Your data,
your decisions.

Last updated: 5 June 2026

mici is a food journal. We collect just enough information to make the journal useful to you — and nothing more. This page explains what we hold, how we hold it, and how to get it back or delete it.

1. Who runs mici

mici is operated by a team based in Australia. You can reach us at admin@mici.lifestyle for any privacy question, or through the in-app help.

2. What we collect

Account data

• Email address — required to create and recover your account.
• Password — only when you sign up with email/password (not stored by us; managed by AWS Cognito and verified using SRP / AWS-secured TLS).
• Google account identifier — only when you sign in with Google (we receive a stable user ID + your email; we do not see or store your Google password).

What you save to your mici account

Everything you enter through the app is stored in your mici account in our cloud (AWS, Sydney) — see "Where it's stored" for the full picture. The copy on your phone is a local cache so the app works offline; uninstalling the app or signing out does not delete the cloud copy. Only deleting your account does (Settings → Account → Delete account).

• Meal entries (foods, time, optional photo, optional rating, optional notes, optional hunger/fullness, optional mood)
• Weight entries (kg/lb + date)
• Water log entries
• Saved recipes and shopping lists you create
• Your "My Kitchen" inventory — ingredient names you add by hand, save from a fridge/pantry scan, or mark as leftovers (leftovers auto-expire after about 3 days). Only the ingredient names are stored; scan photos are processed transiently and never kept. See "Meal planning & optional weather"
• Meal plans you create (the planned dish per slot for a given day) — auto-deleted after 14 days; see "Meal planning & optional weather"
• Weekly habit goals you choose (e.g. "fish twice a week") — just the goal definition; progress is computed on your device from your meal logs. The optional daily mood check-in on the Plan tab is stored only on your device (never synced) and self-deletes after a day.
• Profile data you add voluntarily (height, age, dietary tags, goals) and food preferences you set for planning (favourite cuisines, foods you avoid, your go-to meals per slot, cooking style/skill, pantry staples, meal rhythm)
• Free-text feedback you submit through the in-app "How is mici going?" prompt (or by email) — see "Feedback & AI analysis" below for how it's processed

What's collected automatically

• Anonymous app version, OS version, device platform — used for crash diagnosis and version-gate logic.
• API request timing and counts — used to bill AWS and detect abuse. Tied to your account ID, not stored beyond a rolling 90-day window.

What we DON'T collect

• Your contacts, calendar, or any data unrelated to the app
• Your location — with one optional exception: if you turn on live weather in the meal planner, mici reads your approximate (coarse) location once to fetch local conditions. It's never stored, never tracked in the background, and the feature is off until you opt in. See "Meal planning & optional weather".
• Browsing history outside mici
• Anything for advertising — mici has no ads, no tracking SDKs, no analytics that profile you

3. How we use it

• Powering your reports. Meal logs feed your weekly score, traffic-light mix, weight trend, and AI summaries — visible only to you.
• AI assistance. When you tap an AI feature (rate a meal, scan a menu, get a tip, chat with the coach), the relevant context — usually your last few days of meals, your dietary tags, and any photo you're analysing — is sent to a third-party AI provider to generate a response. We log AI calls for cost accounting but don't store the prompt content beyond what's needed for that response. See "AI interactions aren't audited or downloadable" below for the providers, what's sent, and the limits of what we can show you about past AI calls.
• Sync. Your data syncs across devices via your account so you can switch phones without losing history.
• Notifications. If you enable meal reminders, we use them only to remind you to log — never marketing.
• Feedback you submit — see "Feedback & AI analysis" below.

Feedback & AI analysis

If you submit feedback through the in-app "How is mici going?" prompt or by email, your text is stored in our database against your account ID (not your email). We periodically run an admin-side AI clustering pass over recent feedback to spot common themes — bugs, requests, things people love, things that frustrate them — so we know where to focus.

