HasiFlow logo HasiFlow

Last updated May 14, 2026

Privacy Policy

This Privacy Policy explains how HasiFlow collects, uses, stores and shares data when you use the HasiFlow mobile app, web pages and related services.

Who is responsible

HasiFlow is responsible for the processing described in this policy. You can contact us at privacy@hasiflow.com.

Summary

HasiFlow is a nutrition, training and body tracking app. The app can work with local device storage and can also sync data to HasiFlow's backend when data sync is enabled or when online features are used. AI features and barcode product lookup require network processing.

Data we collect

Account and authentication data

We use Firebase Authentication. We may process a Firebase user ID, anonymous account identifier, email address, display name, profile photo URL and authentication tokens where available.

Profile, body and goal data

The app may store age, gender, height, weight, body fat percentage, measurement system, goal, calorie target, macro targets, activity level, reminder preferences and related settings.

Food, recipe and barcode data

We process food logs, meal names, meal categories, recipes, ingredients, amounts, calories, macro nutrients, micronutrients, product identifiers, barcodes, GTIN/EAN/UPC values, timestamps and food search cache entries.

Training, activity and body check-in data

We process exercise logs, workout sessions, workout templates, planned schedules, duration, calories burned, reps, sets, rounds, distance, load, notes, activity levels and body check-ins.

Camera and barcode scanning

The camera permission is used only to scan barcodes. Camera frames are processed on the device by the scanner library. HasiFlow does not store photos or video from barcode scanning. After a successful scan, the barcode value can be sent to HasiFlow's backend to find or build a structured food entry.

Notifications

If you enable notifications, the app may process local reminder settings and Firebase Cloud Messaging tokens, platform, permission status and notification event records.

Billing data

If you subscribe, Stripe processes payment details. HasiFlow stores Stripe customer IDs, subscription IDs, price IDs, subscription status, billing events and entitlement state. HasiFlow does not store full card numbers.

Technical, security and usage data

Our backend may process IP address, user agent, request metadata, App Check status, locale, country header, request logs, audit events, AI usage events, token usage and error logs. We use this for authentication, abuse prevention, debugging, billing enforcement and service reliability.

How we use data

  • To provide nutrition, training, body and reminder features.
  • To analyze meal, exercise and product input with AI.
  • To look up products from barcode and food databases.
  • To sync data across devices when sync is enabled.
  • To operate subscriptions, entitlements and billing status.
  • To secure the service, prevent abuse and debug errors.
  • To improve HasiFlow's first-party food database and matching.

AI and product database processing

HasiFlow can send food text, barcode values, saved recipes and relevant profile context such as body weight or nutrition goals to AI services so the app can return structured food and exercise estimates. The backend attempts to minimize personal context and uses internal identifiers rather than directly exposing account details where possible.

Barcode and food lookup can use Open Food Facts and USDA FoodData Central. Legacy FoodRepo support may be used only if configured. These sources are used as evidence for product and nutrition data; HasiFlow may normalize the result before storing it.

Local storage and sync

The app stores logs, recipes, settings, schedules and cached food search results locally on your device. If data sync is enabled or you use online features, selected data is sent to HasiFlow's backend and stored in Supabase. Turning sync off limits future sync requests but does not automatically delete data already synced.

Processors and third parties

We use service providers to operate HasiFlow. Depending on which features you use, these can include:

  • Vercel for hosting and serverless infrastructure.
  • Supabase for database storage.
  • Firebase and Google services for authentication, App Check and push messaging.
  • OpenAI for AI parsing and generation.
  • Open Food Facts and USDA FoodData Central for food and product lookup.
  • Stripe for payments, subscriptions and billing portal sessions.

We do not sell personal data. We do not use barcode camera images for advertising or tracking.

Legal bases for processing

Where EU, EEA, UK or Swiss data protection law applies, we rely on the following legal bases: performance of a contract to provide the app, your consent for optional permissions and notifications, legitimate interests for security and product reliability, and legal obligations for billing, accounting and compliance.

International transfers

HasiFlow and its providers may process data in countries outside your country of residence. Where required, we rely on appropriate transfer safeguards provided by our processors.

Retention

Local data stays on your device until you delete it, reset the app or uninstall the app. Synced app data is kept while your account is active or until deletion is requested, unless we need to keep certain records for security, billing, tax, audit or legal reasons. Push tokens are removed when you disable push tokens or when they are detected as invalid.

Your choices and rights

  • You can deny or revoke camera permission in your device settings.
  • You can deny or revoke notification permission in your device settings.
  • You can turn data sync on or off in the app.
  • You can export local app data from the app.
  • You can request access, correction, deletion or portability of synced data.
  • You can object to or restrict certain processing where the law allows it.

To exercise rights for synced data, contact privacy@hasiflow.com. We may need to verify your identity before responding.

Health and nutrition information

Nutrition, training and body data can be sensitive. HasiFlow is not a medical device and does not provide medical advice. AI and database results are estimates and may be inaccurate.

Children

HasiFlow is not intended for children under 16. We do not knowingly collect data from children under 16.

Security

We use authentication, App Check, access controls, rate limiting, audit logs and provider security features to protect the service. No method of transmission or storage is completely secure.

Changes

We may update this Privacy Policy when the app, providers or legal requirements change. The latest version will be posted on this page with an updated date.

Contact

For privacy questions or rights requests, contact privacy@hasiflow.com.