Logma
Privacy Policy
The short version
Logma is built privacy-first. Your meals stay on your device. We don't have accounts, we don't sell data, and we don't track you across the web. The only things our servers see are short, ephemeral requests to AI providers that we discard immediately. No cloud sync, no advertising, no cross-web tracking. The only analytics we use is fully anonymous and can't be tied to you.
Who we are
Logma is built by Batuhan Buyukakkan, an indie developer based in Istanbul, Turkey. If you have any privacy questions, email hello@logma.fit and you'll get a real reply from a real person.
Data we collect
Stored only on your device
The following data lives entirely on your iPhone. We never see it, store it, or have any way to access it.
- Meal entries: what you ate, calories, protein, carbs, fat, time, date.
- Profile: sex, age, height, weight, activity level, calorie goals.
- Preferences: units (metric or imperial), notification settings.
- Free log usage counter: how many AI logs you've used (so we can apply the free tier limit).
This data is removed permanently when you delete the app.
Sent to servers and discarded
When you use voice or AI text logging, we briefly send specific data to AI providers to do the work. None of this is stored long-term.
- Voice logging: your audio recording goes to OpenAI Whisper to be transcribed. The audio is not retained by us. Per OpenAI's API policy, audio sent through their API is not used to train models and is deleted within 30 days at most.
- AI text logging: your message text goes to Anthropic Claude to estimate calories and macros. Per Anthropic's API policy, prompts are not used to train models and are retained only for safety review.
- Context for the AI: we send your current daily calorie total and goal so the AI can give helpful confirmations like "you're at 1,400 of 2,000". This is just numbers, never your name or anything identifying.
Operational logs
Our backend keeps minimal logs to prevent abuse and keep costs from running away.
- Anonymous device ID: a random UUID generated on first launch. Used only for rate limiting. Not tied to your Apple ID or any identity.
- Request counts: how many AI requests this device has made today, for rate limit enforcement.
- Timestamps and HTTP status codes: standard server logs that auto-expire within 7 days.
Anonymous usage analytics
We use TelemetryDeck, a privacy-first analytics service, to understand how people use the app so we can improve it. It records actions like which onboarding screens are viewed and which options people choose. It is fully anonymized: TelemetryDeck salts and hashes its identifiers so that neither we nor TelemetryDeck can trace any of it back to an individual. It never sees your name, email, or anything that identifies you.
What we don't collect
- Your name, email, phone number, or Apple ID.
- Your contacts, photos, location, calendar, or browsing history.
- Any advertising SDKs, ad networks, or cross-app tracking. There are none in the app.
- Any health data outside of what you log yourself in Logma.
Third-party services
Logma uses a small number of third-party services to function. Each one only sees the minimum data needed for its job.
| Service | What it does | What it sees |
|---|---|---|
| Anthropic | Parses your meal description into calories and macros. | Your meal text plus current daily total and goal. |
| OpenAI | Transcribes your voice recordings (Whisper). | Your audio file, briefly. Discarded within 30 days max. |
| Vercel | Hosts our backend API at api.logma.fit. | Anonymous device ID, request timestamps. |
| Apple | Distributes the app, processes payments, validates subscriptions. | Whatever you've already shared with Apple. Never shared with us beyond aggregate purchase confirmations. |
| RevenueCat | Manages subscriptions and validates purchases. | An anonymous purchase ID and your subscription status. No personal identity. |
| TelemetryDeck | Anonymous usage analytics to help us improve the app. | Anonymized app events and a hashed identifier. Nothing that identifies you. |
Subscriptions and payments
All purchases are handled by Apple through the App Store. We never see your credit card, billing address, or any payment details. Apple sends us an anonymous receipt that confirms whether you have an active subscription. That's it.
Apple's privacy policy for App Store purchases is available at apple.com/legal/privacy.
How we use your data
- To make the app work (showing your logs, computing daily totals, applying your goals).
- To process voice and AI logging requests, in the moment.
- To enforce free tier limits and prevent abuse.
- To understand how the app is used, through anonymous analytics, so we can make it better.
- To validate subscription status with Apple.
That's the entire list. We do not sell, rent, share, or trade your data with anyone. Ever. There are no advertising partners and no marketing pipelines.
Data retention
- On-device data: persists until you delete the app.
- AI provider data: per their policies, deleted within 30 days. We have no way to access it.
- Backend rate limit counters: reset every 24 hours.
- Server logs: auto-expire within 7 days.
Your rights
Because we don't have an account system, there's no profile to access, edit, or delete on our side. Your data lives on your device.
- Deletion: uninstall the app and your data is gone.
- Access: everything we know about your meals is visible inside the app's History tab.
- Portability: if you want a CSV export of your meal data, email hello@logma.fit and we'll add a Settings export button.
If you're in the EU, UK, or California, you have additional rights under GDPR and CCPA (access, rectification, erasure, portability, restriction, objection). Since the data we hold about you on our servers is essentially just an anonymous device ID and a request count, exercising these rights is straightforward. Email us with a description of your request and we'll respond within 30 days.
Children's privacy
Logma is not directed at children under 13 and we do not knowingly collect data from anyone under 13. The App Store's age rating is set accordingly. If you believe a child has used the app, please contact us and we'll help.
International data transfers
Our backend runs on Vercel and our AI providers are based in the United States. If you use Logma from outside the US, your data is transferred to and processed in the US. All transit happens over TLS 1.3 encrypted connections. We rely on standard contractual clauses where applicable.
Security
We take a few specific steps to keep things safe:
- App Attest: our backend verifies that requests come from a genuine, unmodified Logma app.
- Rate limits and cost caps: abuse is automatically blocked.
- Minimal storage: we don't store data we don't need. There's no long-term database of your activity to leak.
- TLS 1.3: all network traffic is encrypted.
No system is perfectly secure. If you discover a vulnerability, please email hello@logma.fit.
Changes to this policy
If we change anything material, we'll update the "last updated" date at the top of this page and post the change on logma.fit. If the change meaningfully affects your privacy, we'll show a notice in the app on next launch.
Contact
Questions, concerns, or just want to say hi? Email hello@logma.fit. A real person reads every email.