bios by mealfix ← back

privacy

what bios knows, where it lives.

effective: 28 april 2026

the short version: bios stores only what you tell it through claude or chatgpt — meals, workouts, sleep, mood. it lives in your private database. nobody else reads it. you can export or delete everything any time. we don't sell data, run ads, or share with third parties.

what we collect

two streams of data, kept separate:

  • your bios data — anything you log through claude or chatgpt: meals, macros, workouts, sleep, mood, weight, goals, notes. this only exists because you typed it. we don't pull from health apps, wearables, or third-party services unless you explicitly connect one.
  • your account — email and a hashed password (or oauth identity) so you can sign in. that's it. no phone number, no demographics, no payment info on the free tier.

how we use it

your bios data is used for one thing: answering your future questions through claude or chatgpt. "what should i eat for lunch?" needs to know what you ate at breakfast. that's the entire purpose.

we do not use your data to train models, advertise, send marketing, or build anonymized datasets for resale.

where it lives

  • supabase (postgres, eu-central) — primary data store. row-level security ensures only your account can read your rows.
  • cloudflare workers (global edge) — the mcp server that claude/chatgpt talks to. stateless; never persists conversation content.
  • posthog (us cloud) — anonymous usage analytics on the marketing site (this page included). no bios data is ever sent to posthog.

who can see your data

  • you — through claude, chatgpt, or any future bios client.
  • a small admin team at mealfix — only when you ask for support and only the minimum needed to help. all admin access is logged.
  • nobody else — no advertisers, no data brokers, no third-party llm trainers.

cookies & tracking

this marketing site (bios.mealfix.club) uses posthog for autocapture analytics, pageview tracking, and session replay — to understand how people find and use the site. you can opt out via your browser's do-not-track signal, which posthog respects.

the bios connector itself (the part claude and chatgpt actually talk to) sets no cookies and does no tracking.

your rights

  • see what we have — ask any time, we'll send you the full export.
  • delete everything — one message and your data is gone within 7 days, including backups.
  • correct anything — through claude/chatgpt directly, or by contacting us.
  • port your data — exports are plain json/csv, yours to take anywhere.

under gdpr / dpdp (india) you have the right to access, rectify, delete, restrict, port, and object. we honor all of these.

retention

bios data: kept while your account is active. 30 days after deletion request, all copies (including encrypted backups) are erased.

account data: kept while your account exists. removed within 7 days of account deletion.

marketing analytics (posthog): retained for 12 months, then auto-purged.

security

all traffic is https. data at rest is encrypted by supabase. oauth tokens for the connector are scoped per-user and rotatable. we use 2-factor on all admin accounts.

if there's ever a breach affecting you, you'll hear from us within 72 hours.

changes

if this policy changes meaningfully, the effective date above changes and we email anyone with an active account. small fixes (typos, link updates) won't trigger a notification.

contact

questions, exports, deletion requests — all go to the same place:

← back to bios