Back to home

Privacy Policy

Last updated: June 4, 2026

Welldr is a tracker for supplements, nutrition and recovery. This policy explains what we collect, why, and the control you have. The short version: we run no ads, analytics or trackers; we analyse your meal photos but don't keep them; we read recovery data only from connections you grant; and you can delete everything whenever you like.

1. Who we are

The controller of your personal data is Edward Baltaza (sole proprietorship), NIP 8212577665, ul. Lindleya 16, 02-013 Warsaw, Poland — trading as Welldr., a Monaro Studio product. You can reach us about anything in this policy at [email protected].

"Welldr", "we", "us" and "our" mean the controller above. "App" means the Welldr mobile application for iOS (Android planned). "You" means the person using the App.

2. The data we process

What we hold depends on how you use the App:

  • Account & identity. Your email address and a password (handled by our authentication provider — we never see or store your password ourselves), plus a unique account identifier and your subscription tier. This is required to create an account and sign in.
  • Profile & goals. Your display name and initials, and the targets that drive your protocol — such as your daily calorie and macro goals and related preferences.
  • Your stack. The supplements you track, their doses, schedules and the adherence history you build by marking items taken.
  • Nutrition data. The meals you log and their computed nutrition (foods, calories and macros). When you log a meal by photo, the image is processed to produce that breakdown and is not retained afterwards (see §4).
  • Recovery & health data. If you connect Whoop or Apple Health, the recovery, sleep, heart-rate-variability, resting-heart-rate and activity figures we read to show your recovery overview. This can include health-related information (see §5 on legal bases).
  • Recommendations. For Premium, we derive supplement suggestions from your profile, current stack and (where connected) recovery signals. We store the resulting recommendations against your account.
  • Support messages. If you email us, we keep the message and your contact details so we can help and keep a record of the request.
  • Limited technical data. Our backend processes the standard connection data needed to operate and secure a network service (such as IP address and timestamps in server logs), and basic rate-limiting counters for features like photo analysis.

3. What we do not do

We've kept Welldr deliberately quiet:

  • No advertising and no ad networks.
  • No third-party analytics, telemetry or tracking SDKs. Welldr contains no Google Analytics, Facebook SDK, Sentry, Firebase Analytics, or similar.
  • No advertising identifiers and no cross-app tracking. We don't access the IDFA/GAID and don't show an App Tracking Transparency prompt because we don't track you.
  • We never sell or rent your personal data, and we don't share it for advertising.
  • We don't keep your meal photos. They're used only to compute a meal's nutrition and are discarded after analysis.

4. Meal photos & AI analysis

Logging a meal by photo is optional. When you use it, the image is sent — over an encrypted connection, through our backend — to Google's Gemini generative-AI service, which returns a structured estimate of the foods and their nutrition. We then store that structured result against your account so it appears in your log. We do not store the photo, and the analysis is used to provide the feature to you — not to advertise to you or to train our own models. Nutrition figures returned this way are estimates.

5. Why we process it (legal bases)

Where the GDPR applies, we rely on:

  • Performance of a contract (Art. 6(1)(b)). Creating and running your account, providing the App's features (your protocol, stack, meal logging and the supplement reference), and supporting you.
  • Consent (Art. 6(1)(a), and Art. 9(2)(a) for health data). Connecting Whoop or Apple Health and processing the recovery and health-related data this provides, and sending a meal photo for analysis. You can withdraw consent at any time by disconnecting the source or not using the feature.
  • Legitimate interests (Art. 6(1)(f)). Keeping the service secure, preventing abuse (including rate-limiting), and maintaining reliability.
  • Legal obligations (Art. 6(1)(c)). Complying with applicable law, including responding to valid requests.

6. Service providers

We use a small number of trusted providers to run the App:

  • Supabase — our backend for authentication, for storing your account, stack, nutrition and recovery data, and for the server functions that power meal analysis and recommendations.
  • Google — its Gemini API analyses the meal photos you submit and returns a nutrition breakdown (see §4).
  • Whoop and Apple Health — sources you can connect so the App can read your recovery, sleep and heart-rate data. We read from them only; we don't write data back.
  • Apple and Google — the App Store and Google Play distribute the App and handle subscription billing; their operating systems mediate the health connections and the share sheet.

We share only the minimum needed for these services to function, and only when the relevant feature is used.

7. Payments

Welldr Premium is billed through the Apple App Store or Google Play. We don't receive or store your card details — the store handles the transaction and tells us only whether your subscription is active. Manage or cancel a subscription in your App Store / Google Play account settings.

8. International transfers

Depending on provider configuration, your data may be processed in the European Union or in other countries (for example, AI analysis by Google may occur outside the EEA). Where data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

9. How long we keep it

  • Your account data (profile, stack, nutrition, recovery and recommendations) is kept while your account is active.
  • Meal photos are not retained beyond the moment of analysis.
  • When you delete your account, we delete your data from our backend (see §11). Residual copies in routine encrypted backups age out within a limited technical window.
  • Support emails are kept only as long as needed to handle your request and our records.

10. Your rights

Subject to your location and applicable law, you have rights over your personal data. Under the GDPR (EEA/UK) these include access, rectification, erasure, restriction, objection, portability, and the right to withdraw consent — and to lodge a complaint with a supervisory authority; in Poland, the President of the Personal Data Protection Office (UODO).

If you are a California resident, the CCPA/CPRA gives you the right to know what we collect, to access and delete it, to correct it, and to opt out of "sale" or "sharing" of personal information — and we do not sell or share your personal information.

You can exercise most rights directly in the App (edit your profile, disconnect a health source, or delete your account). For anything else, email [email protected] and we'll respond within the time the law requires. We won't discriminate against you for exercising a right.

11. Deleting your account & data

You can delete your account at any time inside the App, under Account. When you confirm:

  • we permanently delete your account and your data from our backend — your profile, your stack and adherence history, your logged meals and nutrition, your recovery data and your saved recommendations;
  • your sign-in is removed so the account can no longer be used; and
  • any health connection you granted stops being read.

If you can't access the App but want your account removed, email [email protected] from your account address and we'll handle it.

12. Children

Welldr is intended for adults managing their own supplements and nutrition. It is not directed at children under 13 (or under the minimum age of digital consent in your country, which can be up to 16 in the EEA), and we don't knowingly collect their data. If you believe a child has provided us personal data, contact us and we'll delete it.

13. Security

Data sent between the App, our backend and the services above is protected in transit with TLS, your data is scoped to your account, and our backend runs on managed, access-controlled infrastructure. No method of storage or transmission is perfectly secure, but we work to protect your data and keep what we hold to a minimum.

14. Changes to this policy

We may update this policy for legal or product reasons. We'll change the "last updated" date above and, for material changes, give notice in the App. Continuing to use Welldr after an update means you accept the revised policy.

15. Contact

Questions about privacy or your data? Email [email protected] — we read every message.