PRIVACY POLICY

Last Updated: 18 February 2026

This Privacy Policy (the "Policy") describes how AIceberg Labs, Inc., a corporation organized and existing under the laws of the State of Delaware, United States of America, having its principal place of business at 651 N Broad St, Suite 201, Middletown, Delaware 19709, USA (the "Company", "we", "us"), acting as a data controller, collects, processes, stores, and protects personal data of individuals who access or use the Company's mobile applications, websites, platforms, and related services (collectively, the "Service").

The Service may include subscription-based digital products and features powered by artificial intelligence technologies, including tools that analyze user-provided information and generate automated informational outputs.

By accessing, downloading, installing, or using the Service, creating an account, purchasing a subscription, contacting support, or otherwise interacting with the Service, you acknowledge that you have read and understood this Policy.

If you do not agree to the terms of this Policy, please refrain from using the Service and do not submit personal data to us.

1. DEFINITIONS

For the purposes of this Privacy Policy, the following terms shall have the meanings set forth below, unless the context clearly indicates otherwise:

1.1 "Company," "we," "us," or "our" means AIceberg Labs, Inc., a corporation organized and existing under the laws of the State of Delaware, United States of America.

1.2 "Service" means the Company's mobile applications, websites, platforms, interfaces, features, tools, and related services provided by the Company, including subscription-based digital products and functionalities powered by artificial intelligence technologies.

1.3 "User," "you," or "your" means any individual who accesses, uses, or otherwise interacts with the Service.

1.4 "Personal Data" means any information that identifies or may reasonably be used to identify an individual, directly or indirectly, including but not limited to name, email address, IP address, device identifiers, location data, online identifiers, or any other information considered personal data under applicable data protection laws.

1.5 "Processing" means any operation or set of operations performed on Personal Data, whether by automated means or otherwise, including collection, recording, storage, use, disclosure, transmission, organization, analysis, restriction, erasure, anonymization, or destruction.

1.6 "Account" means a personal user account created by a User to access the Service, including subscription-related features and usage history.

1.7 "Subscription" means paid access to certain features or functionality of the Service provided on a recurring basis in accordance with the applicable subscription plan and the Terms of Service.

1.8 "User Input" means any data, materials, or information submitted by a User through the Service, including text entries, images, voice inputs, preferences, or other data used for analysis or generation of automated outputs.

1.9 "AI Insights" or "Output" means automated analytical results, informational suggestions, estimations, reports, or other outputs generated by the Service using artificial intelligence technologies based on User Input.

1.10 "Derived Data" means data, insights, estimations, classifications, or other information generated or inferred by the Service through automated analysis of User Input or usage of the Service, including statistical or analytical data created by artificial intelligence technologies.

1.11 "Health Data" means information relating to a User's nutrition, lifestyle habits, physical characteristics, or wellness-related metrics voluntarily provided by the User or inferred through automated analysis of User Input.

1.12 "Third Parties" means any individuals or entities other than the User or the Company, including payment processors, cloud service providers, analytics providers, authentication providers, and application distribution platforms.

1.13 "Applicable Law" means all laws, regulations, rules, and regulatory requirements applicable to the Company, the Service, or the User, including data protection and privacy laws.

2. GENERAL PROVISIONS

2.1 This Privacy Policy applies to all processing of Personal Data carried out by the Company in connection with the use of the Service by Users, regardless of the device, operating system, interface, or platform through which the Service is accessed.

2.2 The Company acts as a data controller with respect to the Personal Data processed in connection with the Service, unless expressly stated otherwise in this Privacy Policy or required by applicable law.

2.3 This Privacy Policy forms an integral part of the Terms of Service and shall be interpreted consistently therewith. In the event of any conflict between this Privacy Policy and the Terms of Service, the provisions of this Privacy Policy shall prevail with respect to matters of personal data protection and privacy.

