Privacy Policy

Guild Development Corporation Effective: June 5, 2026 App version: Beta
Scope: This policy covers the Mealborne app and game product. The mealborne.gg marketing website has a separate cookie notice covering analytics used for our waitlist campaign.

Contents

  1. 1. What We Collect
  2. 2. Why We Collect It
  3. 3. Third-Party Sharing
  4. 4. Data Retention
  5. 5. Your Rights
  6. 6. Jurisdictions
  7. 7. HealthKit
  8. 8. Children
  9. 9. Security
  10. 10. Contact
  11. 11. Changes

1. What We Collect

Mealborne is anonymous-first. You don't need an account or email address to play. We collect the minimum data needed to make the game work and improve it — nothing more.

Health & Profile Data

This data lives on your device only (in the app's local storage). It is not sent to our servers in plaintext. An encrypted backup is created during the beta programme — see below.

DataStoredPurpose
WeightYour device (+ encrypted beta backup)Calculates your daily calorie target using the Mifflin-St Jeor formula
Body fat % (optional)Your device onlyRefines protein target estimate. Entirely optional — the game works without it.
AgeYour device onlyRequired input for the BMR formula
Biological sexYour device onlyRequired input for the BMR formula
Calorie & macro targetsYour device onlyDrives the daily nutrition scoring in every battle

Gameplay Data

DataStoredPurpose
Meal logs (food, macros, timestamp)Your device onlyEvery meal is a battle — we score it against your targets
Weigh-in historyYour device onlyTrend tracking and plateau detection
Training records (optional)Your device onlyAffects Day Boss scoring and energy expenditure
Meal photosTransient on our side — sent to our AI provider for food identification, then discarded. Not stored on Mealborne's servers.AI-powered food logging — take a photo instead of typing
Game progression (XP, quests, Squire)Your device onlyYour game state

Technical & Analytics Data

DataStoredPurpose
Anonymous device IDYour device + hashed in server logsLinks your sessions together without requiring a login. Never linked to your name or email.
Country code (2-letter, from IP)Our servers (keyed to hashed device ID)Product analytics — understanding which markets play Mealborne. No city, no street, no GPS.
Crash & error reportsSentry (scrubbed — no health data, no name)Catching bugs you can't report manually (app crashes before the screen loads)
Anonymous gameplay events (beta, opt-in)PostHog (US). Hashed ID only — no email, no name, no health values.Understanding how people play during beta so we can improve the game
Session recordings (recruited testers, explicit opt-in)PostHog. All text, numbers, and inputs are masked — we see that you tapped a field, not what you typed.Watching where the UI is confusing during beta

Beta Testing Programme

During the current closed beta, two additional data flows apply — both opt-in and revocable in Settings → Privacy:

By participating in the closed beta, you acknowledge that the product is pre-release and may change; that analytics are collected as described; that feedback you share may be used to improve the game without separate compensation.

2. Why We Collect It

Every piece of data we collect has exactly one stated purpose. We don't collect data speculatively.

PurposeData used
Calculate your daily calorie & macro targetsWeight, age, sex, body fat % (optional)
Run the gameplay loopMeal logs, weigh-ins, training records, game progression
AI food identification from photosMeal photo (transient), food description you type
Corvus AI coaching (Champion tier)Derived context only: your calorie target and recent eating history — never raw weight, age, or sex
Beta cache-clear recoveryEncrypted game state snapshot
Rate limiting and cost controlHashed device ID
Crash detectionError traces (scrubbed of personal data)
Product improvement during betaAnonymous gameplay events (opt-in), masked session recordings (opt-in)
What we never do with your data: show you ads, share with ad networks, sell to data brokers, profile you for non-health purposes, share with insurance companies or employers.

3. Third-Party Sharing

We share data only with the services needed to run Mealborne. We sign data processing agreements with vendors where available.

VendorWhat we shareWhy
USDA FoodData Central Food search queries (e.g. "chicken breast") Nutrition database — looks up calories and macros for the foods you log
OpenRouter (AI gateway) Meal photos (transient); Corvus coaching context (derived calorie/macro data — not your raw weight, age, or sex); cost telemetry Routes AI requests to the models that power photo-to-tray and Corvus advice. Sub-processors include OpenAI, Google, xAI, and Alibaba Cloud (qwen).
Vercel (hosting) API request metadata; anonymised country code Hosts the game and serves the API
Supabase (database) Encrypted state-snapshot backups (beta only; health fields are ciphertext — Supabase cannot read them) Beta backup and future account infrastructure
Sentry (error tracking) Scrubbed error traces; hashed device ID only. No health data, no name, no email. Crash reporting and error detection
PostHog (analytics) Anonymous gameplay events (9 allowed fields — no health values, no name); masked session recordings (recruited testers, opt-in) Beta product analytics. Opt-in only. GeoIP disabled. Hashed distinct ID.
RevenueCat (planned) App Store / Play Store receipts; subscription state Subscription validation when IAP launches
Apple / Google (when applicable) Subscription transaction data Required by App Store / Play Store payment processing
No advertising networks. The Mealborne app contains no ad SDKs, no tracking pixels, and no data sharing with advertising platforms. The mealborne.gg marketing website uses a Meta Pixel for the waitlist campaign — that is covered by the separate cookie notice on that site, not this policy.

