Macrotrack · Legal

Privacy Policy

How we collect, use, store and protect your personal information.

Last updated: 18 May 2026

Effective date: 18 May 2026

This Privacy Policy explains how David Lewis (ABN 70 249 019 578) ("Macrotrack", "we", "us") collects, uses, stores and discloses your personal information when you use the Macrotrack Progressive Web App at macrotrack.com.au (the "Service").

We are bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth). If you access the Service from outside Australia, additional rights may apply to you — see section 12.

1. What we collect

1.1 Information you give us when you sign up

Email address
A password you choose (stored only as a salted hash by AWS Cognito; we never see the plaintext)
A 4–6 digit PIN you optionally set for fast re-authentication (stored only as a salted HMAC-SHA256 hash in your Cognito user attributes; we cannot recover or read the plaintext)

1.2 Profile information you enter during onboarding and afterwards

Display name (username)
Sex (M/F/X), age, optional birth month/year
Height (cm), current weight (kg), activity level, weight goal (kg/week)
Australian state (used to infer your timezone)
Optional daily macro targets and water target

1.3 Logs you record while using the Service

Food entries: name, time, source (barcode / manual / OCR / AI photo / AI describe), servings, serving size, per-100g macronutrients, totals
Weight readings (date + kg)
Water entries (date + millilitres) and individual water events (time + ml)
Meal templates you save and food favourites you mark

Sensitive health information — important.

The information in sections 1.2 and 1.3 (body metrics, dietary intake, weight history, water intake) constitutes "health information" and "sensitive information" under Australian Privacy Principle 3. Australian Privacy Principle 3.3 requires us to obtain your consent before collecting this category of information. By completing onboarding and using the Service, you provide your express consent under APP 3 for the collection, storage, and use of this sensitive health information for the purposes described in section 2. You may withdraw consent at any time by closing your account; on closure we will delete this information in accordance with section 6.

1.4 Reminder and notification settings

Whether you have reminders enabled
Your preferred water-reminder interval
For Web Push: the push subscription endpoint and associated keys issued by your browser

1.5 If you subscribe to Macrotrack Pro

A Stripe customer ID, subscription ID, subscription status, and current billing period end date. Stripe handles all payment card information; we never see your full card number.

1.6 Photos and text you submit to the AI features

When you use AI photo estimation, the image you capture is sent in-memory to Anthropic's Claude model hosted on Amazon Bedrock in AWS Sydney (ap-southeast-2) for analysis. The image is not stored on our servers, in our database, or in any object storage. Only the extracted nutritional data is saved to your account.
When you use AI describe, your text description is sent to the same model in the same region. The original text is not retained after the response is generated.
When you use Label OCR (nutrition panel reading), the image is sent to Anthropic's Claude model hosted on Amazon Bedrock in AWS Sydney (ap-southeast-2) — the same vendor used for AI photo and AI describe for text extraction. Images are not stored.
Model training. Anthropic does not use Bedrock customer inputs (your photo, your text, our prompts) to train, fine-tune, or improve its foundation models. This is contractually guaranteed under the AWS Bedrock Service Terms. We do not train any AI models on your data either.
AI output is an estimate, not a measurement. AI-generated macros and portion sizes may contain errors and can reflect biases in the underlying training data. They are starting points for your review — always confirm before logging. See clause 2.6 of the Terms of Service for the full AI disclaimer.

1.7 Information collected automatically

Standard web-server logs (IP address, user agent, request paths, response codes, timestamps) retained by AWS for operational and security purposes for up to 90 days.
We use Google Analytics 4 to understand aggregate site usage (pages viewed, approximate location at country level, device type, referring site, session duration). Google receives an anonymised IP address — we have IP anonymisation enabled. We do not use Google Analytics for advertising or remarketing. Beyond GA4 we do not use any other analytics SDKs (no PostHog, no Mixpanel, no Segment, no Meta Pixel) and we do not use advertising trackers.

1.8 Information stored on your device (not on our servers)

localStorage keys (macrotrack-logs, macrotrack-profile, macrotrack-meals, macrotrack-private-foods, macrotrack-last-email) — these are an offline-friendly cache of your synced data, plus a convenience copy of the last email you signed in with.
Service worker caches of app assets, to make the PWA work offline.

2. Why we collect it

We collect the information above to:

(a) provide the Service to you (operate your account, store your diary, sync across your devices, calculate your daily totals);
(b) compute your nutrition targets from the body and goal information you provide;
(c) deliver reminder notifications if you ask us to;
(d) operate the AI features if you choose to use them;
(e) process payment for Macrotrack Pro (via Stripe);
(f) respond to your support enquiries;
(g) detect, prevent and respond to security incidents and misuse;
(h) comply with our legal obligations.

We do not use your information for advertising or for profile-based marketing.