2.4 By accessing or using the Service, you acknowledge that your Personal Data may be processed in accordance with this Privacy Policy. The Company processes Personal Data based on the legal bases described in Section 5 (Legal Bases for Processing), including performance of a contract, legitimate interests, compliance with legal obligations, and, where required, your consent. Certain processing activities, including automated analysis of User Input, may be carried out using artificial intelligence technologies.

2.5 The Company may update or modify this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or the functionality of the Service. Where required by applicable law, the Company will provide appropriate notice of material changes prior to such changes becoming effective.

2.6 Your continued use of the Service after the effective date of an updated Privacy Policy constitutes acknowledgment of the revised Policy, except where applicable law requires renewed consent or additional user action.

3. DATA WE COLLECT

The Company collects categories of Personal Data that are reasonably necessary to operate the Service, comply with legal obligations, and achieve the purposes described in this Privacy Policy.

3.1 We collect Personal Data that you voluntarily provide when you:
(i) create or use an Account;
(ii) purchase or manage a Subscription;
(iii) contact customer support or communicate with us.
Such information may include:
(iv) email address;
(v) user identifier (User ID);
(vi) information contained in support requests or communications;
(vii) subscription-related information (such as subscription type and status).
The Service does not require Users to provide their real name, phone number, or other additional identifying information.

3.2 When using the Service, you may submit User Input, including text entries, food photographs, voice inputs, dietary information, preferences, or other lifestyle-related data for the purpose of receiving automated analysis and informational outputs. User Input may include Personal Data or Health Data where voluntarily provided by you or inferred through automated processing of submitted information (for example, analysis of food images or nutritional patterns). You are solely responsible for ensuring that you do not submit Personal Data of third parties without proper legal authorization. The Company does not require or intentionally request sensitive Personal Data beyond what is necessary for the functionality of the Service.

3.3 When you access or use the Service, we automatically collect certain technical and usage information, including:
(i) IP address;
(ii) approximate location data (country and city level);
(iii) device information (device type, operating system, application version; desktop or mobile);
(iv) usage and interaction data within the Service;
(v) technical logs, crash reports, and performance diagnostics.
This information is used for analytics, security, troubleshooting, and Service improvement purposes.

3.4 All payments for Subscriptions are processed by third-party payment providers, including Apple App Store, Google Play Store, Stripe, or other authorized processors. The Company does not collect or store full payment card details. We may receive limited transactional data, such as payment confirmation, subscription status, and renewal dates, solely for accounting and access management purposes.

3.5 We may receive limited information from third parties in connection with your use of the Service, including:
(i) application distribution platforms (Apple App Store, Google Play Store);
(ii) analytics providers;
(iii) infrastructure and hosting providers.
Such data is processed in accordance with this Privacy Policy and applicable law.

4. HOW WE USE PERSONAL DATA

The Company uses Personal Data solely for purposes that are necessary to operate the Service, fulfill contractual obligations, and comply with applicable laws. Specifically, we use Personal Data for the following purposes:

4.1. Provision and Operation of the Service. To create and manage user Accounts, provide access to the Service, process User Input, perform automated analysis using artificial intelligence technologies, generate informational outputs and insights, and ensure the proper technical operation, availability, and functionality of the Service.

4.2. Subscription Management and Payment Processing. To process payments, manage Subscriptions, confirm transactions, enable subscription activation and renewal, maintain billing and account records, prevent fraudulent transactions, and ensure proper access to paid features of the Service. Payment processing is performed by authorized third-party payment providers and application distribution platforms, which process payment information in accordance with their own terms and privacy policies.

4.3. Analytics and Service Improvement. To analyze usage patterns, device and performance metrics, and interaction data in order to improve the quality, stability, security, and functionality of the Service, including improving automated systems and machine learning models used to operate the Service.

4.4. Communications and Notifications. To send service-related communications, including transactional emails, technical notices, security alerts, subscription updates, and responses to support inquiries. We use email communications primarily for notifications related to your use of the Service.

