Privacy Policy

Effective date: 28 February 2026  ·  Last updated: 28 February 2026

YumYummy ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, and what rights you have in relation to it. It applies to all users of the YumYummy Telegram bot (@yum_yummybot) (the "Service").

1. Data Controller

The data controller responsible for your personal data is:

• Name / Brand: YumYummy
• Location: United Arab Emirates
• Email: nikikurb@gmail.com
• Phone / WhatsApp: +971 50 828 9351

2. Data We Collect

2.1 Data You Provide Directly

• Telegram user ID and username — used to identify and link your account.
• Profile information — age, height, weight, biological sex, activity level, and nutritional goals, which you provide during the onboarding process.
• Meal log entries — descriptions of food and drink you submit (text, voice transcriptions, or product barcodes).
• Saved meals — meals you choose to save for quick re-logging.
• Timezone preference — to display daily summaries correctly.
• Photos — barcode images you send to the bot for product recognition. These are not permanently stored after processing.
• Voice messages — audio files you send for speech-to-text transcription. Audio is sent to our transcription provider and is not permanently stored after the transcript is generated.

2.2 Data Collected Automatically

• Technical logs — server-side logs including timestamps and error traces, used for debugging and service monitoring. These logs do not include message content.

2.3 Payment Data

We do not collect, process, or store your payment card details. All payments are processed directly by our Merchant of Record, Paddle.com. We receive only a notification that a subscription has been activated, renewed, or cancelled, along with an anonymised subscription identifier and your email address (provided to Paddle at checkout). Please review Paddle's Privacy Policy for details of how they handle your payment data.

3. How We Use Your Data

We will never sell your personal data to third parties.

4. Sub-processors & Third Parties

We share data with the following third parties only as necessary to provide the Service:

• Paddle.com (payment processing and subscription management) — receives your email address and subscription status. Privacy Policy
• OpenAI, L.L.C. (AI-powered meal parsing, restaurant nutrition lookup, voice transcription) — receives meal description text and transcribed audio content. Data is processed under OpenAI's API data processing agreement; your data is not used to train OpenAI's public models. Privacy Policy
• Cloud hosting provider (servers where the Service backend and database are hosted) — processes all data as a data processor on our behalf. We use providers that maintain appropriate security standards.
• Redis Labs / equivalent (in-memory session storage) — stores temporary bot session state (not permanent personal data); data expires within the session.

5. Data Retention

• Account and meal log data — retained while your account is active, and for up to 90 days after account deletion to allow for dispute resolution, after which it is permanently deleted.
• Voice audio files — deleted immediately after transcription; we do not store raw audio.
• Barcode images — deleted immediately after product recognition; we do not store product photos.
• Technical logs — retained for up to 90 days, then deleted automatically.
• Subscription transaction records — retained for up to 7 years as required by applicable financial and tax regulations.

6. Data Security

We use industry-standard security practices including:

• HTTPS/TLS encryption for all data in transit;
• Encrypted database connections;
• Access control — only the Service operator has access to production data;
• Regular security reviews of our infrastructure.

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Rights

Depending on applicable law, you may have the right to:

• Access — request a copy of the personal data we hold about you;
• Rectification — ask us to correct inaccurate data;
• Erasure ("right to be forgotten") — ask us to delete your data. You can initiate this by contacting us at the email below;
• Portability — request your meal log data in a machine-readable format (CSV export is available directly in the bot via the Export function);
• Objection / Restriction — object to certain processing or request that we restrict processing in specific circumstances.

To exercise any of these rights, contact us at nikikurb@gmail.com. We will respond within 30 days.

8. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately and we will delete that information.

9. International Data Transfers

Your data may be processed in countries outside your country of residence, including the United States (OpenAI servers) and the European Union (some cloud infrastructure). We take steps to ensure that international transfers are protected by appropriate safeguards (such as standard contractual clauses or equivalent mechanisms).

10. Cookies

The bot itself does not use cookies. This legal website (the page you are reading now) does not set any cookies or use analytics tracking.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the Service or by email before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

12. Contact

For any privacy-related questions, data requests, or complaints, please contact:

• Email: nikikurb@gmail.com
• Phone / WhatsApp: +971 50 828 9351