1. Who we are
Toast is operated by Ericeria Labs, a sole proprietor in Thailand, operating under the trade name "Ericeria Labs", based in Bangkok, Thailand.
For any privacy-related question, email hello@ericerialabs.com.
2. What we collect
We collect only what we need to run the Service:
| Category | Examples | Why |
|---|---|---|
| Account identifier | An anonymous user ID generated on first launch. Optionally a hashed Apple Sign-In identifier if you choose to sign in. | To save your meals and settings across sessions and devices. |
| Plan data | Onboarding answers (age, height, weight, goal, dietary preferences, activity level), daily calorie and macro targets. | To personalize your plan. |
| Food log | Meals you log, photos you scan, manual entries, corrections you make. | The core feature of the Service. |
| Health data | If you grant access, we read step count, active energy, basal energy, and body mass from Apple Health on your device. | To calculate your daily energy balance. |
| Subscription status | Whether your subscription is active, in trial, or expired. | To unlock paid features. Payment details never reach us — Apple processes the purchase. |
| Diagnostic data | Anonymous app version, OS version, performance and error events. | To find and fix bugs. Contains no personal data. |
What we do NOT collect
- We do not access your contacts, location, microphone, calendar, or browsing history.
- We do not collect names, phone numbers, or postal addresses.
- We do not store your photos after they are processed (see §3).
- We do not link your activity to any advertising identifier.
3. How food photos are handled
When you scan a meal, the photo is sent to a vision-processing service so the app can identify the dish and estimate its nutrition. The photo is processed in transit and is not retained on our servers after the response is returned to your device. A small thumbnail may be stored on your device only to display the meal back to you in your food log; you can delete it at any time by deleting the meal entry.
We never use your food photos to train AI models without your explicit, separate consent.
4. Who else processes your data
We use a small number of trusted third-party service providers to operate Toast. We do not name them publicly to reduce abuse risk, but we choose them on the basis of strong security and privacy practices, and we share only the data each provider needs to perform its function. Categories include:
- Cloud infrastructure to host your account and food log
- Subscription management to validate App Store purchases
- Vision processing to identify food in photos
- Product analytics to understand which features are used (no personal data)
- Crash reporting to find bugs
A full list is available on request — contact hello@ericerialabs.com.
Some of these providers process data outside Thailand, including in Singapore, the European Union, and the United States. Where required, we rely on standard contractual clauses or equivalent safeguards.
5. How long we keep your data
| Data | Retention |
|---|---|
| Active account | While your account is active |
| After account deletion | Purged within 30 days |
| Encrypted backups | Up to 90 days after deletion |
| Diagnostic logs | Up to 90 days |
| Anonymized aggregate statistics | Indefinitely (no link to you) |
You can delete your account at any time from the in-app Settings or by emailing hello@ericerialabs.com.
6. Your rights
Depending on where you live, you have one or more of the following rights:
- Access a copy of your data
- Correct inaccurate data
- Delete your data
- Export your data in a portable format
- Restrict or object to processing
- Withdraw any consent you gave
- Lodge a complaint with your local data-protection authority (in Thailand, the Personal Data Protection Committee; in the EU/UK, your national data-protection authority)
To exercise any of these rights, email hello@ericerialabs.com. We will respond within 30 days. See Your Data Rights for the full process.
7. Children
Toast is not intended for children under 13. We do not knowingly collect data from anyone under 13. The App Store rates Toast 17+; users between 13 and 17 should use the app only with parental consent.
8. Security
We use industry-standard security practices, including encryption in transit (TLS) and at rest, row-level access controls, and regular security reviews. No system is ever fully secure; report suspected vulnerabilities to hello@ericerialabs.com.
9. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced in the app and at toasthealth.app/privacy at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.
10. Contact
- Privacy inquiries: hello@ericerialabs.com
- General support: hello@ericerialabs.com
- Postal: Ericeria Labs, Bangkok, Thailand