4.5. Security, Abuse Prevention, and Compliance. To detect, prevent, and respond to fraud, abuse, unauthorized access, or other misuse of the Service, and to comply with applicable legal obligations or enforce our agreements.

5. LEGAL GROUNDS FOR PROCESSING

The Company processes Personal Data in accordance with applicable data protection and privacy laws, including, where applicable, the General Data Protection Regulation (GDPR), the UK GDPR, applicable United States federal and state privacy laws (such as the California Consumer Privacy Act and similar laws), Canadian privacy legislation, and other relevant regulations. Depending on the context and applicable law, the Company relies on one or more of the following legal bases for processing Personal Data:

5.1. Performance of a Contract. Processing is necessary to perform a contract with you, including providing access to the Service, creating and managing your Account, providing AI-powered analysis and informational functionality, processing User Input, generating automated outputs, and managing Subscriptions and payments.

5.2. Legitimate Interests. Processing is necessary for the Company's legitimate business interests, including operating, maintaining, securing, and improving the Service, analyzing usage and performance, improving automated systems and machine learning models, preventing fraud and abuse, and providing customer support, provided that such interests do not override your rights and freedoms under applicable law.

5.3. Legal Obligations. Processing is necessary to comply with applicable legal and regulatory obligations, including accounting, tax, recordkeeping, and responding to lawful requests from public authorities.

5.4. Consent. Where required by applicable law, the Company processes Personal Data based on your consent, including where certain features involve processing of Health Data or similar sensitive information voluntarily provided by you. You may withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to such withdrawal.

6. DATA RETENTION

The Company retains Personal Data only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including operating the Service, maintaining Accounts and Subscriptions, complying with legal obligations, resolving disputes, preventing fraud and abuse, and enforcing our agreements.

6.1. How we determine retention periods. Retention periods are determined based on:
(i) the nature, sensitivity, and purpose of the Personal Data;
(ii) applicable legal, tax, accounting, and regulatory requirements;
(iii) operational, security, and fraud-prevention needs;
(iv) whether the data is needed to establish, exercise, or defend legal claims.

6.2. Typical retention categories. For clarity, the Company generally retains the following categories of information as follows (unless a longer period is required or permitted by law):
(i) Account and contact information (e.g., email, account identifiers): retained for as long as your Account remains active, and for a reasonable period thereafter for compliance, security, and support purposes.
(ii) Subscription and transaction information (e.g., subscription status, billing identifiers, payment confirmation, refunds/chargebacks if any): retained as required for accounting, tax, and audit purposes and to address disputes or chargebacks.
(iii) Technical logs and security data (e.g., IP address logs, device information, fraud/abuse signals): retained for as long as reasonably necessary to maintain security, detect abuse, troubleshoot issues, and comply with legal obligations.
(iv) Analytics data (e.g., usage events and performance metrics): retained in aggregated or de-identified form where possible. Where retained in identifiable form, it is kept only for as long as necessary for analytics and improvement purposes.
(v) User Input and AI-generated outputs (e.g., food images, analysis results, reports, or content stored within your account): retained to provide the Service to you and enable Service functionality. If you delete such content within the Service (where available), we will take reasonable steps to delete or de-identify it, subject to technical limitations, legal requirements, and backup retention cycles.

6.3. Deletion and anonymization. When Personal Data is no longer required for the purposes described above, we take commercially reasonable steps to delete it or anonymize/de-identify it in accordance with applicable standards. Please note that deletion may not be immediate and may occur in accordance with our routine backup, logging, and security retention cycles.

6.4. Legal claims and compliance holds. We may retain Personal Data for longer periods where required by applicable law, or where necessary to establish, exercise, or defend legal claims, respond to lawful requests, or enforce our agreements.

7. COOKIES AND SIMILAR TECHNOLOGIES

7.1. What cookies are. Cookies are small text files placed on your device by a website or service. Similar technologies (such as SDKs, pixels, tags, and local storage) may also be used to collect technical and usage information. In this Privacy Policy, we refer to these collectively as "Cookies" unless stated otherwise.

