Privacy Policy for Zaad
Last Updated: June 28, 2026
Introduction
Zaad ("we," "our," or "us") is an AI nutrition and weight-management app for
the Gulf region and beyond. We are committed to protecting your privacy. This Privacy
Policy explains how we collect, use, disclose, and safeguard your information when you
use our mobile application Zaad (the "App") on iOS and Android.
By using the App, you agree to the collection and use of information in accordance with
this policy. If you do not agree, please do not use the App.
Information We Collect
Information You Provide Directly
- Account Information: Email address, display name, and authentication identifiers.
If you sign in with Apple or Google, we receive the identifiers those services share
(and, with "Sign in with Apple," a private relay email if you choose to hide yours).
- Profile & Health Metrics: Age, gender, height, weight, activity level, goals,
dietary and cultural food preferences, and the onboarding questionnaire responses.
- Nutrition Data: Meals and foods logged, calories, macronutrients, water intake.
- Exercise Data: Workouts, types, duration, and calories burned.
- Weight & Goals: Weight entries and target weight.
- GLP-1 Companion Data (optional): If you use the GLP-1 module, the medication you
select, your dose, injection schedule/reminders, and the side-effects and appetite
you log during check-ins. This is sensitive health data; you choose whether to
provide it, and you can delete it at any time.
- Food Photos: Photos you capture for AI meal analysis. A small compressed
thumbnail may be stored with your meal entry so you can see it in your log.
- Support Communications: Messages you send us.
Information Collected Automatically
- Device Information: Device type, operating system, and app version.
- Usage & Diagnostics: Features used and interaction patterns (analytics), plus
crash and error reports to keep the App stable.
Information from Connected Services (only with your permission)
- Apple HealthKit (iOS) / Health Connect (Android): Steps, weight, sleep, heart
rate, and active energy — read only if you explicitly grant access.
- Firebase Authentication: Authentication tokens and user identifiers.
- Subscriptions: When you purchase a subscription, the Apple App Store or Google
Play processes your payment. We and our subscription provider (RevenueCat) receive
your purchase and entitlement status (e.g., which tier is active, trial/renewal
state) — we never receive your full card or bank details.
How We Use Your Information
- Provide Core Services: Track nutrition, weight, exercise, water, and (optionally)
your GLP-1 journey.
- AI-Powered Features: Generate coaching replies, daily insights, meal plans, parse
meal descriptions, and analyze food photos. To do this, relevant profile and recent
logged data are sent to our AI service to produce a personalized response.
- Personalization & Progress: Tailor the experience and show progress over time.
- Reminders: Local notifications you enable (e.g., GLP-1 injection-day reminders).
- Subscription Management: Unlock premium features and manage trials/renewals.
- App Improvement, Support, Security, and Legal Compliance.
Important: AI-generated content — including GLP-1 educational content — is for
informational and wellness purposes ONLY and is not medical advice. We never tell
you to start, stop, or change a medication or dose; those decisions belong to you and
your prescriber.
AI Processing
Our AI features are served by our own backend (hosted on Google Cloud in the
me-central1 / Doha region) which uses Google's Gemini models to generate text and
analyze food photos. Data sent for AI processing is used to produce your response and
is not used by us to build advertising profiles.
Data Storage and Security
Where We Store Your Data
- Google Firebase (Firestore, Authentication, Storage, Cloud Messaging,
Crashlytics, Analytics): Accounts, logged data, and food-photo thumbnails.
- Local Device Storage: An on-device database caches your data for offline use.
Security Measures
Encryption in transit (HTTPS/TLS), authenticated access to our backend (every AI
request requires a verified sign-in token), scoped database/storage rules so you can
only read and write your own data, and platform-standard secure storage.
Data Retention
- Active Accounts: Retained while your account is active.
- Account Deletion: Your data is deleted within 30 days of a deletion request.
- Food-Photo Thumbnails: Automatically deleted by a storage lifecycle rule within
90 days.
- Crash Logs: Retained up to 90 days for debugging.
Data Sharing and Disclosure
We Do NOT Sell Your Data
We do not sell, rent, or trade your personal information, and we do not share
your health data with advertisers. We do not use third-party advertising or
ad-tracking SDKs.
Apple HealthKit / Health Connect
Data read from HealthKit or Health Connect is used solely to provide App features. It
is never used for advertising or marketing, and is never sold or shared with
third parties. We only store what is needed to power the features you use.
Limited Sharing
We share information only with service providers that operate the App on our behalf —
Google Firebase (infrastructure, analytics, crash reporting), Google Gemini via our
backend (AI features), RevenueCat (subscription status), and Apple/Google for billing
— and where required by law, to protect safety, in a business transfer (with notice),
or with your consent.
Your Rights and Choices
You can access, correct, export, restrict, or delete your data:
- In-App: Edit your profile; manage units, language, and connected services in
Settings; delete your account under Settings > Account.
- Email: privacy@zaadhealth.com
You can opt out of push notifications (device settings), and disable Health access at
any time in your device's privacy settings.
Children's Privacy
Zaad is not intended for children under 13 (or under the minimum age in
your country, e.g., 16 in parts of the EU). We do not knowingly collect data from
children. Contact privacy@zaadhealth.com if you believe a child has provided data.
International Data Transfers
Your information may be processed in countries other than your own. For users in the
Gulf, AI processing is performed in the me-central1 (Doha) region where feasible. Where
data is transferred internationally, we rely on appropriate safeguards such as standard
contractual clauses and data-processing agreements with our providers.
Regional Privacy Rights
Gulf Cooperation Council (UAE & Saudi PDPL, and similar)
If you are in the UAE, Saudi Arabia, or another GCC country, you have rights under
applicable Personal Data Protection Laws (PDPL), including rights to access, correct,
and delete your personal data and to withdraw consent. Contact us to exercise them.
European Union / EEA / UK (GDPR)
You have rights to information, access, rectification, erasure, restriction,
portability, objection, and rights related to automated decision-making. Our legal
bases are contract performance, legitimate interests, consent (optional features), and
legal obligations.
California (CCPA/CPRA)
You may know what is collected, access and delete it, and opt out of sale (we do not
sell). We will not discriminate against you for exercising these rights.
Health Information Disclaimer
- Zaad is a wellness and fitness application, not a medical device or
healthcare provider, and the GLP-1 module is an educational and tracking companion —
not a prescriber.
- AI-generated insights are for informational purposes ONLY and are not medical advice,
diagnosis, or treatment.
- We are not a HIPAA-covered entity and do not represent the App as "HIPAA
compliant." We nonetheless treat your health data as sensitive and minimize what we
collect.
- Always consult qualified healthcare professionals before making health decisions, and
in an emergency contact emergency services immediately.
Changes to This Privacy Policy
We may update this policy and will revise the "Last Updated" date, post the new policy
in the App, and notify you of material changes.
Contact Us
This Privacy Policy is effective as of June 28, 2026. Pending legal review and Arabic
localization before public release.