DeepEat
Privacy Policy
Effective: 10/01/2025
Welcome to DeepEat!
Sparkling AI HK Limited
("we", "us", and/or "our") operates the DeepEat website and mobile application
(the "Services"). This Privacy Policy (the "Policy") describes
how we collect, store, use, and share information through our Services.
We care about the
protection and confidentiality of your information. We process your personal
information only as described in this Policy. If you have any questions regarding
this Policy, please contact us according to the information listed below under the
Section "Contact Us".
Here is a summary of the information contained in
this Policy. This summary is to help you navigate the Policy and it is not a
substitute for reading everything. You can view the particular sections for
more detailed information.
•
What data do we collect about you? If you register an account to use the Services, we
will need some personal information from you to set this up. We will also
collect and create personal information about you when you use certain
functions of DeepEat (e.g., the photo-based food calorie recognition,
personalized fitness and diet recommendations, and AI-powered chatbot). For
more information, please refer to 1 PERSONAL INFORMATION WE COLLECT .
•
How do we use your data? We process your personal information to manage the contract you have
agreed to and to provide functions related to the Services. For more
information, please refer to 2 HOW WE USE YOUR INFORMATION .
•
How will we share and transfer your data globally? We may disclose your personal information to
affiliates and some third-party service providers (e.g., technology services
and business support) who help us deliver the Services. We may also be required
to disclose certain personal information about you in response to any legal
procedures or requests from regulatory authorities, for audit purposes, in the
event of mergers, acquisitions, sale of assets, or transfer of services, and in
other circumstances specified under 3 HOW WE SHARE YOUR PERSONAL INFORMATION . Due to
the international operation of our business, your personal information may be
accessed from and transferred to jurisdictions outside of where you are
located. In the event of a cross-border transfer of personal information, we take
appropriate measures to provide an adequate level of protection for your
personal information. For more information, please refer to 4 HOW WE
TRANSFER YOUR DARA AROUND THE WOLRD .
•
How do we secure and retain your data? Your personal information is stored on servers
located in the United States or EU and we take every reasonable step to ensure
that your personal information is only processed for the minimum period
necessary for the purposes set out in this Policy. For more details on the duration
of the retention of your personal information, please refer to 5 HOW
WE SECURE YOUR INFORMATION and 6
HOW DO WE RETAIN YOUR PERSONAL INFORMATION .
•
What are your rights regarding the processing of your personal information?
Depending on
where you are, you may have certain rights with respect to your personal
information, such as rights of access and data portability, to correct or
delete your personal information, to withdraw your consent, restrict or object
to our processing of your personal information, or to lodge complaints with an
applicable authority for any breach of data protection laws. For more
information, please refer to 7 YOUR RIGHTS AND CHOICES . In
particular, if you are a California resident, certain state data privacy
legislations may entitle you to additional rights as detailed under 8
ADDITIONAL U.S. STATE DISCLOSURES .
•
How do we protect minors? If you are considered a minor under the laws of the applicable
jurisdiction, before using the Services, consent to the processing of your personal
information shall be given by your parent(s) or legal guardian(s). Additionally,
we do not aim to provide Services for minors under 13. For more information,
please refer to 9
USE BY MINORS .
•
Changes of this Policy and Contact Us. We recommend that you regularly check the latest
version of this Policy in the APP. If there are any substantial changes to this
Policy, depending on the nature of such changes, we will notify you in advance
through pop-ups, push notifications, and other appropriate means. If you have
any questions or comments regarding this Policy and/or other privacy practices,
want to exercise any rights you may have, please contact us by response@deepeat.ai.