7.2. What technologies we use in the Service. Depending on how you access the Service (mobile app or website), we may use:
(i) Essential cookies (primarily on websites) to enable core functionality (e.g., session management, authentication, and security);
(ii) Software Development Kits (SDKs) in the mobile app to collect analytics, diagnostic, and service performance information;
(iii) Local storage / device storage to store settings, preferences, and locally cached Service data required for functionality;
(iv) Log files and similar diagnostic tools to detect crashes, technical errors, and security incidents.

7.3. Why we use Cookies. We use Cookies only for the following purposes:
(i) Strictly necessary (essential) purposes: to operate the Service, maintain sessions, prevent abuse, and provide a secure experience;
(ii) Analytics and performance: to understand how Users interact with the Service, measure usage, stability, and performance of automated features, and improve functionality and user experience.
(iii) We do not use Cookies for third-party advertising, behavioral targeting, or cross-site tracking for advertising purposes.

7.4. Categories of Cookies we use
(a) Strictly Necessary Cookies / Essential Technologies — These are required to operate the Service and provide basic features. Without them, the Service may not function properly. These may include: (i) security-related cookies and anti-abuse mechanisms; (ii) session identifiers (where applicable); (iii) load balancing and infrastructure-related cookies; (iv) preferences required for core operation (e.g., language or basic settings).
(b) Analytics Cookies / Analytics Technologies — These help us understand aggregated usage of the Service (e.g., which features are used, how often crashes occur, performance latency, and general interaction events). We use analytics primarily to improve: (i) reliability and stability; (ii) feature usability; (iii) bug detection and troubleshooting. Analytics data may be collected through analytics infrastructure (including services such as BigQuery) for aggregated statistical analysis and Service improvement purposes only, in accordance with this Privacy Policy.

7.5. What data Cookies may collect. Depending on the technology and your device settings, Cookies and similar technologies may collect:
(i) device and application information (device type, OS, app version);
(ii) network information (such as IP address);
(iii) approximate location information (country and city level derived from IP or device settings, where available);
(iv) event-based usage data (e.g., feature clicks, navigation patterns, error events);
(v) performance data (crash logs, diagnostics).
We do not intentionally use Cookies or similar technologies to collect Health Data or other sensitive categories of Personal Data.

7.6. Your choices and controls. You can control cookies and similar technologies in several ways:
(i) Browser controls (website): most browsers allow you to delete or block cookies and manage preferences.
(ii) Device controls (mobile app): you may manage or limit the use of Cookies and similar technologies through your device or browser settings, where applicable. Please note that the Service does not use advertising cookies or advertising identifiers for marketing or behavioral advertising purposes.
(iii) In-app settings: where the Service provides settings related to analytics or privacy, you can manage them within the Service.
Please note: If you disable essential cookies or core technologies, some features of the Service may not function properly.

7.7. Do Not Track signals. Some browsers transmit "Do Not Track" signals. The Service is not designed to respond to such signals in a uniform way, because there is no common industry standard for interpreting them. However, you can still manage cookie preferences through your browser or device settings as described above.

7.8. Updates to this section. We may update this Cookies section from time to time as technologies and legal requirements evolve. Updates become effective when posted within the Service.

8. SHARING AND DISCLOSURE OF PERSONAL DATA

The Company does not sell, rent, or trade Personal Data. We disclose Personal Data only where necessary to operate the Service, comply with legal obligations, or protect our rights, and solely in accordance with this Privacy Policy.

8.1. Service Providers and Infrastructure Partners. We may share Personal Data with trusted third-party service providers that assist us in operating, maintaining, and improving the Service. These may include providers of: (i) cloud infrastructure and hosting services; (ii) analytics and performance monitoring tools; (iii) customer support and communication systems; (iv) security, fraud prevention, and abuse detection services; (v) artificial intelligence infrastructure and data processing services used to enable automated functionality of the Service. Such service providers process Personal Data only on our behalf and under contractual obligations that require confidentiality, appropriate security measures, and use of data solely for the purposes specified by the Company. Where applicable, processing is performed under data processing agreements consistent with applicable data protection laws.