The clustering job sends the feedback text plus light context (your build number, your platform, how long you've been a user, whether you're on Pro) to a third-party AI provider (same providers as the rest of mici's AI features). The admin view shows only an anonymised shortened account identifier (the first 8 characters of your sub) — never your email or full name. The AI prompt is also instructed to redact any personal information it spots in quoted excerpts, as a defence-in-depth.

Despite all this, your feedback text is whatever you typed. Don't include personal information in feedback — names, emails, addresses, anyone else's information. The in-app prompt warns you about this before you tap Send. If you want a private support conversation, email admin@mici.lifestyle directly; that channel is read by a human, not an AI cluster.

4. Where it's stored

All your data is held in AWS infrastructure in the Asia Pacific (Sydney) region:

• Account credentials → AWS Cognito (encrypted at rest, transmitted over TLS)
• Meal / weight / water logs → AWS DynamoDB (encrypted at rest with AWS-managed KMS keys)
• Meal photos → AWS S3 (encrypted at rest, served only to your authenticated account)
• Tokens on your device → encrypted via the platform keychain (Android Keystore / iOS Keychain)

AI requests are routed to third-party AI providers — see the next section for the full list and how those calls work. mici does not pass your data to any third parties beyond what's listed below.

5. AI features in detail

Several mici features call out to third-party AI models. This section explains which providers we use, what gets sent, and what we can — and can't — show you about past AI activity.

Providers we route requests to

Depending on the feature and our routing decisions, an AI request may be processed by one or more of the following:

• Amazon Web Services — AWS Bedrock, hosting models including Amazon Nova and Anthropic Claude. Bedrock requests stay within the Sydney (ap-southeast-2) region where the model is available there. About Bedrock.
• Anthropic (direct API) for some chat and advice routes. Anthropic privacy.
• Google (Gemini, via Google's commercial API) — used for some routes when selected as the active model.
• OpenAI (commercial API) — used for some routes when selected as the active model.

Which provider handles a given request can change over time as we tune models for cost and quality. The complete set of providers we may use is the list above.

Your data is not used to train their models

We use each provider's commercial / business API tier, where the provider contractually commits to not use your prompts, photos, or generated responses to train their AI models. This applies to:

• The text we send (your meals, weight, tags, profile context)
• Photos you analyse with AI (meal photos, menu scans)
• The AI responses we receive back

Each provider publishes their own data-handling terms — links above. mici does not opt in to any voluntary "improve our models with your data" programs.

Photos sent to AI providers

When you use an AI feature that processes a photo (meal photo analysis, menu scan, recipe scan), the photo is uploaded to the AI provider alongside the prompt context. The provider processes it, returns a response, and discards the input under their commercial-API retention policy. The photo also remains in your encrypted S3 bucket on AWS Sydney for as long as the meal exists in your log.

AI interactions aren't audited or downloadable

To keep AI usage cheap and to minimise the personal data we hold, mici does not store a transcript of past AI interactions for ordinary user accounts. For every AI call we record only lightweight non-content metadata — model name, route, request size, token counts, timing — so we can pay the AI bill, enforce daily caps, and investigate cost / performance regressions. We do not retain the prompt text, your meal/profile data sent with it, or the model's reply. Once a response is shown to you in the app and saved as part of the meal/recipe/etc. it relates to, the prompt+response pair is gone. This means:

• You can't download or export a history of every AI question you've asked.
• We can't review past AI replies for accuracy or revisit what was said in a previous chat.
• Each chat with the AI coach starts fresh — the coach has no memory of previous conversations.

Exception: mici developer test accounts. A small allowlist of internal email addresses (currently just our own developer account) does emit the full prompt + reply into our system logs, retained for 7 days, so we can debug AI quality issues end-to-end during development. No real user accounts are on this allowlist; if you'd like to opt in to give us better debugging data for a specific problem you're seeing, email admin@mici.lifestyle.

