Privacy Policy
Last updated: 3 April 2026
1. Introduction
When you use BarelyKeto, you trust us with personal information — including health-related data — to help us personalise your experience. We take that trust seriously. This Privacy Policy describes our data practices in plain language so you know exactly what to expect.
2. Data We Collect
We collect the following categories of information:
- Account data: your name and email address.
- Profile data: current weight, goal weight, height, estimated age, health conditions, food allergies, dietary preferences, cooking preferences, weekly food budget, country, and supermarket preferences.
- Usage data: meal ratings, weight log entries, and plan history.
- Payment data: payment processing is handled entirely by Stripe. BarelyKeto never sees, receives, or stores your card number or payment credentials.
3. How We Use Your Data
Your data is used for the following purposes:
- To generate personalised weekly meal plans using the Claude AI (provided by Anthropic).
- To track your progress toward your goal weight over time.
- To improve the personalisation of future meal plans based on your meal ratings and feedback.
- To process your subscription payments via Stripe.
- To send transactional emails, such as account confirmations and plan generation notifications.
We do not use your data for advertising, and we do not sell your data to third parties under any circumstances.
4. Third-Party Services
BarelyKeto relies on the following trusted third-party services to operate. Each is subject to their own privacy policy.
Provides our database and authentication infrastructure. Your account data and profile information are stored securely in Supabase's cloud platform.
Handles all payment processing. Stripe is a PCI-DSS compliant payment provider. BarelyKeto never touches your card details. Please review Stripe's privacy policy for details on how they handle payment data.
Powers AI-generated meal plan creation. Meal prompts sent to Anthropic include your dietary profile (preferences, allergies, goals, etc.) but do not include your name or contact details.
Hosts the BarelyKeto web application. Vercel may log standard server access data (IP address, browser type) as part of normal hosting operations.
Used to load web fonts. Your browser will make a request to Google's servers when loading the app. This is subject to Google's privacy policy.
5. Health Data
We collect certain health-related information — including your weight, health conditions, and food allergies — solely for the purpose of personalising your meal plan. This data is treated with the highest level of care.
Health data is never sold or shared with third parties beyond what is strictly necessary to deliver the Service (i.e. generating your meal plan via the AI). It is never used for advertising or analytics purposes.
6. Data Retention
We retain your personal data for as long as your account remains active. If you choose to delete your account, we will delete all associated personal data from our systems. You may request deletion at any time by contacting us (see Section 13).
7. Your Rights
You have the following rights in relation to your personal data:
- Access: you can request a copy of the personal data we hold about you.
- Correction: you can update inaccurate profile data at any time via the Edit Preferences section of the app.
- Deletion: you can request deletion of your account and all associated data.
- Export: you can request an export of your personal data in a portable format.
- Opt-out: you can opt out of non-essential emails at any time by contacting us or using the unsubscribe link in any email we send.
To exercise any of these rights, please contact us via our Facebook page (see Section 13).
8. Cookies
BarelyKeto uses only essential session cookies that are required for authentication and to keep you logged in. We do not use advertising cookies, tracking cookies, or any third-party analytics cookies.
9. Children
BarelyKeto is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact us and we will promptly delete it.
10. Data Security
All data transmitted to and from BarelyKeto is encrypted in transit using HTTPS. Data stored in our database (Supabase) is encrypted at rest. Access to personal data is restricted to authorised personnel only, and we apply the principle of least privilege to all data access.
11. International Users
BarelyKeto's infrastructure (Supabase and Vercel) is hosted primarily in the United States. By using BarelyKeto, you acknowledge and consent to your data being transferred to, stored in, and processed in the United States, which may have different data protection laws to your country of residence.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal and operational reasons. When we make material changes, we will notify you by email with at least 14 days notice before the updated policy takes effect. Your continued use of the Service after that date constitutes your acceptance of the updated policy.
13. Contact
If you have any questions, concerns, or requests relating to your privacy or this policy, please contact us via our Facebook page:
14. Governing Law
This Privacy Policy is governed by the laws of Victoria, Australia. Any disputes relating to privacy or data handling shall be subject to the jurisdiction of the courts of Victoria, Australia.