Privacy Policy

Last updated: May 2026

Mello is built to help you manage your GLP-1 journey. Your health data is yours. This policy explains what we collect, why, and how you can control it. We have written it in plain language on purpose.

Mello is not a medical device and does not provide medical advice. Always consult a qualified healthcare professional for medical decisions.

1. Who we are

Mello is published by Emplica ("we", "us", "our"). Francis Kouaho is the founder and data controller. For any privacy questions, reach us at [email protected].

2. What data we collect

Account information

Your email address and the display name you choose when you sign up.

Health and wellness data you log

Dose and injection records, side-effect notes, body weight entries, progress photos, and hydration logs. This is sensitive health data and we treat it accordingly.

Food photos

When you use the food scan feature, the photo you take is sent to Google Gemini for nutritional analysis. The photo is analysed and then discarded; we do not build a photo archive of your meals.

Usage analytics

Anonymous, aggregated events such as which screens you visit and which features you use. We use PostHog, a privacy-friendly analytics platform. We do not track you across other apps or websites.

Device and crash data

Technical information (device model, OS version, app version) and crash reports, collected via Sentry to help us fix bugs quickly.

Apple HealthKit / Google Fit

Only if you explicitly grant permission in the app, we can read your weight from Apple HealthKit or Google Fit. We never write data back to these platforms without your consent, and you can revoke access at any time in your device settings.

3. How and why we use your data

To provide the core app features (tracking, scanning, progress).
To send you reminders and notifications you have opted into.
To manage your subscription via RevenueCat.
To monitor app stability and fix crashes via Sentry.
To understand how features are used so we can improve the app (PostHog analytics).
To comply with legal obligations.

4. Third-party processors

We work with the following sub-processors. Each receives only the data needed for its specific function.

Firebase / GoogleAuthentication, database (Firestore), and app hosting.

RevenueCatSubscription and purchase management across App Store and Google Play.

PostHogPrivacy-friendly product analytics. Data is anonymised and never used for advertising.

SentryCrash reporting and error monitoring to keep the app stable.

Google GeminiAI analysis of food photos to estimate nutritional content. Photos are processed and not retained.

Apple App Store / Google PlayPayment processing and subscription billing. We do not handle your card details directly.

5. Legal bases (GDPR)

If you are in the EU or UK, we rely on the following legal bases:

Contract: to provide the service you signed up for.
Legitimate interest: for crash reporting and stability monitoring.
Consent: for health data you voluntarily log, for HealthKit/Google Fit access, and for optional push notifications. You can withdraw consent at any time.
Legal obligation: where required by law.

6. Data retention

We keep your data for as long as your account is active. If you delete your account, your personal data and health logs are permanently deleted within 30 days. Anonymised, aggregated analytics data may be retained longer.

7. Your rights

You have the right to access, correct, export, or delete your data. You can export or delete your data and account directly inside the app. For any additional request, email us at [email protected]. If you are in the EU, you also have the right to lodge a complaint with your local data protection authority.

8. Children

Mello is intended for users aged 18 and older. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, please contact us at [email protected] and we will delete the account.

9. International transfers

Our processors (Google, Sentry, PostHog, RevenueCat) may process data in the United States and other countries. Where applicable, we rely on Standard Contractual Clauses or equivalent mechanisms to protect your data when it is transferred outside the EU/EEA.

10. Security

We use industry-standard security measures including encryption in transit (TLS) and at rest. Your health data is stored in Firebase Firestore with access controls limited to your account. No system is 100% secure, but we work hard to protect your information.

11. Changes to this policy

We may update this policy. If we make significant changes we will notify you via the app or by email. The date at the top of this page always reflects the latest revision.

12. Contact

Questions or requests? Email us at [email protected]. We aim to respond within 30 days.

Francis Kouaho • [email protected]