You're responsible for what you send

Because AI requests leave mici's infrastructure and are processed by third-party services, do not send personally identifiable information (PII) to AI features: not your full legal name, ID numbers, address, medical record numbers, or anyone else's. The Coach chat box, meal notes that get sent to AI, and recipe text fields all flow into outbound AI calls — keep them about food and how you felt, not about your identity. mici's AI is for journalling food, not for sharing personal data.

Meal planning & optional weather

The meal planner (the 📋 card on the Log tab, optional — you can turn it off in Settings → Habits → Logging → Meal plan) uses AI to suggest a day's meals. When you ask it to plan or chat, mici sends the same AI providers listed above the context needed to tailor suggestions:

• Your food preferences (favourite cuisines, foods you avoid, your go-to meals, cooking style/skill, pantry staples, meal rhythm) and your goal.
• A short window of your recent meals (roughly the last couple of days) so the plan matches your taste and doesn't repeat what you just ate.
• Your "My Kitchen" inventory (ingredient names + leftovers, if you use it) so the planner can suggest cooking with what you already have. The inventory itself is stored in your account like a shopping list and syncs across your devices; leftovers auto-expire after about 3 days. Fridge/pantry scan photos are processed transiently to extract ingredient names and are never stored.
• Your mood check-in for the day (one tap, optional — e.g. "tired") and your weekly habit goals with their current progress, so suggestions fit how you feel and gently support what you're working on.
• Your first name (for a friendly greeting) and the local time of day / season.

As with every AI feature, this context is sent only when you trigger planning, isn't used to train the providers' models, and we keep only lightweight metadata afterwards — not the prompt content (see above). The plan you save is stored in your account like any other entry and auto-deletes after 14 days.

Optional live weather. Inside the planner you can turn on live weather so suggestions suit the day ("a warming soup for a cold, grey one"). If you opt in, mici asks the operating system for your approximate location once, sends those coordinates to a free weather service (Open-Meteo) to fetch current conditions, and uses the result for that planning session. We do not store your location, link it to your account, track it in the background, or use precise/GPS location. The feature stays off unless you enable it, and you can revoke the location permission at any time in your device settings — the planner still works, just without the weather touch.

6. Third parties

• Amazon Web Services — infrastructure provider (hosting, database, storage, AWS Bedrock for AI). AWS privacy.
• Anthropic — Claude models, used for some AI features (advice, photo analysis, chat). Calls go via either AWS Bedrock or Anthropic's direct API. Anthropic privacy.
• Google — used in three distinct ways: (a) Gemini AI models for some AI routes, (b) Google sign-in if you choose it, (c) Google Play billing if you subscribe. For sign-in / billing we receive a stable identifier + your email; nothing else.
• OpenAI — used for some AI routes when selected as the active model. Commercial-API tier; data is not used to train OpenAI models. OpenAI privacy.
• SendGrid (Twilio) — sends transactional email (verification codes, password resets) on our behalf. Receives only your email address and the email body. Twilio privacy.
• Open-Meteo — free weather API, used only if you opt in to live weather in the meal planner. Receives your approximate coordinates to return current conditions; no account, no identifier, nothing else. Open-Meteo terms.
• Apple — only if you choose to sign in with Apple (when available).

We don't share your data with advertisers, data brokers, or any other third party. We don't sell your data — there's nothing to sell, since we built mici on the assumption that data isn't a product.

6.5 Partner sharing

If you opt in to Settings → App tab → About → 💑 Partner, you can connect with one other mici user via a 6-character invite code (valid 15 minutes, single-use). What changes when you're linked:

• Always private — never crosses to your partner. Your weight numbers, weight history, profile (age, dietary tags, free-text notes), AI chat transcripts, photos, individual meal log entries, daily reports / scores, and AI quota usage. None of these are shared in any form.
• Shared with your partner — only when both of you opt in. Today's lunch + dinner meal plan (the dish name, plus comments you write on it). Meal-plan sharing defaults on after linking; you can turn it off at any time and they'll stop seeing new plans.
• Milestone notifications — only when each of you opts in. When you cross a weight-loss milestone (1 kg, 2 kg, 5 kg, halfway to goal, goal reached) your partner gets a celebration ping with the label only — never the actual kilo number, direction, or rate of change. Milestones default off after linking; you must explicitly turn them on in Settings → App tab → About → 💑 Partner.

