Privacy

Last updated 2026-05-08

Midstack ("we", "our", "the app") is a nutrition and fitness tracking application. This policy explains what data the app handles and how.

Data we collect

Account data. When you create an account, we collect your email address and a hashed password. Email is used for sign-in and account recovery.

Fitness and nutrition data. Food logs, weight entries, custom foods, and recipes you create are stored on your device and synced to our backend so you can access them across devices.

Photos. If you use the label-scan or food-photo features, the image is sent to our backend for one-time analysis and is not retained after the response is returned.

Beta-list email. If you submit the beta signup form on this marketing site, we store the email address along with the source page, referer, and user-agent in our backend (beta_signups table) and send a single welcome email. We do not use this address for ad targeting. You can request removal via the contact email below.

Diagnostics. We use Sentry for crash reporting. Crash reports contain stack traces and device model, not your personal data or food log contents.

Data we do NOT collect

We do not collect your location. We do not collect your contacts, SMS, call logs, or installed apps. We do not collect advertising identifiers. We do not sell your data. We do not share your data with advertisers.

How data is stored

Tokens are stored on-device in Android's encrypted storage (EncryptedSharedPreferences / Tink). Your food and weight data are stored on our backend and transmitted over HTTPS. Passwords are hashed with bcrypt.

Data retention and deletion

You can request deletion of your account and all associated data by emailing ramdamlabrador@gmail.com. We will process deletion requests within 30 days.

Third-party services

Sentry — crash reporting only. No personal content is sent.

Open Food Facts — queried for public food database lookups. No user data is sent in queries beyond the search term.

Resend — transactional email delivery (welcome email and account-related notifications). Recipient address and message body are transmitted over HTTPS.

Google Gemini — image analysis for the food-photo estimate feature. Photo data is sent for one-time inference and Google retains per their API terms.

Children's privacy

Midstack is not directed to children under 13. We do not knowingly collect data from children under 13.

Changes to this policy

We may update this policy. The "Last updated" date at the top reflects the current version.

Contact

Questions about this policy: ramdamlabrador@gmail.com.

Questions? ramdamlabrador@gmail.com

Privacy · Midstack