Plate-wise Privacy Policy
Last updated: 23 June 2026
This Privacy Policy explains how Humancraft AI Pte. Ltd. ("Humancraft AI", "we", "us", "our") — a company incorporated in Singapore — collects, uses, discloses, and protects personal data in connection with the Plate-wise mobile application and related services (the "Service").
By creating an account or using the Service you agree to the practices described in this Policy. If you do not agree, do not use the Service.
1. Geographic Scope
The Service is offered only in jurisdictions where it is listed on the Apple App Store. It is not directed at, offered to, or available to individuals in the European Economic Area (EEA) or the United Kingdom, and is excluded from those territories at the App Store level.
Accordingly:
- Because the Service is not directed at or made available to individuals in the EEA or the UK, the EU General Data Protection Regulation (GDPR) and the UK GDPR generally do not apply to our processing. If an EEA or UK resident accesses the Service despite this restriction, we handle any personal data we process in line with the protections set out in this policy.
- We have not appointed an EU or UK representative under Article 27 of the GDPR or UK GDPR, because we do not target or monitor individuals in those territories.
- The primary data-protection law governing this Service is the Singapore Personal Data Protection Act 2012 (PDPA).
If you are located in the EEA or the UK, please do not use the Service.
2. Children's Privacy (COPPA)
The Service is not directed to children under 13 years of age, and we do not knowingly collect personal information from children under 13 in compliance with the U.S. Children's Online Privacy Protection Act (COPPA).
The minimum age to register and use the Service is 16. By creating an account, you confirm that you are at least 16 years old. If we become aware that we have collected personal information from a child under 13, we will delete that information promptly. Parents or guardians who believe their child under 13 has provided personal information to us may contact us at the address in Section 13.
3. Data Controller
The data controller responsible for personal data processed through the Service is:
Humancraft AI Pte. Ltd.
Singapore
Privacy contact: privacy@plate-wise.com
We have not appointed a formal Data Protection Officer, as this is not mandatory under the PDPA for an organisation of our scale. Data-protection enquiries are handled by the operator at the privacy contact address above.
4. Categories of Personal Data We Collect
We collect only the personal data needed to operate the Service:
| Category | Examples |
|---|---|
| Account & profile | Email address, display name, password hash, age range, biological sex, height, weight, activity level, dietary preferences and allergens |
| Dietary & nutrition logs | Foods logged, portion sizes, meal times, calorie and macro totals, corrections you make to AI estimates |
| Meal photos | Photos you submit to the food-recognition feature |
| Subscription & billing | Subscription tier, renewal status, transaction identifiers, app-level user identifiers |
| Device & diagnostic | Device model, operating system version, app version, crash logs, basic usage telemetry |
We do not ask for, store, or process your payment card or bank account details on our own infrastructure — see Section 8.
5. Purposes of Processing
We use personal data for the following purposes:
1. To provide the Service — create and authenticate your account, store your dietary profile and food logs, sync data across your devices.
2. To estimate calories and nutrition from photos and text input — using the AI providers described in Section 7.
3. To personalise — generate meal suggestions, surface relevant patterns in your eating, and apply your corrections to future estimates.
4. To provide calorie-target and safety feedback — surface warnings if a logged target is outside a generally accepted safe range.
5. To manage subscriptions — process in-app purchases, restore entitlements across devices, and handle renewals and cancellations.
6. To improve and secure the Service — diagnose crashes, monitor abuse, and improve accuracy of food recognition.
7. To comply with law — meet legal obligations and respond to lawful requests.
6. Automated Estimation (Disclosure)
The Service uses AI-based estimation to:
- Identify food items in photos or text.
- Estimate portion sizes, calories, and macronutrient content.
- Suggest meals based on your dietary profile.
- Flag calorie targets that fall outside generally accepted safe ranges.
These are assistive estimates, not solely-automated decisions producing legal or similarly significant effects. You can override any estimate, edit any log entry, and disregard any suggestion. The Service is not a medical device and does not provide medical, dietetic, or clinical advice. Consult a qualified healthcare professional before making dietary changes for medical reasons.
7. Artificial Intelligence Processing
Plate-wise uses three third-party AI providers, in sequence, to identify food in your photos and to estimate calories and macros. We disclose them by name in compliance with Apple App Store Review Guideline 5.1.2(i):
- Google Gemini (primary food recognition)
- Anthropic Claude (fallback when the primary model returns low confidence)
- OpenAI GPT (final fallback for unusual or ambiguous dishes)
When you take a photo or enter food data, the Service routes that input through our server-side Cloud Functions to one or more of these providers. The provider processes your data to identify food items, estimate portion size, and calculate nutritional values, and returns the result to the Service.
What we share with each provider: the photo or text input for the scan, and minimal task metadata. We do not share your account identifier, email address, name, location, or full food-log history with these providers.
Retention by the providers: photos and text inputs are not retained by these providers for model training under the API terms we use; processing is transactional.
Your corrections (portion adjustments, dish renames, manual overrides) are stored against your Plate-wise account for personalisation and are not shared with the AI providers. They remain on our infrastructure.
Each provider's processing is governed by its own privacy policy:
- Google: https://policies.google.com/privacy
- Anthropic: https://www.anthropic.com/legal/privacy
- OpenAI: https://openai.com/policies/privacy-policy
You can delete all your data, including correction history, at any time from Settings → Data Management in the app.
