Skip to main content
AaharIQ
Legal

Privacy Policy

Last updated: February 2026

1. Introduction

AaharIQ ("we", "our", or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, and share data when you use the AaharIQ platform — including our web application, mobile application, and all related services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of the Service immediately.

2. Information We Collect

We collect the following categories of information:

  • Account Information: Your name, email address, and hashed password when you register for an account.
  • Health & Medical Data: Medical conditions, allergies, dietary restrictions, and any documents you voluntarily upload to your health profile. This data is used exclusively to personalise AI-generated recommendations.
  • Usage Data: Product scans performed, ingredients entered, AI queries made, chat session history, and voice transcriptions. This data powers your personalised recommendation history and usage analytics.
  • Device & Technical Data: IP address, browser type, operating system, and device identifiers — collected automatically for security, fraud prevention, and service improvement purposes.
  • Communications: Any messages or queries you submit via our support channels.

3. How We Use Your Information

We use the information we collect to:

  • Authenticate your account and maintain session security
  • Generate personalised AI health and nutrition recommendations based on your medical profile
  • Power our Retrieval-Augmented Generation (RAG) pipeline to cross-reference your uploaded documents with product ingredient data
  • Maintain a history of your product scans and AI interactions for your personal reference
  • Send transactional communications such as account verification emails and subscription receipts
  • Detect, prevent, and respond to fraud, abuse, and security incidents
  • Comply with applicable legal obligations

We do not use your health data to train external AI models, sell advertising, or share information with third-party marketers.

4. Data Storage & Security

All data is stored on encrypted servers. Sensitive health data is isolated on a per-user basis within our vector database (ChromaDB) — no user can query another user's data. Access tokens are short-lived (15 minutes), and refresh tokens are stored securely with rotation-on-use to prevent replay attacks.

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, rate limiting, and prompt injection detection on all AI input fields.

Despite these measures, no system is completely secure. We encourage you to use a strong, unique password and to contact us immediately at security@aahariq.ai if you suspect unauthorised access to your account.

5. Third-Party Services

We use a limited set of trusted third-party services to operate the platform:

  • OpenAI: Powers our large language model (LLM) responses. Prompts sent to OpenAI are anonymised and do not include personally identifiable information beyond the health context necessary for recommendations.
  • PostgreSQL (self-hosted): Stores account data, scan history, and chat sessions on infrastructure we control.
  • Stripe / Payment Gateway: Processes subscription payments. We do not store your payment card details — all billing data is handled by our PCI-DSS compliant payment partner.

We do not share your data with any third party beyond what is described above, unless required by law.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your account and all associated data
  • Restriction — request that we limit the processing of your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to certain types of processing, including profiling

To exercise any of these rights, please contact us at privacy@aahariq.ai. We will respond within 30 days of receiving your request.

7. Data Retention

We retain your account and health data for as long as your account remains active. If you delete your account, we will permanently erase your personal data within 30 days, except where retention is required by applicable law (e.g., financial records for tax compliance).

Anonymised, aggregated usage statistics that cannot be linked back to any individual may be retained indefinitely for service improvement purposes.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by email or by displaying a prominent notice within the Service. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact our Data Protection Officer at:

AaharIQ — Privacy Team

Email: privacy@aahariq.ai

General: contact@aahariq.com