1
PERSONAL INFORMATION WE COLLECT
2 HOW WE
USE YOUR INFORMATION
3 HOW WE
SHARE YOUR PERSONAL INFORMATION
4 HOW WE
TRANSFER YOUR DARA AROUND THE WOLRD
5 HOW WE
SECURE YOUR INFORMATION
6 HOW DO
WE RETAIN YOUR PERSONAL INFORMATION
7 YOUR
RIGHTS AND CHOICES
8 ADDITIONAL
U.S. STATE DISCLOSURES
9 USE BY
MINORS
10 CHANGES
TO THIS PRIVACY POLICY
11 CONTACT
US
1. PERSONAL INFORMATION
WE COLLECT
For the purpose of this
Policy, "personal information" means any information relating to an identified
or identifiable individual. In certain jurisdictions, this may be referred to
as "personal data". However, for the sake of consistency, this Policy will use
the term "personal information" throughout to refer to such data. To the extent
that our processing of your personal information is subject to certain data
privacy protection laws (including, but not limited to the General Data
Protection Regulation ("GDPR"), California Consumer Privacy Act of 2018
("CCPA"), California Privacy Rights Act of 2020 ("CPRA"), collectively
hereafter "appliable laws"), we will also notify you about the legal basis on
which we process your personal information and your rights under such laws.
1.1. Information you
provide
Through your use of the
Services, you may provide us with the following information:
a. Account Information. This
includes your email address/Apple ID/Facebook ID/Google
Account (as applicable), verification code and password. When you use our Services,
you may create an account with your email address, Apple ID, Facebook ID or
Google Account to complete the registration and become our user. We may verify
your identity by sending a verification code. If you refuse to provide Account Information
for registration and login, we may be unable to offer you our Services.
b. Basic Profile
Information. This includes your username, gender, age, height, weight,
exercise frequency, drinking amount, purpose of the trial, specific needs and
weight loss rate. After you have created and logged into your account, you can
further edit your personal profile and personal goals. We will use your Basic
Profile Information to provide you with personalized fitness and diet
recommendations, as well as AI-powered chatbot services. You have the option to
choose which information to share with us. If you refuse to provide these information,
we may be unable to offer you our Services.
c. Interaction
Information: When you use the AI-powered food calorie recognition function,
food health rating function or chatbot function, we collect your input data
("Inputs"), such as text, images and voice messages. Specifically, when you use
our voice input service (if applicable), we will request permission to access
your device's microphone. With your consent to the access permission, we will
collect your voice information, send your voice commands to the server, and
provide feedback based on your voice commands. During the process, if you
choose to convert your voice into text, we will also collect and use the
converted text content to provide you with intelligent services. These Inputs
are analyzed to enhance our understanding of your inquiries and context,
enabling us to provide you with responses ("Outputs") tailored to your specific
needs. The Interaction information is necessary to offer you the AI-powered
food calorie recognition, food health rating and chatbot service. If you refuse to provide this
information, you will be unable to use the relevant features.
d. Feedback Information. This
includes your feedback on complaints and communications with our customer
service representatives. If you refuse to provide the Feedback Information, it
will not affect your use of our Services.
1.2. Information we
collect from third parties
a. Third-party
Account Information: When you use a third-party account to register or log
in to our Services (Facebook, etc.), we collect certain information related to
your third-party account, including your username, email address and personal
profile under such third-party account.
b. Apple Health Data. You have the option to connect and share your data with Apple Health, as
well as share your Apple Health information with DeepEat. This includes details
such as step count, exercise duration, and calorie expenditure. We will only
access your Apple Health Data with your prior consent. Choosing not to share
this information will not impact your ability to use the basic services of
DeepEat.
1.3. Information we
collect automatically
We automatically log the
following information about you, your mobile device, your network, and your
interactions over time with our Services:
a. Device and Network Data. This includes your device-specific
identifiers, i.e., hardware identifiers (OAID, GAID, IMEI, MAC), software
identifiers (Android ID, IDFA, IDFV, GUID), and network identifiers (IP/WiFi
addresses). This also includes technical specifications, i.e., browser
type/version, operating system details, and service interaction metrics -
including visited pages, session timestamps, duration, and performance
diagnostics. When you access our Services via mobile devices, we may also
collect your mobile platform type, device-specific unique identifiers (i.e.,
SIM card details), and cellular network configuration parameters.
b. Usage Data. This
includes your behavior information while using the Services, including your
click, browsing, and editing activity records.
