TinyBite
Legal

Privacy policy

Stand: April 2026

We take the protection of your personal data seriously. TinyBite is designed to collect as little data as possible — and to process what we do need securely. This English text is a courtesy translation; the German version remains legally authoritative.

1. Controller

The controller for the purposes of the General Data Protection Regulation (GDPR) and other national data-protection legislation is:

fabmade GmbH
Gutleutstraße 32
79115 Freiburg
Germany

Managing director: Fabian Leonhardt
Phone: +49 (0) 761 29084921
Email: info@fabmade.de

2. What data we process

  • Account data: email address, display name, encrypted password (or the identifiers managed by Keycloak if you sign in via an identity provider).
  • Nutrition entries: text, voice recordings, photos and the nutritional values and macros calculated from them.
  • Usage data: streaks, trophies, progress, settings.
  • Device data: anonymous crash and performance data to stabilise the app.
  • Server logs: IP address, timestamp, requested endpoints — automatically deleted after 7 days.

3. Purposes & legal basis

Processing takes place to perform the usage contract (Art. 6(1)(b) GDPR) and — for optional features like the AI analysis, voice and photo recognition — on the basis of your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time with effect for the future.

4. Hosting & storage location

All personal data is stored on servers within the European Union (data centre in Frankfurt am Main, Germany). The connection between your device and our servers uses HTTPS (Transport Layer Security / TLS). Access to the database is restricted to our private cluster network.

5. AI processing

For voice and image recognition as well as for the editorial coach tips we use our own models and sub-processors for speech-to-text and large-language-model inference. Content is used exclusively to create your entry and your personal report and not to train our or any third-party models.

6. Sharing with third parties

We do not share your data with third parties — except with processors with whom we have concluded agreements under Art. 28 GDPR, in particular:

  • Hosting and infrastructure providers within the EU
  • Payment providers (Apple App Store, Google Play) for handling subscriptions
  • AI infrastructure for voice and image processing
  • Error and performance monitoring (anonymised)

7. Storage duration

Your entries and profile data are stored as long as your account is active. After deletion of your account, all personal data is irrevocably deleted within 30 days. Statutory retention obligations (in particular those required by tax law for invoicing data) remain unaffected.

8. Your rights

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)

You can export or delete all data from within the app at any time — Profile · Settings · Data. Alternatively, an informal email to info@fabmade.de is enough.

9. Right to lodge a complaint

You have the right to lodge a complaint with a data-protection supervisory authority. The authority responsible for us is:

Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart, Germany
www.baden-wuerttemberg.datenschutz.de

10. Changes to this policy

We update this policy when our processing changes or the law requires it. The most current version is always available at tinybite.app/en/datenschutz.