Privacy Policy

1. Information We Collect

Account. Email address, password hash (managed by Supabase Auth), optional first/last name and date of birth, role (Individual, Coach, or Client), and subscription status.

App content. Meal plans, saved foods, food amounts, macro totals, grocery lists, meal templates, share and intake tokens, coach/client relationships, intake form responses, check-ins (weight, body measurements, subjective scores, free-text notes), daily compliance logs, and optional progress photos stored in Supabase Storage.

Feedback. Free-text feedback you submit through the in-app feedback button, plus the page you were on when you submitted and your browser user-agent string.

Operational data. Sign-in session cookies, IP address (used for abuse rate-limiting), and minimal server logs.

Marketing audience. If you sign up or join the waitlist, your email address is added to our Resend marketing audience so we can send product update emails. Every marketing email includes a one-tap unsubscribe link.

Browser preferences.Light/dark mode, unit preferences (grams/ounces), recent foods, and favorite foods may be cached in your browser's local storage. These do not leave your device.

2. How We Use Information

We use your information to create and secure your account, save meals, calculate macro estimates, build grocery lists, let coaches and clients share plans, process subscriptions, prevent abuse, improve the product, send transactional email (sign-up confirmation, password reset, plan-assigned alerts, payment receipts), send opt-out marketing email, and respond to support requests.

We do not sell personal information. We do not use your meal logs, check-ins, or progress photos to train AI models.

3. Service Providers

Supabase hosts our authentication, Postgres database, and private Storage bucket for progress photos.

Stripe processes web payments. Stripe receives your billing details, card details, customer record, and subscription state. We never see or store raw card numbers.

Resend delivers our transactional and marketing email. Resend receives the recipient email address and the message contents.

Vercel hosts the app and serves traffic. Vercel receives request metadata (URL, IP, user-agent) for operations and security.

PostHog helps us understand product and marketing usage, including pageviews, referral sources, signup and checkout events, and optional session replay. PostHog does not receive raw card numbers.

TikTok Pixel.If you arrive from a TikTok campaign, the TikTok pixel fires on the landing page and the sign-up completion page to attribute conversions. You can block it with standard ad-blockers or your browser's tracking protection.

4. Coach, Client, And Shared-Link Visibility

If you connect with a coach, accept an assigned plan, or share a meal plan link, the other party may see the meal, plan, check-in, and photo data made available through that feature. Coaches can view a client's check-ins, daily compliance logs, and progress photos only after the client signs up through the coach's invite link.

Shared meal links contain a random token and are viewable by anyone with that link. Do not send a shared link to someone unless you are comfortable with that person viewing it. Coaches can revoke any share link from the coach portal.

5. Retention And Deletion

We keep information while your account is active. You can delete your account at any time from Settings; deletion removes your Prisma user row, cascades to your plans, check-ins, daily logs, and progress photos, and removes your Supabase Auth user.

Some records may remain for a limited time in backups, logs, billing records (Stripe retains transaction records for regulatory reasons), or fraud prevention systems where deletion is not immediately practical or legally required.

To request export or deletion of data without using the in-app controls, email brandon@rothventures.co. We respond within 30 days.

6. Security

We use reasonable technical and organizational safeguards: TLS for all traffic, signed cookies for sessions, server-side input validation, ownership checks on every database write, rate limiting on abuse-prone endpoints, and Supabase Row-Level Security on progress photo storage. No app is perfectly secure; you are responsible for using a strong password and protecting your email account and devices.

7. Children And International Users

Macro Slide is not intended for children under 13. If you believe a child provided personal information, email brandon@rothventures.co and we will delete it.

If you use Macro Slide outside the United States, your information may be processed in the United States, which may have different privacy laws than your country.

8. Your Privacy Rights

Depending on where you live, you may have rights to access, correct, delete, export, or object to certain uses of your personal information. California (CCPA/CPRA) and EU/UK (GDPR) residents have additional rights. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under California law. To exercise rights, email brandon@rothventures.co.

9. Changes And Contact

This Policy may change. The effective date will be updated when material changes are made; we will also notify active users in-app or by email for material changes. Questions, requests, or complaints can be sent to brandon@rothventures.co or to Roth Ventures NY LLC, attention: Privacy.