2. HOW WE USE YOUR
INFORMATION
We will only use your personal information when
the applicable laws allow us to. Our legal bases for collecting and using the
personal information described in this Policy depends on the personal
information we collect and the specific context in which we collect the
information:
We need to perform a contract with
you;
You have given us consent to do so;
In specific jurisdictions, processing your
personal information is in our legitimate interests, including
§
providing, maintaining and marketing our Services;
§
detecting, preventing and enforcing
violations of our Terms of Use including misuse of services, fraud, abuse, and
other trust and safety protocols; and
§
protecting our legal rights and the rights of
others.
We need to comply with our legal
obligations under the applicable laws.
The purposes
for which we process personal information, subject to applicable laws, and the
legal basis on which we perform such processing, are as follows:
|
Purpose |
Type of Personal Information |
Legal Basis |
|
To provide you with functions related to user account management, such
as account registration, account deletion, and account login |
Account Information
Third-party
Account Information
Basic Profile Information
Device and Network Data |
Performance of contract |
|
To provide the core functionality of the Services, including AI-powered
food calorie recognition and food health rating through photos, and chatbot |
Interaction Information
Device and Network Data |
Performance of contract |
|
To provide the additional functionality
of the Services, including personalized fitness and diet recommendations, and
Apple Health connection |
Interaction Information
Apple Health Data
Device and Network Data |
Consent |
|
To send you marketing
communications through push notifications. You can also disable notifications
in your phone's settings center to stop receiving marketing messages |
Account Information |
Legitimate interests & Consent |
|
To analyze user behavior to optimize the Services (not used for AI model
training) |
Device and Network Data
Usage Data |
Legitimate interests |
|
To monitor and protect the Services to ensure the normal operation of the
Services you use, including preventing fraud, criminal activity, and misuse
of our Services |
Account Information
Third-party
Account Information
Device and Network Data
Usage Data |
Performance of contract & Legitimate interests |
|
To respond to your inquiries, comments, feedback or questions |
Account Information
Third-party
Account Information
Feedback Information |
Performance of contract & Legitimate interests |
|
To comply with legal obligations, and defend against legal claims and
disputes |
Account Information
Third-party
Account Information
Basic Profile Information
Interaction Information
Feedback Information
Device and Network Data
Usage Data |
Legal Obligations & Legitimate interests & Consent, where
required by applicable laws |
3. HOW WE SHARE YOUR
PERSONAL INFORMATION
In order to provide you
with more comprehensive and high-quality Services, we will authorize our
commercial partners to provide certain services to you. In such cases, we may
share some of your personal information with our partners.
We will only share your
personal information for lawful, legitimate, necessary, specific, and explicit
purposes, and we will only share the personal information required to provide
the Services. We will require our partners, through agreements, to retain data
only for the necessary period and to implement adequate security measures to
protect data security.
We will disclose
personal information to the following categories of third parties for the
purposes explained in this Policy:
·
Affiliates and
corporate partners. We disclose the
categories of personal information described above between and among our affiliates
and related entities, for legitimate business purposes and the
operation of the Services, in accordance with applicable laws.
·
Service providers and
business partners. Third-party service providers who provide us with technology services
(such as cloud storage service, cybersecurity provider) and business support
(such as growth analysis Software Development Kit provider) may need to process
your data. These third parties will process your personal information on our
behalf under relevant contracts.
·
Law enforcement agencies, public authorities
or other judicial bodies and organizations.
We disclose Information if we are legally required to do so, or if we have a good
faith belief that such use is reasonably necessary to comply with a legal
obligation, process or request; enforce our Terms of Use and
other terms, policies, and standards, including investigation of any potential
violation thereof; detect, prevent or otherwise address security, fraud or
technical issues; or protect the rights, property or safety of us, our users, a
third party or the public as required or permitted by applicable laws
(including exchanging information with other companies and organizations for
the purposes of fraud protection).
·
Change of corporate ownership. If we are involved in a merger, acquisition, bankruptcy,
reorganization, partnership, asset sale or other transaction, we may disclose
your Information as part of that transaction.
4. HOW WILL WE TRANSFER
YOUR DARA AROUND THE WOLRD
Our servers are located
in the United States and Europe. If you are a European user, your information
will be stored in Europe. If you are a non-European user, your information will
be stored in the United States. Meanwhile, due to the international nature of
our business, your personal information may also be accessed by our affiliates
or be transferred to third-party service providers and business partners, in
connection with the purposes set out in this Policy. For this reason, we
transfer personal information to other jurisdictions that may have different
laws and data protection compliance requirements to those that apply in the
jurisdiction in which you are located. If you would like to obtain more
information regarding cross-border data transfers, please contact us through
the details provided in the "Contact Us" section.