3. Legal bases (for users in the EU/UK)

Where the GDPR or UK GDPR applies to you, we rely on these legal bases:

Contract performance — to operate the Service for you (sections 2(a), (b), (d), (e))
Legitimate interests — security, fraud prevention, service improvement (section 2(g))
Consent — for push notification reminders and any future marketing emails (you can withdraw at any time)
Legal obligation — where we are required by law to retain or disclose (section 2(h))

4. Who we share it with

We share personal information only with the following categories of recipient:

4.1 Service providers acting on our behalf

Amazon Web Services (AWS) — hosting, database (DynamoDB), authentication (Cognito User Pools), AI model invocation (Bedrock), file storage. All processing occurs in AWS Sydney (ap-southeast-2). AWS is bound by its Data Processing Addendum.
Anthropic (via Amazon Bedrock) — AI inference only. Anthropic does NOT use Bedrock customer inputs to train its models.
Stripe Payments Australia Pty Ltd — subscription billing. Stripe receives your email and (when you pay) your card details; we receive only the resulting customer/subscription identifiers and billing status.
Web Push providers (Apple Push Notification Service, Google Firebase Cloud Messaging, Mozilla autopush) — to deliver reminder notifications you have enabled. Only the notification payload and your browser-issued endpoint are involved.
Google LLC (Google Analytics 4) — aggregate site usage data only (anonymised IP, pages viewed, device type, session metadata). No personal identifiers are passed to Google. Subject to Google's privacy policy and Standard Contractual Clauses for non-EU transfers.

4.2 The Open Food Facts public product database

When you scan a barcode, we send the barcode digits only (no user identity, no IP-linkable data — the request is proxied through our server) to Open Food Facts' public API. The product data we display is licensed under the Open Database License (ODbL) with database contents under the Database Contents License; we attribute Open Food Facts as the source on every product confirmation screen. Open Food Facts has its own privacy practices governing its database.

4.3 Where required by law

For example, in response to a valid court order or law enforcement request, where we have a good-faith belief the disclosure is required.

4.4 In a business transfer

If Macrotrack is acquired, merged, or sells substantially all of its assets, your information may be transferred to the acquirer subject to this Policy continuing to apply.

We do NOT sell your personal information, and we do NOT share it for cross-context behavioural advertising.

5. Cross-border data transfers

The Service is hosted in AWS Sydney (ap-southeast-2). Most of your personal information stays in Australia. The following limited categories may be processed overseas:

Stripe's processing may involve servers in the United States (subject to Stripe's standard contractual clauses and certifications).
Web Push delivery is routed through the operator of your browser's push service (Apple, Google, or Mozilla), which may process the push endpoint and notification payload in the United States or Europe.
Google Analytics 4 processes aggregated session data on Google's global infrastructure, primarily in the United States. IP anonymisation is enabled so Google never receives a complete IP address.

By using the Service you consent to these overseas processings.

6. How long we keep it

Account data and your diary: for as long as your account is open. When you close your account from the Settings screen, your sign-in, profile, food logs, weight entries, water entries, saved meals, and favourites are permanently deleted from our active databases within minutes. Deletion is irreversible — we don't maintain a recovery window. Backups containing your data are retained by AWS for up to 35 days as part of standard infrastructure resilience and then expire; we do not restore from these backups for account-recovery requests.
Stripe payment records: retained by Stripe and by us for at least 7 years for Australian tax law compliance.
Web server logs: up to 90 days.
Photos and AI inputs: not retained — discarded after the AI response is generated.

7. Security

All traffic to the Service is encrypted in transit using HTTPS (TLS 1.2+).
Data at rest is encrypted using AWS-managed keys (DynamoDB, Cognito).
Passwords and PINs are stored only as salted, irreversible hashes — we cannot recover them; you must reset.
Access to production systems is restricted to authorised personnel via IAM and multi-factor authentication.
We follow the principle of least privilege for all service-to-service access.

No system is perfectly secure. We will notify you and the Office of the Australian Information Commissioner (OAIC) of any data breach that is likely to result in serious harm, in accordance with the Notifiable Data Breaches scheme.

8. Your rights

Under the APPs (and similar rights under the GDPR / UK GDPR / CCPA), you can:

Access — request a copy of the personal information we hold about you.
Correct — ask us to correct information that is wrong, out of date, or incomplete. You can edit most fields yourself in the app.
Delete — close your account from Settings, or email us. Deletion is permanent.
Export — export your diary data at any time as JSON or CSV from the Settings screen.
Withdraw consent — turn off reminders in Settings.
Complain — if you believe we have mishandled your information, email us first (support@macrotrack.com.au). If you are not satisfied with our response, you can complain to the OAIC at oaic.gov.au. EU/UK users can complain to their local supervisory authority.

We will respond to your request within 30 days.

9. Children

Macrotrack is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information to us, please email us so we can delete it.

10. Cookies and similar technologies

The Service uses the following cookies and local storage:

Google Analytics 4 cookies (_ga, _ga_<ID>) — set by Google's gtag.js to distinguish unique users and sessions for aggregate analytics. First-party (set on macrotrack.com.au), 13-month expiry. No cross-site behavioural tracking.

Beyond GA4 we do not use third-party tracking or advertising cookies. The Service also uses:

First-party cookies set by AWS Cognito to keep you signed in.
localStorage on your browser to cache your diary so the Service works offline (see 1.8).
Service worker caching of static assets, for the PWA experience.

You can clear these at any time via your browser's privacy settings. Clearing them will sign you out and discard your offline cache; your data on our servers is unaffected.

11. Changes to this Policy

We will update this Policy from time to time. Material changes will be notified by email to your account address or via an in-app notice at least 14 days before they take effect. The "Last updated" date at the top of this Policy will always reflect the most recent revision.

12. Contact

Macrotrack — David Lewis
Email: support@macrotrack.com.au
ABN 70 249 019 578
Address: Western Australia 6028, Australia

For users in the EU or UK, we do not have an EU/UK representative because our activities are not directed at the EU/UK market. If you are an EU/UK data subject and wish to exercise your rights, please contact us using the details above.

For California residents: we do not sell or share personal information as those terms are defined in the CCPA/CPRA. You may exercise your rights to know, delete, correct and opt-out via the same contact details above.