Lio Logo
Lio

Lio

Privacy Policy

Effective Date: March 17, 2026

Overview

Lio (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our mobile application and services.

Information We Collect

Information You Provide

  • Account Information: Email address, name, and profile details
  • Health & Nutrition Data: Meal logs, dietary preferences, goals, weight entries, and health metrics
  • User Content: Food descriptions, meal photos, and chat messages

Information Collected Automatically

  • Usage Data: App interactions, feature usage, screen views, and session information
  • Device Information: Device type, operating system, app version, and device identifier
  • Coarse Location: Country and region based on IP address (not GPS)
  • Audio Recordings: Voice recordings for meal logging (processed and immediately deleted)
  • Photos: Food and menu images for nutrition analysis

Health Data (Apple HealthKit / Google Health Connect)

With your explicit permission, we may read:

  • Exercise Data: Active calories burned, steps, and exercise sessions

This data is used solely to provide personalized nutrition recommendations based on your activity level. When Health Sync is enabled, we sync exercise summaries and workout metadata to our servers (Supabase) so you can view history and insights across devices. Our app only reads data from Apple HealthKit and Google Health Connect — it never writes to them. Health data is not used for advertising, is not stored in iCloud, and is not sold or shared with third parties.

How We Use Your Information

We use your information to:

  • Provide AI-powered nutrition analysis and recommendations
  • Process voice recordings to identify meals and nutrition information
  • Analyze food photos to estimate nutrition content
  • Track your progress toward health goals
  • Personalize your experience based on dietary preferences
  • Send push notifications (meal reminders, streak alerts, achievements)
  • Improve our AI models and app functionality
  • Analyze app usage to improve features (via analytics)

Permissions We Request

Camera Permission

  • Purpose: Take photos of food and menus for nutrition analysis
  • Data Handling: Images are processed by our AI service and may be temporarily stored for analysis
  • Your Control: You can deny this permission, but photo analysis features won't work

Microphone Permission

  • Purpose: Record voice descriptions of meals for hands-free logging
  • Data Handling: Audio is processed by our AI service, converted to text, then immediately deleted
  • Your Control: You can deny this permission, but voice input features won't work

Photo Library Permission

  • Purpose: Select photos from your gallery for meal analysis
  • Data Handling: Only images you explicitly select are processed
  • Your Control: You can manage this permission in your device settings

Health Data Permission (HealthKit / Health Connect)

  • Purpose: Read exercise data to personalize nutrition recommendations
  • Data Handling: When Health Sync is enabled, exercise data is synced to and stored on our servers with your account
  • Your Control: You can revoke this permission at any time in your device settings

Push Notifications Permission

  • Purpose: Send meal reminders, streak alerts, and achievement notifications
  • Data Handling: Push tokens are stored securely to deliver notifications
  • Your Control: You can disable notifications in the app settings or device settings

Third-Party Services

We use the following third-party services to provide and improve our app:

AI Service Provider

  • Google Gemini: Processes voice recordings, images, and chat messages for nutrition analysis
  • Data Shared: Voice audio, meal photos, text descriptions
  • Purpose: AI-powered food recognition and nutritional analysis

Authentication & Database

  • Supabase: Secure account management and data storage
  • Data Shared: Account information, meal logs, user preferences
  • Purpose: User authentication and data persistence

Analytics

  • Amplitude: Anonymous usage analytics to improve the app
  • Data Collected: Device ID, app interactions, feature usage, coarse location (country/region from IP)
  • Purpose: Understanding how users interact with the app to improve features
  • Note: Analytics data is not used for advertising or tracking across other apps

Push Notifications

  • Expo Push Notification Service: Delivers push notifications to your device
  • Data Shared: Push token, notification content
  • Purpose: Delivering timely reminders and updates

Data Sharing

We DO NOT sell your personal information. We only share data with the third-party services listed above, and only as necessary to provide app functionality. All third-party providers are contractually obligated to protect your data.

Data Security

We implement industry-standard security measures:

  • End-to-end encryption for data transmission (HTTPS/TLS)
  • Secure cloud storage with Row Level Security (RLS)
  • Regular security audits and updates
  • Voice recordings are processed and immediately deleted
  • Meal photos are stored securely with signed URLs

Your Rights

You have the right to:

  • Access: View all your personal data stored in the app
  • Correct: Update inaccurate information in your profile
  • Delete: Delete your account and all associated data
  • Export: Request a copy of your data
  • Opt Out: Disable analytics, notifications, or specific features
  • Revoke Permissions: Withdraw camera, microphone, or health data access at any time

To exercise these rights, contact us at privacy@heylio.ai or use the in-app account deletion feature.

Data Retention

  • Account Data: Retained while your account is active
  • Meal Logs: Retained to provide historical tracking and insights
  • Chat History: Retained to provide context for AI conversations
  • Voice Recordings: Processed immediately and deleted (not stored)
  • Photos: Stored securely for meal history; deleted when you delete the meal or account
  • Exercise Data: Stored with your account to power insights; deleted when you delete your account
  • Analytics Data: Retained by Amplitude per their data retention policy

When you delete your account, all personal data is permanently removed from our systems within 30 days.

Children's Privacy

Lio is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it immediately.

International Users

Your data may be processed in the United States and European Union where our service providers operate. By using Lio, you consent to the transfer of your information to these jurisdictions.

Updates to This Policy

We may update this Privacy Policy periodically. We'll notify you of significant changes through the app or email. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or your data:

Compliance

This policy complies with:

  • Apple App Store Guidelines
  • Google Play Developer Policy
  • California Consumer Privacy Act (CCPA)
  • General Data Protection Regulation (GDPR)
  • Children's Online Privacy Protection Act (COPPA)
← Back to Home