Privacy Policy
Hungry iOS App
1. Data Controller
Ateam Investments GmbH
Sredzkistraße 59, 10405 Berlin, Germany
Email: hello@ateam.berlin
2. Data We Collect
- Account data: Apple ID, email address, name
- Health data: Symptoms, cycle data, biometric data (via Oura Ring and/or Apple Health)
- Nutrition data: Meals, barcode scans, meal photos
- Check-in factors: Sleep, stress, exercise, and other self-reported factors
3. Legal Basis
We process your data based on your explicit consent pursuant to
Art. 6(1)(a) GDPR. For special categories of personal data (health data),
Art. 9(2)(a) GDPR applies additionally.
4. Three Separate Consents
The app requests three independent consents:
- Health data (required): Necessary to use the app's core features (symptom tracking and correlation reports).
- Oura connection (optional): Links your Oura Ring for automatic import of biometric data.
- AI analysis (optional): Uses AI for meal photo analysis and narrative report generation.
Each consent can be withdrawn independently at any time (see Section 9).
5. Purpose of Processing
- Symptom tracking and documentation
- Nutrition diary with barcode scanning and photo capture
- Correlation reports between nutrition, symptoms, and biometric data
Reports show statistical associations only.
Hungry does not provide medical diagnoses.
6. AI Processing
With AI consent granted, Hungry uses the Anthropic API (Claude) for:
- Automatic meal recognition from photos
- Narrative summaries in correlation reports
Relevant data is transmitted to Anthropic's servers for processing.
Without AI consent, all data remains on our own server.
7. Third-Party Services
- Anthropic — AI analysis (photo recognition, report narratives), only with AI consent
- Oura — Biometric data via OAuth2, only with Oura consent
- Open Food Facts — Barcode database (ODbL license), public API with no user data transmitted
- DigitalOcean Spaces — Photo storage, Frankfurt data center (EU)
- Apple HealthKit — Data stays on device; our backend has no direct access
8. Storage and Security
- Dedicated server in Europe
- PostgreSQL database with encrypted connections (TLS)
- JWT-based sessions
- No automatic deletion — data is stored until you request deletion
9. Your Rights
You have the right to:
- Access and export: Download all your data via the
GET /me/export endpoint.
- Deletion: Permanently delete your account and all associated data via the
DELETE /me endpoint.
- Withdraw individual consents: Each of the three consents can be independently revoked in the app settings.
10. Contact
For privacy-related inquiries, please contact us at
hello@ateam.berlin.