Privacy Policy

Effective date: 1 May 2026 ย ยทย  Last updated: 1 May 2026

1. Who we are

Lockin ("we", "our", "the service") is an AI nutrition coaching product accessible via Telegram and the web at lockin.food. We are an individual developer project based in India.

2. Data we collect

When you use Lockin, we collect:

  • Your Telegram chat ID and username (used to identify you)
  • Health profile: height, weight, age, sex, goal, activity level
  • Dietary preferences, allergies, and dislikes
  • Fitness routine and workout schedule
  • Budget and cooking preferences
  • Pantry items you add manually
  • Meal plan history generated for you
  • Food logs you submit via Telegram
  • Weight logs you submit via /weight command

We do not collect payment information, read your other Telegram chats, or access your device.

3. How we use your data

  • To generate personalised meal plans and macro targets for you
  • To provide context to the AI when you send messages in Telegram
  • To track your nutrition logs and streak
  • To generate shopping lists from your meal plan, subtracting pantry items
  • To improve our service (aggregated, de-identified statistics only)

Your health data is never used for advertising.

4. Data storage and security

  • Data is stored in Supabase (PostgreSQL) hosted on AWS in the Mumbai region
  • All data is encrypted at rest and in transit (SSL/TLS)
  • Row Level Security is enabled on all tables
  • Only server-side code (running on Vercel) can access your data via the service role key
  • The service key is never exposed to the browser

5. Third-party services

We use the following third-party services to operate Lockin:

  • Google Gemini AIโ€” generates meal plans and responds to your Telegram messages. Your profile summary and today's plan are sent to Gemini as context. No personal identifiers are sent โ€” only nutritional and preference data. Subject to Google's API terms.
  • Telegram โ€” the primary interface. Telegram processes your messages per their privacy policy.
  • Vercel โ€” hosts the web app and API. Vercel may log request metadata.
  • Swiggy Instamart (when enabled) โ€” only your shopping list items (ingredient names and quantities) are sent to Swiggy to build a cart. Your health profile, macros, and personal data are never sent to Swiggy.

6. Data sharing

We do not sell your data. We do not share your data with advertisers. Your data is shared with third-party services only as described in Section 5 above, solely for the purpose of operating the service for you.

7. Your rights

  • Delete your data: Send /deletedata in Telegram. This permanently and irreversibly deletes your profile, meal plans, pantry, shopping lists, and all logs from all tables. This cannot be undone.
  • Export your data: Contact us at the email below to request a copy of your data in JSON format.
  • Correct your data: Edit your profile at lockin.food/profile or contact us.

These rights are provided in compliance with the Digital Personal Data Protection (DPDP) Act, 2023.

8. Age restriction

Lockin is intended for users 18 years of age and older. We do not knowingly collect data from anyone under 18. If you believe a minor has used Lockin, contact us to have their data deleted.

9. Medical disclaimer

Lockin provides general nutrition information and AI-generated meal suggestions. It is not a medical device and does not provide medical advice, diagnoses, or treatment recommendations. If you have a medical condition, consult a qualified healthcare provider before making significant dietary changes.

10. Changes to this policy

If we make material changes to this policy, we will notify you via the Telegram bot before the changes take effect.

11. Contact

Questions about privacy? Open Telegram and send a message to the bot, or email us at privacy@lockin.food.