8. Payment Processing and Subscription Management
Subscriptions and in-app purchases are managed through two third-party services:
- Apple App Store — processes all iOS in-app purchases. Apple handles all card and payment details. Apple Terms: https://www.apple.com/legal/internet-services/itunes/
- RevenueCat — manages subscription state across your devices. RevenueCat receives transaction metadata (subscription tier, renewal dates, app-level user identifiers) but does not receive your full payment-card details — those remain solely with Apple. RevenueCat Privacy Policy: https://www.revenuecat.com/privacy
We do not store payment-card data on our own infrastructure.
9. Other Third Parties and Recipients
Beyond the AI providers and payment services above, the Service relies on the following processors:
| Recipient | Purpose | Data shared |
|---|---|---|
| Firebase Authentication (Google) | Account sign-in and identity | Email, password hash, account identifiers |
| Firestore (Google) | Storage of profile, food logs, corrections | Account & profile, dietary logs |
| Firebase Cloud Functions (Google) | Server-side routing and AI orchestration | Transient processing of inputs in transit |
| Firebase Storage (Google) | Storage of meal photos | Photos you submit |
| OpenFoodFacts | Lookup of barcoded packaged-food data | Barcode value only — no account data |
Google services are provided under Google's privacy terms (https://policies.google.com/privacy). OpenFoodFacts is an open public database (https://world.openfoodfacts.org/terms-of-use).
We do not sell personal data, and we do not share personal data with advertisers or data brokers.
10. Data Retention
We retain personal data only for as long as needed to provide the Service and to comply with our legal obligations:
- Account & profile — until you delete your account.
- Dietary & nutrition logs and corrections — until you delete them in-app, or until you delete your account.
- Meal photos — until you delete them in-app, or until you delete your account.
- Subscription & billing metadata — for the duration of your subscription and for the period required by applicable tax and consumer-protection law.
- Device & diagnostic data — typically up to 90 days, then aggregated or deleted.
When you delete your account, we delete or anonymise associated personal data within 30 days, except for records we are legally required to retain (e.g., billing records).
11. Your Rights and Choices
Under the Singapore PDPA and applicable U.S. state privacy laws, you have the following rights with respect to personal data we hold about you:
- Access — request a copy of the personal data we hold about you.
- Correction — correct inaccurate or incomplete personal data.
- Deletion / withdrawal of consent — delete your account and associated data, or withdraw consent to processing. Withdrawal does not affect processing carried out before withdrawal.
- Portability — request an export of your data in a structured, machine-readable format where reasonably practicable.
You can exercise most of these rights directly in the app via Settings → Data Management (export and delete). For other requests, contact us at privacy@plate-wise.com. We will respond within 30 days of a verified request.
If you are a California resident, you also have the right not to be discriminated against for exercising your privacy rights under the CCPA/CPRA.
12. Security
We use industry-standard safeguards to protect personal data, including encryption in transit (TLS) and at rest, access controls on our infrastructure, and authentication on user accounts. No internet-based service can guarantee absolute security; you are responsible for keeping your account credentials confidential.
13. International Data Transfers
Humancraft AI is based in Singapore. The Service uses cloud infrastructure and AI providers that may process your data in the United States and other jurisdictions outside Singapore. Where personal data is transferred outside Singapore, we take steps required by the PDPA — including contractual safeguards with each processor — to ensure a comparable standard of protection.
14. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you the rights below. To exercise any of them, contact us at the address in the Contact section; we will not discriminate against you for doing so.
- Know and access the personal information we collect, use, and disclose about you.
- Delete the personal information we hold about you, subject to legal exceptions.
- Correct inaccurate personal information.
- Opt out of the sale or sharing of your personal information. We do not sell your personal information, and we do not share it for cross-context behavioural advertising.
- Limit the use of sensitive personal information to what is necessary to provide the Service.
15. Changes to This Policy
We may update this Policy from time to time. When we do, we will revise the "Last updated" date at the top of this document, and where the changes are material we will notify you in the app or by email before the change takes effect.
16. Contact Us
Questions or requests relating to this Policy or your personal data:
Humancraft AI Pte. Ltd.
Email: privacy@plate-wise.com
For unresolved complaints relating to personal data, you may contact the Personal Data Protection Commission of Singapore (PDPC) at https://www.pdpc.gov.sg/.
Sources
- Apple App Store Review Guideline 5.1.2(i) — third-party AI provider disclosure: https://developer.apple.com/app-store/review/guidelines/#5.1.2
- Apple App Privacy Manifest (PrivacyInfo.xcprivacy): https://developer.apple.com/documentation/bundleresources/privacy-manifest-files
- Singapore Personal Data Protection Act 2012 (full statute): https://sso.agc.gov.sg/Act/PDPA2012
- Singapore Personal Data Protection Commission: https://www.pdpc.gov.sg/
- U.S. Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§6501–6506: https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa
- California Consumer Privacy Act / CPRA: https://oag.ca.gov/privacy/ccpa
- GDPR Article 13 (transparency template referenced for completeness — not applicable to this Service): https://gdpr-info.eu/art-13-gdpr/
- GDPR Article 14 (transparency template referenced for completeness — not applicable to this Service): https://gdpr-info.eu/art-14-gdpr/
- Google Privacy Policy: https://policies.google.com/privacy
- Anthropic Privacy Policy: https://www.anthropic.com/legal/privacy
- OpenAI Privacy Policy: https://openai.com/policies/privacy-policy
- RevenueCat Privacy Policy: https://www.revenuecat.com/privacy
- Apple Media Services Terms: https://www.apple.com/legal/internet-services/itunes/
- OpenFoodFacts Terms of Use: https://world.openfoodfacts.org/terms-of-use