In the event of an
international transfer of personal information, when required by applicable
laws, we will provide an adequate level of protection for your personal
information using various means, including implementing Standard Contractual
Clauses or data transfer agreements that comply with applicable laws between
our affiliates and third parties or any other lawful approach that permits the
lawful transfer of personal information from those countries.
5. HOW WE SECURE YOUR
INFORMATION
We have implemented
appropriate technical and organizational security measures designed to protect
your personal information against accidental or unlawful destruction, loss,
alteration, unauthorized disclosure, unauthorized access, and other unlawful or
unauthorized processing, in accordance with applicable laws.
Your account is
protected by a password for your privacy and security. You must prevent
unauthorized access to your account and personal information by selecting and
protecting your password appropriately and limiting access to your computer or
device and browser by signing off after you have finished accessing your
account. If you have any concerns that your account or personal information has
been put at risk, for example if someone could have found out your password,
please contact us by using the contact details provided in the Section "Contact
Us" below.
While we use reasonable
commercial efforts to protect the data, no technology, data transmission, or
system can be guaranteed to be 100% secure. In the event of a breach of
security leading to accidental or unlawful destruction, loss, alteration,
unauthorized disclosure of, or access to your data, we will notify you according
to the applicable laws.
6. HOW DO WE RETAIN YOUR
PERSONAL INFORMATION
We adhere to retention
policies for the personal information we collect to ensure that it is not
retained longer than necessary for the intended purpose.
If you deactivate your
account, delete personal information, or the retention period is expired, we
will delete or anonymize your personal information, except in the following
cases:
Compliance with legal requirements regarding data retention
according to the applicable laws.
Extension of the period for financial, audit, dispute
resolution, or other legitimate purposes.
When assessing how long
your personal information is retained, we consider criteria such as: (i) the
nature of the personal information and the activities involved; (ii) when and
for how long you use the Services; and (iii) our legitimate interests and our
legal obligations.
Subject to applicable law and depending on
where you reside, you may have some rights regarding your personal information,
as described below. If you have any other requests relating to the access of
your personal information, please contact us using the contact details listed
in the Section "Contact Us" below.
7.1
Data Access
You may have the right to know what personal
information we process about you, including the categories of personal
information, the business or commercial purposes for collection, the categories
of third parties to whom we disclose it and other information according to the
applicable law.
You may have the right to access and obtain a
copy of your personal information in accordance with the applicable laws. Where applicable, we will provide the information
in a portable, machine-readable, readily usable format.
7.2
Data
Correction
You may have the right to request that we
correct inaccurate personal information that we retain about you, subject to
certain exceptions.
7.3
Data
Deletion
You have the right to delete your account and
erase your personal information. Upon deleting your account, all your personal
information will be deleted. Additionally, you may also request deletion of the
personal information you provide by contacting us. If some of your personal information
cannot be deleted, we will inform you of the reasons for not taking action.
Please note
that we reserve the right to retain some of your personal
information where there are valid grounds for us to do so under applicable laws.
7.4
Withdrawal
of Consent
Where we
process your personal information on the basis of your consent, you may
withdraw your consent by contacting us. The withdrawal of consent will not
affect the lawfulness of processing based on consent before its withdrawal.
7.5
Objection to
the Processing
Subject to
applicable laws, you may object to the processing of your personal information
based on our legitimate interests where there are grounds relating to your
particular situation by contacting us. Please note that we may have an overriding
legitimate interest to keep processing your personal information, but we will
let you know where this is the case.
7.6
Restriction
to the Processing
If you would
like to restrict our processing of your personal information, you may contact
us. You have the right to restrict the processing of your data where one of the
following applies:
the
processing is unlawful and you oppose the erasure of relevant personal
information;
for the
purpose of establishment, exercise or defense of legal claims, you request us to
retain your personal information that we were supposed to delete;
your
objection regarding the accuracy of your personal information is pending our
verification;
your request
to object to the processing of your personal information is pending our verification.