8.2. Payment Processing. Payments for Subscriptions are processed by third-party payment providers and app store platforms, including but not limited to Apple App Store, Google Play, and Stripe (for web-based purchases, where applicable). The Company does not collect or store full payment card details. Payment providers process payment information independently and in accordance with their own privacy policies and security standards. We may receive limited transactional information (such as payment status, subscription type, and billing identifiers) for accounting, support, and fraud prevention purposes.

8.3. Analytics and Aggregated Data. We may share anonymized or aggregated data that does not identify individual users with service providers or partners for analytics, performance optimization, and service improvement purposes. Such data cannot reasonably be used to identify you.

8.4. Legal and Regulatory Disclosure. We may disclose Personal Data if we believe in good faith that such disclosure is necessary to: (i) comply with applicable laws, regulations, legal processes, or governmental requests; (ii) enforce our Terms of Use or other agreements; (iii) protect the rights, property, or safety of the Company, our users, or third parties; (iv) prevent fraud, abuse, or other unlawful activity.

8.5. Business Transfers. In the event of a merger, acquisition, reorganization, sale of assets, or similar corporate transaction, Personal Data may be transferred as part of such transaction, subject to continued protection consistent with this Privacy Policy and applicable law, and appropriate confidentiality and data protection safeguards.

9. USER RIGHTS AND CHOICES

The Company respects your privacy rights and provides mechanisms to exercise them in accordance with applicable data protection laws. Your rights may vary depending on your location and the laws that apply to you. You may exercise your rights by contacting us using the details provided in this Privacy Policy. We may request reasonable verification of your identity before responding.

9.1. Rights of EEA and UK Residents. If you are located in the European Economic Area (EEA) or the United Kingdom, you may have the following rights under the GDPR or UK GDPR, subject to legal limitations: (i) Right of access – to request confirmation of whether we process your Personal Data and to obtain a copy of such data; (ii) Right to rectification – to request correction of inaccurate or incomplete Personal Data; (iii) Right to erasure – to request deletion of your Personal Data where processing is no longer necessary or lawful; (iv) Right to restriction of processing – to request limitation of processing in certain circumstances; (v) Right to data portability – to receive Personal Data in a structured, commonly used, and machine-readable format; (vi) Right to object – to object to processing based on legitimate interests; (vii) Right to withdraw consent – where processing is based on consent, at any time without affecting prior lawful processing; (viii) Right to lodge a complaint – with a competent data protection supervisory authority; (ix) Right not to be subject to certain automated processing – to request information about automated processing carried out by the Service and, where applicable under law, to object to or request human review of decisions that produce legal or similarly significant effects. Please note that some rights may be limited where processing is required to comply with legal obligations or to establish, exercise, or defend legal claims.

9.2. Rights of U.S. Residents. If you are a resident of certain U.S. states with applicable privacy laws (such as California), you may have the right to: (i) request access to the categories and specific pieces of Personal Data we have collected about you; (ii) request correction of inaccurate Personal Data; (iii) request deletion of Personal Data, subject to applicable exceptions; (iv) opt out of certain data processing practices where required by law. The Company does not sell Personal Data and does not engage in cross-context behavioral advertising. You will not be discriminated against for exercising any applicable privacy rights.

9.3. Rights of Canadian Residents. If you are a resident of Canada, your Personal Data is processed in accordance with applicable Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. Subject to applicable legal limitations, you may have the right to: (i) request access to the Personal Data we hold about you; (ii) request correction of inaccurate or incomplete Personal Data; (iii) request information about how your Personal Data is used and disclosed; (iv) withdraw consent to the processing of your Personal Data, where such processing is based on consent and where withdrawal is permitted by law. Please note that certain requests may be limited or refused where permitted or required by applicable law, including where the information is subject to legal privilege, required to be retained for legal or regulatory purposes, or where disclosure would reveal confidential commercial information.