When you link, both you and your partner receive a confirmation email saying who you just connected with — so an accidental link (or a phishing attempt) is visible immediately and recoverable with one tap of "Disconnect" inside the app.

Disconnecting wipes the partner record on both sides instantly. Previously-shared meal plan entries auto-delete after 90 days; you can delete them sooner by emailing admin@mici.lifestyle.

Partnership is one-to-one: each account has at most one partner at a time. To switch partners you must disconnect first.

7. How long we keep it

• While your account is active — for as long as you keep using mici.
• API logs (cost accounting) — 90 days, then auto-deleted via DynamoDB TTL.
• AI prompts + replies — not retained for ordinary users (only call metadata: model, tokens, timing). Developer test accounts on a small internal allowlist do retain the full bodies for 7 days; see "AI interactions aren't audited or downloadable" for the full detail.
• Your meal plans — 14 days, then auto-deleted via DynamoDB TTL. Location used for live weather is never stored at all.
• Partner shared meal plans — 90 days, then auto-deleted by the platform. Disconnecting from a partner is effective immediately for future shares; existing plan rows age out via the 90-day window.
• Photos you delete — removed from S3 immediately when you delete the meal.
• If you delete your account — all of your data is removed within 30 days (the brief delay covers backup retention; nothing is restored from backups after deletion).

8. Your rights

From inside the app, in Settings → Account, you can:

• Export — download a CSV of every meal, weight, and profile entry, plus a copy of your photos.
• Delete — permanently remove your account and all associated data. We do this in one click; no email confirmation, no waiting period.

If you're in the EU, EEA, UK, or California, you also have the right under your local law to request a copy, ask us to correct anything, or restrict processing. The Settings → Account export and delete tools cover all of these. For anything that needs human help, email admin@mici.lifestyle and we'll respond within 30 days.

9. Children

mici is not designed for children under 13 (or under 16 in jurisdictions where that's the threshold). We don't knowingly collect data from children under that age. If you're a parent and believe your child has signed up, email us and we'll delete the account.

10. Cookies and tracking

The mici website (this page) uses no cookies, no analytics, no tracking pixels. The mici app uses platform-standard local storage for offline data and for keeping you signed in — none of this is shared with third parties.

Email open tracking. Our transactional emails (verification codes, password resets, email-change confirmations) sent via SendGrid include a 1×1 invisible image. When your mail client renders that image, SendGrid records an "opened" event and forwards it to us as anonymised aggregate delivery data — we use it only to monitor that emails are actually reaching you, never for advertising or profiling. The pixel doesn't run JavaScript, doesn't read cookies, and isn't tied to any tracking identifier outside our SendGrid account. If you'd rather not be counted, set your mail client to block remote images by default — most major clients have this option in their settings, and on iOS 15+ Apple Mail Privacy Protection blocks the signal automatically.

11. Security

We follow industry-standard practices for an app at our scale:

• All data in transit is encrypted with TLS 1.2+
• All data at rest is encrypted by AWS-managed KMS keys
• Authentication tokens are stored only in the platform keychain on your device
• API access is gated by short-lived JWT tokens (1-hour validity) backed by Cognito's session security
• Refresh tokens rotate on each use (any leaked token is invalidated as soon as you next sign in)

Despite these measures, no system is perfectly secure. If we ever detect a breach affecting your data, we'll notify you within 72 hours with the details and what to do.

12. Changes to this policy

If we change anything material, we'll update the "Last updated" date and notify active users via the app. Trivial corrections (typos, clearer wording) we'll just publish. Any changes to data collection practices that affect existing users will be highlighted.

13. Questions

Reach us at admin@mici.lifestyle. Real human, no ticket queue, real responses within a few business days.