Mirrorbite Privacy Policy
Last updated: 2026-05-19
Two promises: Your photo is encrypted in transit, analyzed once, and deleted from our server. We never store images or use them to train models.
1. What we collect
Mirrorbite collects the minimum data needed for the app to work:
- Meal photos — captured by you and sent over encrypted HTTPS to our analysis proxy. Photos are processed once and deleted from our server immediately after the analysis call returns. We do not retain images in any form.
- Analysis results — the directional index (0–100), 3 categorical axes (protein / carb balance / fiber), strength + improvement bullets, identified dish, and confidence level. These are stored on your device (AsyncStorage). Server-side, we keep only anonymized aggregate counts for reliability monitoring.
- Onboarding choices — your goal hint (e.g., balanced eating), eat-out frequency, and 3 baseline meal categories. Stored on device only.
- Subscription state — managed by RevenueCat using an anonymous device-bound identifier. No name, email, phone, or payment card details are seen by Mirrorbite.
- Anonymous usage data — app open count, reveal count, paywall view count, retention cohort. No personally identifiable information.
- Crash diagnostics — anonymous via Expo/EAS.
2. What we don't collect
- We do not collect your name, email address, phone number, contacts, location, or browsing history.
- We do not require an account. No login.
- We do not track you across apps or websites.
- We do not sell or share data with third parties for advertising.
3. How AI analysis works
Meal photos are processed by the following third-party services, in this order:
- Cloudflare Workers (proxy, edge servers in the US and EU) — receives your encrypted photo, strips identifying metadata, and forwards only the image bytes. Cloudflare retains no copy beyond the request lifecycle. See Cloudflare Privacy Policy.
- Google Gemini 2.5 Flash (primary analysis, US) — returns the directional JSON result. Google states paid Gemini API requests are not used to train models. See Google Cloud DPA and Gemini API Terms.
- Anthropic Claude Sonnet 4 (escalation for low-confidence cases only, US) — returns the structured result. Anthropic states API inputs and outputs are not used to train models by default. See Anthropic Privacy Policy.
Before any photo leaves your device, Mirrorbite re-encodes the image on-device so that camera-model, date/time, and GPS location metadata (EXIF) are removed. Only the resulting clean JPEG bytes are sent over HTTPS.
The Cloudflare Worker proxy:
- forwards only those clean image bytes to the AI provider,
- returns the structured JSON result to your device,
- deletes the image from temporary memory immediately after the response.
We do not have separate data-sharing agreements for advertising, analytics, or any other purpose with these providers. Their use is strictly limited to the single analysis call. We also do not use any of the user-content data described in §1 for advertising or tracking, in line with the App Privacy questionnaire we filed with Apple.
4. International data transfer
Our AI analysis providers operate globally. Image bytes may transit through servers in the United States and the European Union during the single analysis call. No retained copy is kept outside of your device.
5. AI assistance disclosure
This app uses generative AI (Google Gemini 2.5 Flash and Anthropic Claude Sonnet 4) to analyze meal photos. The output is directional and categorical (good / caution / low), never a precise numeric calorie or gram count. When the AI is uncertain, the app says so by returning a "withheld" judgment. This is by design.
6. Children
Mirrorbite is rated 4+. It is not directed at children under 13 and does not knowingly collect data from children. If you believe a child has used the app, please contact us and we will delete any associated on-device data via cancellation.
7. Your rights
- In-app data deletion: on the camera screen, tap Clear all data. This removes your reveal history, onboarding choices, and any cached results from your device immediately.
- Uninstall: removing the app from your device also removes all on-device data.
- Server-side data: we keep only anonymized aggregate counts (no identifiers). Email us at hello@starving-effort.com if you need confirmation.
- Subscription cancellation: tap Manage subscription on the camera screen, or open iOS Settings → Apple ID → Subscriptions.
- Refunds: handled through Apple's standard refund process.
8. Not medical advice
Mirrorbite returns directional feedback only. It is not medical advice, not a diagnosis, not a substitute for consultation with a registered dietitian or other licensed health professional. Do not use Mirrorbite to make medical or treatment decisions.
9. Changes to this policy
We will note material changes by updating the "Last updated" date at the top of this page and, where appropriate, surfacing a notice in the app on next launch.
10. Contact
Questions about privacy: hello@starving-effort.com