed for meal generation - no personal identifiers (username, email) are sent to OpenAI
  • Generated meal plans are stored in your account for future access

Communication:

  • Password reset emails (only when you request them)
  • Critical service announcements (rare)
03

Third-Party Services

We integrate with the following third-party services:

USDA FoodData Central API:

When you search for foods, your search queries are sent to the USDA API. No personal data is transmitted - only the food search terms.

Open Food Facts API:

When you select Open Food Facts as your database, search queries are sent to their API. No personal data is transmitted - only food search terms and country selection.

OpenAI API (GPT):

For AI meal planning, your quiz responses (dietary preferences, calorie goals, restrictions, cuisine preferences) are sent to OpenAI. We do NOT send your username, email, or any other identifying information. OpenAI processes this data according to their privacy policy.

04

Cookies & Authentication

Authentication Cookies:

We use HTTP-only, secure cookies to store JWT authentication tokens. These keep you logged in and are essential for the service to function. They expire after a set period or when you log out.

No Tracking Cookies:

We do NOT use advertising cookies, analytics cookies, or any third-party tracking cookies. The only cookies we use are strictly necessary for authentication.

05

Data Security

Password Protection:

Passwords are hashed using bcrypt with salt rounds before storage. We never store or can access your plain-text password.

Token Security:

Authentication uses JWT tokens with expiration. Tokens are stored in HTTP-only cookies to prevent XSS attacks.

Database Security:

User data is stored in MongoDB with access restricted to authorized application processes only.

HTTPS:

All data transmission occurs over encrypted HTTPS connections.

06

Data Sharing & Disclosure

We do NOT sell, rent, or trade your personal information to third parties.

We may disclose your information only in these limited circumstances:

  • Legal Requirements: If required by law, court order, or government request
  • Safety: To protect the rights, safety, or property of our users or the public
  • Service Providers: Third-party APIs (USDA, Open Food Facts, OpenAI) receive only the specific data needed for their function, as described above
07

Your Rights & Controls

Access Your Data:

View all your stored nutrition data, favorites, and settings directly in the application

Modify Your Data:

Edit or delete individual food entries, favorites, and goals at any time

Delete Your Account:

Permanently delete your account and all associated data through the Settings page

Data Portability:

Export your meal plans to CSV format

For data requests not available through the application, contact us at contact@web-runner.net.

08

Data Retention

  • Your account data is retained as long as your account is active
  • Upon account deletion, all personal data is permanently removed from our systems
  • We may retain anonymized, aggregated data for service improvement
09

Children's Privacy

Macro-Gauge is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us immediately.

10

Policy Updates

We may update this Privacy Policy periodically. Significant changes will be communicated through in-app notifications or email. Continued use of the service after updates constitutes acceptance of the revised policy.

Protocol Inquiries

For privacy protocol questions or concerns, initiate contact through: contact@web-runner.net

Return to System