4. Data Retention

DataKept forDeleted when
Health & profile data (weight, age, sex, BF%)Until account deletion + 30-day grace periodYou delete your account in Settings
Meal logs, weigh-ins, training recordsUntil account deletion + 30-day grace periodSame
Meal photosNot retained by us — transient onlyCleared immediately after AI analysis. OpenRouter may retain inference inputs up to 30 business days.
Anonymous device ID18 months from last useAutomatic, or user-initiated reset
Encrypted state snapshots (beta)Latest 5 per device (older ones auto-pruned)Automatic pruning, or you exit the beta programme
Server logs (hashed device ID, request data)90 daysAutomatic rolling deletion
PostHog analytics events (beta)~1 year per PostHog policyOpt-out stops new events immediately; old events roll off per PostHog
Session recordings (beta testers)~30 days per PostHog policyOpt-out or rolloff
IP addresses (rate limiting)24 hoursAutomatic

Account deletion is soft for 30 days (in case it was accidental), then permanent. After hard deletion the only thing we retain is a timestamped deletion record with no personal information — kept 7 years for compliance.

5. Your Rights

You have rights over your data. We honour all GDPR, CCPA, Philippine Data Privacy Act, and equivalent rights globally — we apply the highest standard, wherever you are.

Access & Portability

Request a full export of your data any time via Settings → Account → Export My Data. You'll receive a ZIP file containing your profile, meals, weigh-ins, achievements, and history in open JSON format.

Deletion ("Right to be Forgotten")

Use Settings → Account → Delete Account. For anonymous accounts (most users) this clears all local data immediately — there's nothing on our servers to erase. For authenticated accounts, deletion triggers a server-side wipe after a 30-day grace window.

Correction

Edit any field in Settings. If you can't reach something via the UI, email us and we'll correct it.

Opt Out of Optional Processing

Via Settings → Privacy you can toggle: body fat % logging, anonymous analytics, session replay, and (when available) AI coaching.

Do Not Sell (CCPA)

We do not sell personal information. The "Do Not Sell" toggle is in Settings → Privacy as a disclosure requirement — it's a no-op in practice because there's nothing to stop.

AI Coaching Disclosure (GDPR Art. 22)

Corvus AI coaching is available to Champion subscribers only. If you are on the Champion tier, Corvus advice is generated by a large language model — it is informational only and does not make decisions with legal or significant real-world effects on you. Champion subscribers can opt out via Settings → AI Coaching.

6. Jurisdictions

Mealborne is operated by Guild Development Corporation, a company registered in the Republic of the Philippines. We comply with all applicable data protection laws.

Republic of the Philippines (RA 10173 — Data Privacy Act of 2012)

Guild Development Corporation acts as the Personal Information Controller under RA 10173. Health-related data is sensitive personal information under Philippine law. Our lawful basis for processing it is your explicit consent (given at first launch) and contractual necessity (your nutrition targets are required to run the game). Philippine users have the right to file complaints with the National Privacy Commission.

European Economic Area + UK (GDPR / UK GDPR)

Our lawful basis by data type: weight/age/sex (legitimate interests + contractual necessity for BMR calculation); analytics (consent, which you can withdraw at any time). We use Standard Contractual Clauses for transfers of data from the EEA/UK to our US-based vendors.

California (CCPA / CPRA)

Categories collected: Identifiers (anonymous device ID), Health & Fitness Data (weight, BF%, BMR), User Content (meal logs). Categories sold: none. Categories shared for cross-context behavioural advertising: none (in-app; see above for marketing site). Health data is sensitive PI under CPRA — we use it only for your nutrition targets and opt-in AI coaching.

Children

Mealborne is for adults 18 and over. Our age gate refuses registration to anyone under 18. We do not knowingly collect data from minors. If you believe a child has used Mealborne, contact us and we'll delete their data immediately.

7. HealthKit (Planned — Mobile App)

When the Mealborne mobile app launches with HealthKit integration, this section will become active. Until then, no HealthKit data is accessed.

Our planned posture: HealthKit data never leaves your device; we read it locally for convenience (auto-filling your daily weigh-in) but never sync it to our servers; it is never used for advertising and never shared with third parties, consistent with Apple's HealthKit policies.

8. Children's Privacy

Mealborne is for adults 18 and over. If you are under 18, do not use Mealborne. If you are a parent or guardian and believe your child has used the app, please contact us at team@mealborne.gg — we will delete their data immediately.

9. Security

We protect your data with industry-standard technical measures:

In the event of a data breach involving sensitive personal information, we will notify affected users and the relevant supervisory authority within 72 hours of discovery.

10. Contact

Questions about your data, requests to exercise your rights, or concerns about this policy:

Guild Development Corporation / Mealborne

Email: team@mealborne.gg

Subject line: Privacy Request

For urgent matters (suspected data breach): subject line Privacy Urgent

We aim to respond to all privacy requests within 30 days.

11. Changes to This Policy

We will update this policy as Mealborne evolves:

The current version is always at mealborne.gg/privacy.