# Privacy Notice for `PRTN AI`
Last updated: 2026-05-12
This Privacy Notice explains how personal data is processed when you use `PRTN AI`, our website at `https://prtn.ai`, and related legal or product pages.
## 1. Controller
The controller responsible for data processing is:
`Jonathan Wettcke`
`Daimlerstraße 38`
`70372 Stuttgart`
`Germany`
Email: `jonathan@prtn.ai`
No data protection officer has been appointed at this time because there is currently no legal obligation to do so.
## 2. Scope
This Privacy Notice applies to:
- the `PRTN AI` mobile app for iOS and Android,
- the website `https://prtn.ai`,
- the pages `https://prtn.ai/privacy` and `https://prtn.ai/terms`,
- communication with us by email,
- newsletter sign-ups,
- the use of free and paid features of `PRTN AI`.
## 3. What data we process
### 3.1 Account and authentication data
When you use `PRTN AI`, we may process in particular:
- an internal user ID,
- login data for email sign-in,
- authentication data from `Apple Sign-In` and `Google Sign-In`,
- account status, login timestamps, and technical session data.
The app can initially be used with an automatically created anonymous account. If you later link your account with email, Apple, or Google, your prior app history remains associated with that account.
### 3.2 Profile, onboarding, and health-related data
Depending on how you use the app, we process information you provide yourself, such as:
- name or display name,
- username,
- profile image,
- language, units, and settings,
- gender,
- birth year,
- height,
- weight,
- target weight,
- training goal,
- training experience,
- training types,
- diet,
- protein sources,
- other onboarding or profile-related information.
Some of this information may have a health-related nature. Where such data qualifies as health data under applicable law, we process it only to the extent necessary for the app features you request or based on your explicit consent.
### 3.3 Protein and usage data
`PRTN AI` is a protein-tracking app. We therefore process in particular:
- protein log entries,
- protein goals,
- timestamps and sources of entries,
- labels and notes attached to entries,
- saved custom foods,
- food database search queries,
- interactions with app features and settings.
### 3.4 Scan, camera, and image data
If you use scan features, we process:
- captured or uploaded images,
- scan mode and scan time,
- model-generated protein estimates,
- confidence values,
- manual corrections and confirmations,
- technical metadata needed to process the scan.
This data is used to provide, improve, display, and associate scan results with your account.
### 3.5 Apple Health
If you connect `Apple Health`, we may read - depending on the permissions you grant - in particular:
- protein data,
- workout data,
- where supported by the app, other health-related data such as weight or step data.
The integration is only used after you authorize it within Apple Health permissions. Without your permission, we do not access this data.
### 3.6 Subscriptions and purchases
If you purchase a paid subscription, we process in particular:
- information about the selected product,
- subscription status,
- term, renewal, and expiration data,
- store-related transaction and entitlement data.
We do not receive payment card details ourselves. Such information is processed by `Apple` or `Google` through the relevant store.
### 3.7 Support, email, and newsletter
If you contact us or subscribe to our newsletter, we may process in particular:
- your email address,
- your message,
- communication timestamps,
- newsletter delivery and interaction data.
### 3.8 Technical data, analytics, attribution, and advertising
When you use the app, we also process technical and usage-related data, such as:
- device and app information,
- IP address and approximate location inferences,
- operating system, app version, language, and time zone,
- device identifiers and advertising IDs,
- crash- and performance-related telemetry,
- in-app events,
- session replay or session recording data,
- campaign, attribution, and deep-link data,
- information about your consent status under `App Tracking Transparency` on iOS.
## 4. Purposes and legal bases
We process personal data for the following purposes in particular:
- providing and operating `PRTN AI`, Art. 6(1)(b) GDPR,
- creating and managing your account, Art. 6(1)(b) GDPR,
- calculating and storing your protein and app data, Art. 6(1)(b) GDPR,
- providing scan, search, and sync features, Art. 6(1)(b) GDPR,
- processing voluntarily provided health-related data or Apple Health data, Art. 6(1)(a) GDPR and, where applicable, Art. 9(2)(a) GDPR,
- handling subscriptions, restorations, and entitlements, Art. 6(1)(b) GDPR,
- sending newsletters, Art. 6(1)(a) GDPR,
- responding to support inquiries, Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR,
- analytics, reach measurement, product improvement, session replay, attribution, and marketing, Art. 6(1)(a) GDPR or Art. 6(1)(f) GDPR depending on the relevant feature and applicable law,
- complying with legal obligations, Art. 6(1)(c) GDPR,
- establishing, exercising, or defending legal claims, Art. 6(1)(f) GDPR.
Where processing is based on your consent, you can withdraw that consent at any time with future effect.
## 5. App permissions and consent
Depending on the feature you use, `PRTN AI` may request the following permissions:
- camera access for food, barcode, and label scans,
- photo library access for uploads,
- push notifications,
- Apple Health permissions,
- `App Tracking Transparency` permission on iOS for tracking and attribution features where required.
You can change permissions at any time in your device settings. This does not affect processing already carried out.
## 6. Recipients and service providers
We use service providers and platforms that may process personal data on our behalf or as independent controllers. These include in particular:
- `Supabase` for authentication, database, APIs, and storage,
- `RevenueCat` for subscription and entitlement management,
- `Apple` and `Google` for sign-in, app distribution, in-app purchases, and platform-related services,
- `OpenAI` and `Google Gemini` for AI-powered scan and estimation features,
- `Open Food Facts` and `USDA FoodData Central` for food database and search features,
- `Apple Health` for the health data sync you authorize,
- `UXCam` for session replay, UX analytics, and user research,
- `Amplitude` for product analytics, session replay, and usage analytics,
- `AppsFlyer` for attribution, campaign measurement, and deep-link assignment,
- `Facebook SDK` and services provided by `Meta` for marketing and attribution purposes,
- `Brevo` for newsletter and email delivery.
Where data is transferred to recipients outside the European Economic Area, we do so only in compliance with applicable law, including on the basis of adequacy decisions, standard contractual clauses, or other appropriate safeguards.
## 7. Retention periods
Unless stated otherwise in this Privacy Notice, we store data as follows:
- account data: until your account is deleted,
- profile, onboarding, and protein data: until your account is deleted,
- scan images and related scan data: until your account is deleted,
- newsletter data: until you unsubscribe or withdraw consent,
- support inquiries: generally up to 24 hours after final handling unless longer retention is required for legal or evidentiary reasons,
- billing- or transaction-related data: for as long as required for fulfillment, proof, or statutory retention obligations.
Automatic deletion of inactive accounts is currently not planned.
## 8. Your rights
Subject to the applicable legal requirements, you have in particular the following rights:
- right of access,
- right to rectification,
- right to erasure,
- right to restriction of processing,
- right to data portability,
- right to object to certain processing,
- right to withdraw consent,
- right to lodge a complaint with a supervisory authority.
You may in particular contact the `State Commissioner for Data Protection and Freedom of Information Baden-Württemberg`: `https://www.baden-wuerttemberg.datenschutz.de/`.
To exercise your rights, simply email `jonathan@prtn.ai`.
## 9. Minors
`PRTN AI` is intended for users aged 13 and older. If you are still a minor under the law applicable to you, you may only use `PRTN AI` with any consent required from your parent or legal guardian. Paid purchases may only be made as permitted by applicable law and the relevant store rules.
## 10. Security
We implement appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, unauthorized disclosure, or unlawful alteration.
## 11. Changes to this Privacy Notice
We may update this Privacy Notice with future effect, especially if features of `PRTN AI`, legal requirements, or service providers change. The current version is available at `https://prtn.ai/privacy`.