7.7
Lodge a
complaint with your local data protection authority
Subject to
applicable data protection laws, you may have the right to submit your
complaint to the local data protection authority where you reside if you
consider that the processing of your personal information infringes any
applicable data protection laws.
7.8
Other Rights
Depending on
your jurisdiction, you may be entitled to additional rights in relation to your
personal information. If you would like to contact us to exercise one or more
of these rights, to ask a question about these rights or any other provision of
this Policy or about our processing of your personal information, or to file a
complaint about how we process your personal information, you may use the
contact details provided in Section "Contact Us" below.
When
submitting a right request, please specify the scope and basis of your request
and provide us with the necessary information to verify your identity. We may
contact you to confirm your identity in order to handle your request. We will
typically respond to your request within 7 days after verifying your identity
and no later than the timeframe required by applicable laws.
8.
ADDITIONAL U.S. STATE DISCLOSURES
We
collect personal information from and about you in the preceding 12 months as
described in Section 1. PERSONAL INFORMATION WE COLLECT above.
We
disclose personal information with third parties for business purposes in the
preceding 12 months as below:
|
Categories of personal information |
Disclosed to which categories of third parties |
|
All categories detailed in Section 1 above |
Cloud storage services provider and our affiliates |
|
Device and Network Data, Usage Data |
Growth analysis software development
kit provider; Cybersecurity
service provider; Operator of third-party account platforms |
To
the extent provided for by local law and subject to applicable exceptions, you
may have the following rights:
Opt-out of marketing
communications. We may provide marketing information through in-app
notifications. If you do not wish to receive these notifications, you can
disable them in your device settings.
Limit the Use of Sensitive Personal Information. You also
have the right to request limitation of use and disclosure of your sensitive
personal information, subject to certain exceptions. If you would like to limit
the use of your sensitive personal information, please contact us by using the
contact details provided in the Section "Contact Us" below.
The verification code and password, as well as the health information such
as exercise frequency, duration and weight loss rate, are sensitive personal information
under certain State data protection laws. Currently, we use and disclose the
verification code to third-party service providers for the purpose necessary to
supporting your account registration and login. We do not "sell" or "share" (as
defined under applicable State data protection laws) your sensitive personal information.
Do Not Sell
or Share My Personal Information. Based on the definition of "sell" and "share" under
applicable State data protection laws, we do not believe that we engage in such
activity and have not engaged in such activity in the past 12 months from the
effective date of this Policy.
Appeal. You may appeal our refusal to take action on
a request by contacting us using the contact details provided in Section "Contact Us" below.
Direct Marketing. We do not disclose personal information
to third parties for their direct marketing purposes.
If you would
like to contact us to exercise one or more of these rights, to ask a question
about these rights or any other provision of this Policy or about our
processing of your personal information, or to file a complaint about how we
process your personal information, you may use the contact details provided in the
Section "Contact Us" below. According to applicable laws, we may request you
provide documents such as application form and proof of identity. We may
contact you to confirm your identity in order to handle your request. We will
respond to your request or complaint in due course under the applicable laws.
If you are considered a
minor under the laws of the applicable jurisdiction, before using the Services,
consent to the processing of your personal information shall be given by your
parent(s) or legal guardian(s). Additionally, our Services are not directed
towards, and we do not knowingly collect, sell, or share any information about
individuals under the age of 13. If you become aware that a child under the age
of 13 has provided any personal information to us while using our Services,
please email us at the contact details provided in the Section "Contact Us" below,
and we will investigate the matter and, if appropriate, delete the personal
information.
10. CHANGES TO THIS
PRIVACY POLICY
The Services and our
business may change from time to time. As a result, at times it may be
necessary for us to make changes to this Policy. we recommend that you
regularly check the latest version of this Policy in the APP. If there are any
substantial changes to this Policy, depending on the nature of such changes, we
will notify you in advance through pop-ups, push notifications, and other
appropriate means.
For more information
about your data subject rights, or how we process your personal information,
please contact us by using the information below.
Controller: Sparkling AI HK Limited
Contact
Person: SPARKLING AI Privacy Team
