Privacy Policy
Effective Date: May 22, 2026 · MRF Technologies, LLC (Babelphish)
This Privacy Policy describes how MRF Technologies, LLC (“Company,” “we,” “us,” or “our”), operating under the trade name Babelphish, collects, uses, and protects information in connection with our mobile applications and related services (the “Services”). By using the Services, you agree to the practices described here.
1. Information We Collect
Account Information. When you create an account, we collect your email address and a unique user identifier through Auth0, our authentication provider. We do not store passwords.
Meal and Nutrition Data. When you log a meal, we store your natural language description, the AI-estimated nutritional breakdown (calories, protein, carbohydrates, fat, and fiber), and the timestamp of the entry.
Water Intake Data. We store the number of glasses of water you log each day.
User Settings and Goals. We store your configured daily macro and nutrition targets.
Notification Preferences. If you enable meal reminders, we store your notification schedule preference.
Device and App Information. We may collect basic information such as operating system version and app version for diagnostic and compatibility purposes.
2. How We Use Your Information
- Provide, operate, and improve the Services
- Authenticate your identity and secure your account
- Process meal descriptions through AI to generate nutritional estimates
- Display your daily summaries, macro progress, and historical logs
- Sync your goals and settings across sessions
- Deliver optional meal reminder push notifications
- Diagnose technical issues and improve app performance
3. Data Storage and Security
Your data is stored in Amazon DynamoDB, hosted on Amazon Web Services (AWS) infrastructure in the United States. Meal descriptions submitted for AI parsing are transmitted to a third-party AI API — this processing occurs server-side through our AWS Lambda infrastructure. AI API credentials are stored in AWS Secrets Manager and are never exposed to client devices.
We implement reasonable technical and organizational safeguards to protect your data. However, no method of transmission or storage over the internet is 100% secure. We cannot guarantee absolute security.
4. Third-Party Services
We work with the following third-party service providers, each operating under its own privacy policy:
| Service | Purpose |
|---|---|
| Auth0 | User authentication and identity management |
| Amazon Web Services | Cloud infrastructure, data storage (DynamoDB), serverless compute (Lambda), and secrets management |
| Anthropic | AI-powered nutritional parsing |
We do not sell your personal information to any third party. We do not share your data with advertisers.
5. Data Retention
We retain your meal logs, water intake records, and settings for as long as your account is active or as needed to provide the Services. If you submit a verified data deletion request, we will delete your personal information within 30 days, except where we are required to retain it by law.
6. Account and Data Deletion
You have the right to request deletion of your account and all associated personal data at any time. We offer two ways to submit a deletion request:
- In-app: Navigate to Settings › Account › Delete Account within the Meal Tracker app.
- Web form: Submit a request using our Account Deletion Form.
Upon receiving a verified request, we will delete your personal data within 30 days and send a confirmation to your account email address.
What is deleted: your account credentials, all meal logs and nutritional data, water intake records, settings, goals, and notification preferences.
What may be retained: anonymized, aggregated data that cannot be linked to you; and records required for legal, tax, or compliance purposes for the period mandated by applicable law.
To request an export of your data before deletion, use the same Account Deletion Form and select “Export my data.”
7. Your Rights
Depending on your jurisdiction, you may have the following rights with respect to your personal data:
- Access — Request a copy of the personal data we hold about you
- Correction — Request correction of inaccurate or incomplete data
- Deletion — Request deletion of your personal data (see Section 6)
- Portability — Request your data in a structured, machine-readable format
- Restriction — Request that we limit processing of your data in certain circumstances
To exercise any of these rights, use our contact form or the Account Deletion Form where applicable.
8. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, use our contact form.
9. Children’s Privacy
The Services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Effective Date” at the top of this page. Your continued use of the Services after the updated policy takes effect constitutes your acceptance of the changes.
11. Contact
For privacy-related questions, data rights requests, or any other inquiries, please use our contact form.
MRF Technologies, LLC — Babelphish