Consumer Health Data Privacy Policy

Last updated: May 2026

This policy is a supplement to our Privacy Policy. It describes how Mello handles consumer health data and applies to residents of Washington (under the My Health My Data Act), and to residents of Nevada and Connecticut under their comparable health privacy laws. Where it conflicts with our general Privacy Policy on consumer health data, this policy controls.

Mello is not a medical device and does not provide medical advice. The data described here is what you choose to log to support your own wellness journey.

1. Categories of consumer health data we collect

Depending on the features you use, we may collect the following categories of consumer health data:

  • Body measurements such as weight, height, and goal weight.
  • Food and nutrition data, including meals you log and food photos you scan.
  • Hydration, fasting windows, and physical activity or workouts you record.
  • For users who indicate they take a GLP-1 medication: medication name, dose, injection dates, and side effects you choose to log.
  • Wellness goals, dietary preferences, and restrictions.
  • Health-related data you import, only with your permission, from Apple HealthKit or Google Fit (for example, weight).

2. Sources of this data

  • Directly from you, when you enter information or take a photo in the app.
  • Automatically from your interactions with the app.
  • From connected devices and platforms you authorise, such as Apple HealthKit or Google Fit.

3. Why we collect it

We collect consumer health data only to:

  • Provide and operate the features you use (tracking, scanning, progress, reminders).
  • Personalise your plan and recommendations.
  • Keep the app stable and secure.
  • Comply with our legal obligations.

4. How we share consumer health data

We do not sell consumer health data. We share it only with the service providers that make the app work, and only to the extent needed for their function.

Categories of data shared

The health data categories listed in section 1, limited to what each provider needs to perform its task.

Categories of recipients

Cloud and infrastructure providers (Firebase / Google), AI analysis for food photos (Google Gemini, which processes and does not retain the photo), subscription management (RevenueCat), privacy-friendly analytics on anonymised data (PostHog), and crash reporting (Sentry). We may also disclose data to comply with the law or in connection with a merger or acquisition.

5. Your rights

If you are a resident of Washington, Nevada, or Connecticut, you have the right to:

  • Confirm whether we are collecting, sharing, or selling your consumer health data.
  • Access the consumer health data we hold about you.
  • Withdraw consent to the collection and sharing of your consumer health data.
  • Request deletion of your consumer health data.

6. How to exercise your rights

To make a request, email [email protected] with the subject line "Consumer Health Data Request". You can also delete your account and data directly in the app. We will verify your request and respond within the timeframe required by law. You may authorise an agent to act on your behalf.

7. How to appeal

If we decline your request, you may appeal by replying to our decision email or by writing to [email protected] with the subject line "Health Data Appeal". If your appeal is denied, Washington residents may contact the Washington State Attorney General at www.atg.wa.gov/file-complaint.

8. Contact

Questions about this policy? Email [email protected]. Our publisher is Francis Kouaho (Emplica Lab), 119 rue Saint-Sébastien, 78300 Poissy, France.

Francis Kouaho [email protected]