9.4. Exercising Your Rights. To exercise any applicable privacy rights, you may submit a request by contacting the Company using the contact details provided in this Privacy Policy. In order to protect your privacy and security, we may require reasonable verification of your identity before processing your request. We will respond to your request within the timeframes required by applicable law. In certain circumstances, we may deny or partially fulfill a request where permitted by law, including where fulfilling the request would: (i) conflict with legal or regulatory obligations; (ii) affect the rights and freedoms of other individuals; (iii) compromise security, fraud prevention, or abuse detection measures; (iv) require disproportionate technical effort. Where applicable, you may designate an authorized representative to submit a request on your behalf, subject to verification of such authorization. We may retain minimal information necessary to document and demonstrate compliance with privacy requests, as required by applicable law.

10. INTERNATIONAL DATA TRANSFERS

The Company is based in the United States, and the Service is operated and supported using infrastructure and service providers located in the United States and other countries. As a result, your Personal Data may be transferred to, stored in, and processed outside of your country of residence, including jurisdictions that may have data protection laws different from those in your jurisdiction. Where required by applicable law, the Company implements appropriate safeguards to protect Personal Data during international transfers. Such safeguards may include Standard Contractual Clauses (SCCs), contractual protections with service providers, technical and organizational security measures, and other legally recognized transfer mechanisms. Where applicable, the Company assesses international transfers and implements supplementary safeguards where required to ensure an adequate level of data protection. By using the Service and providing Personal Data, you acknowledge and understand that your Personal Data may be transferred to and processed in countries outside of your jurisdiction, including the United States, for the purposes described in this Privacy Policy.

11. SECURITY MEASURES

The Company implements commercially reasonable technical, organizational, and administrative measures designed to protect Personal Data against unauthorized access, disclosure, alteration, or destruction. Such measures may include, where appropriate: (i) access controls and authentication mechanisms; (ii) encryption and secure transmission protocols; (iii) monitoring, logging, and incident detection procedures; (iv) internal policies and employee access limitations; (v) periodic review of security practices. However, no method of transmission over the Internet or method of electronic storage is completely secure. Nothing in this Privacy Policy shall be interpreted as a guarantee of absolute security. The Company shall maintain industry-standard security measures and will take appropriate actions to investigate and respond to security incidents in accordance with applicable law. You are responsible for maintaining the confidentiality of your account credentials and for limiting access to your devices. The Company is not responsible for unauthorized access resulting from your failure to safeguard your credentials.

12. CHILDREN'S PRIVACY

The Service is not intended for use by individuals under the age of 13 (or a higher minimum age where required by applicable law). The Company does not knowingly collect or process Personal Data from children below the applicable minimum age. If the Company becomes aware that it has collected Personal Data from a child without verified parental consent where such consent is required, it will take reasonable steps to delete such information promptly. Parents or legal guardians who believe that a child has provided Personal Data to the Company may contact us using the Contact Details provided below.

13. CHANGES TO THIS PRIVACY POLICY

We reserve the right to amend this Privacy Policy at any time to reflect changes in legal, regulatory, or operational requirements, or to update our data practices. Any modifications will take effect upon publication of the updated version on the Site, unless otherwise specified. The "Last Updated" date at the top of this document will indicate the date of the latest revision. Where required by applicable law, we will provide prior notice of material changes and, where necessary, obtain renewed consent. We may, but are not obliged to, notify you separately of material changes by email or through your user account. By continuing to use the Services after such updates are published, you acknowledge and accept the revised terms. If you do not agree to any changes, you must cease use of the Services.

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your Personal Data, you may contact us using the information below:

Contact Details

AIceberg Labs, Inc.
651 N Broad St, Suite 201, Middletown, Delaware 19709, USA
Email: [email protected]