Privacy Policy for Zaad

Last Updated: June 28, 2026

Introduction

Zaad ("we," "our," or "us") is an AI nutrition and weight-management app for the Gulf region and beyond. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application Zaad (the "App") on iOS and Android.

By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the App.

Information We Collect

Information You Provide Directly

• Account Information: Email address, display name, and authentication identifiers. If you sign in with Apple or Google, we receive the identifiers those services share (and, with "Sign in with Apple," a private relay email if you choose to hide yours).
• Profile & Health Metrics: Age, gender, height, weight, activity level, goals, dietary and cultural food preferences, and the onboarding questionnaire responses.
• Nutrition Data: Meals and foods logged, calories, macronutrients, water intake.
• Exercise Data: Workouts, types, duration, and calories burned.
• Weight & Goals: Weight entries and target weight.
• GLP-1 Companion Data (optional): If you use the GLP-1 module, the medication you select, your dose, injection schedule/reminders, and the side-effects and appetite you log during check-ins. This is sensitive health data; you choose whether to provide it, and you can delete it at any time.
• Food Photos: Photos you capture for AI meal analysis. A small compressed thumbnail may be stored with your meal entry so you can see it in your log.
• Support Communications: Messages you send us.

Information Collected Automatically

• Device Information: Device type, operating system, and app version.
• Usage & Diagnostics: Features used and interaction patterns (analytics), plus crash and error reports to keep the App stable.

Information from Connected Services (only with your permission)

• Apple HealthKit (iOS) / Health Connect (Android): Steps, weight, sleep, heart rate, and active energy — read only if you explicitly grant access.
• Firebase Authentication: Authentication tokens and user identifiers.
• Subscriptions: When you purchase a subscription, the Apple App Store or Google Play processes your payment. We and our subscription provider (RevenueCat) receive your purchase and entitlement status (e.g., which tier is active, trial/renewal state) — we never receive your full card or bank details.

How We Use Your Information

• Provide Core Services: Track nutrition, weight, exercise, water, and (optionally) your GLP-1 journey.
• AI-Powered Features: Generate coaching replies, daily insights, meal plans, parse meal descriptions, and analyze food photos. To do this, relevant profile and recent logged data are sent to our AI service to produce a personalized response.
• Personalization & Progress: Tailor the experience and show progress over time.
• Reminders: Local notifications you enable (e.g., GLP-1 injection-day reminders).
• Subscription Management: Unlock premium features and manage trials/renewals.
• App Improvement, Support, Security, and Legal Compliance.

Important: AI-generated content — including GLP-1 educational content — is for informational and wellness purposes ONLY and is not medical advice. We never tell you to start, stop, or change a medication or dose; those decisions belong to you and your prescriber.

AI Processing

Our AI features are served by our own backend (hosted on Google Cloud in the me-central1 / Doha region) which uses Google's Gemini models to generate text and analyze food photos. Data sent for AI processing is used to produce your response and is not used by us to build advertising profiles.

Data Storage and Security

Where We Store Your Data

• Google Firebase (Firestore, Authentication, Storage, Cloud Messaging, Crashlytics, Analytics): Accounts, logged data, and food-photo thumbnails.
• Local Device Storage: An on-device database caches your data for offline use.

Security Measures

Encryption in transit (HTTPS/TLS), authenticated access to our backend (every AI request requires a verified sign-in token), scoped database/storage rules so you can only read and write your own data, and platform-standard secure storage.

Data Retention

• Active Accounts: Retained while your account is active.
• Account Deletion: Your data is deleted within 30 days of a deletion request.
• Food-Photo Thumbnails: Automatically deleted by a storage lifecycle rule within 90 days.
• Crash Logs: Retained up to 90 days for debugging.

Data Sharing and Disclosure

We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information, and we do not share your health data with advertisers. We do not use third-party advertising or ad-tracking SDKs.

Apple HealthKit / Health Connect

Data read from HealthKit or Health Connect is used solely to provide App features. It is never used for advertising or marketing, and is never sold or shared with third parties. We only store what is needed to power the features you use.

Limited Sharing

We share information only with service providers that operate the App on our behalf — Google Firebase (infrastructure, analytics, crash reporting), Google Gemini via our backend (AI features), RevenueCat (subscription status), and Apple/Google for billing — and where required by law, to protect safety, in a business transfer (with notice), or with your consent.

Your Rights and Choices

You can access, correct, export, restrict, or delete your data:

• In-App: Edit your profile; manage units, language, and connected services in Settings; delete your account under Settings > Account.
• Email: privacy@zaadhealth.com

You can opt out of push notifications (device settings), and disable Health access at any time in your device's privacy settings.

Children's Privacy

Zaad is not intended for children under 13 (or under the minimum age in your country, e.g., 16 in parts of the EU). We do not knowingly collect data from children. Contact privacy@zaadhealth.com if you believe a child has provided data.

International Data Transfers

Your information may be processed in countries other than your own. For users in the Gulf, AI processing is performed in the me-central1 (Doha) region where feasible. Where data is transferred internationally, we rely on appropriate safeguards such as standard contractual clauses and data-processing agreements with our providers.

Regional Privacy Rights

Gulf Cooperation Council (UAE & Saudi PDPL, and similar)

If you are in the UAE, Saudi Arabia, or another GCC country, you have rights under applicable Personal Data Protection Laws (PDPL), including rights to access, correct, and delete your personal data and to withdraw consent. Contact us to exercise them.

European Union / EEA / UK (GDPR)

You have rights to information, access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making. Our legal bases are contract performance, legitimate interests, consent (optional features), and legal obligations.

California (CCPA/CPRA)

You may know what is collected, access and delete it, and opt out of sale (we do not sell). We will not discriminate against you for exercising these rights.

Health Information Disclaimer

• Zaad is a wellness and fitness application, not a medical device or healthcare provider, and the GLP-1 module is an educational and tracking companion — not a prescriber.
• AI-generated insights are for informational purposes ONLY and are not medical advice, diagnosis, or treatment.
• We are not a HIPAA-covered entity and do not represent the App as "HIPAA compliant." We nonetheless treat your health data as sensitive and minimize what we collect.
• Always consult qualified healthcare professionals before making health decisions, and in an emergency contact emergency services immediately.

Changes to This Privacy Policy

We may update this policy and will revise the "Last Updated" date, post the new policy in the App, and notify you of material changes.

Contact Us

• Support: support@zaadhealth.com
• Privacy: privacy@zaadhealth.com

This Privacy Policy is effective as of June 28, 2026. Pending legal review and Arabic localization before public release.