GATAlife Privacy Policy
Last Updated: May 7, 2026
| Legal Name | GATALIFE LTD |
| Registration Number | ΗΕ 491102 |
| Address | Arch. Makariou III, 240, P. LORDOS CENTER, BLOCK B, Office 206, Limassol, Cyprus |
| help@gatalife.com | |
| Website | https://gatalife.com |
Privacy Policy GATALIFE LTD (hereinafter "GATAlife" or the "Provider"), Registration Number ΗΕ 491102, with its registered office at Arch. Makariou III, 240, P. LORDOS CENTER, BLOCK B, Office 206, Limassol, Cyprus, operates the website https://gatalife.com (hereinafter the "Website"), as well as the GATAlife app, a nutrition assistant (hereinafter the "App" or the "Product") for Android and iOS. This Privacy Policy informs you about the types of personal data of GATAlife users that are processed, the purposes of such processing, and the scope of processing. This Privacy Policy applies to all processing of personal data carried out by GATAlife in connection with the provision of its services and, in particular, on the Website and in the GATAlife App, which users may install on their mobile devices, as well as across external online presences, such as GATAlife social media profiles (collectively, the "Online Offering"). GATAlife is a nutrition assistant, not a medical application. GATAlife does not provide medical advice, diagnosis, treatment, or professional medical services of any kind.
1. Controller and Data Protection Officer
Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) — i.e., the entity responsible for the collection, processing, and use of users’ personal data — is:
GATALIFE LTD
Registration Number: ΗΕ 491102
Arch. Makariou III, 240, P. LORDOS CENTER, BLOCK B, Office 206, Limassol, Cyprus
Email: help@gatalife.com
Website: https://gatalife.com
Data Protection Inquiries
GATAlife has assessed its current processing activities. The current data processed by GATAlife (nutrition diary entries, food photos, voice transcripts, and wellbeing indicators) does not constitute special category data under Article 9 GDPR, and the mandatory appointment of a Data Protection Officer pursuant to Article 37(1)(c) GDPR is not currently required. GATAlife will reassess this position prior to activating health metric features (see Section 15).
For all data protection inquiries, please contact: privacy@gatalife.com
Lead Supervisory Authority
GATAlife is established in Cyprus. The lead supervisory authority for GDPR purposes is:
Office of the Commissioner for Personal Data Protection of the Republic of Cyprus
1 Iasonos Street, 1082 Nicosia, Cyprus
Tel: +357 22 818 456
Website: https://www.dataprotection.gov.cy/
2. Encryption
All incoming and outgoing data — both in exchanges with apps and in exchanges with third-party providers — are transmitted in encrypted form. An encrypted connection when using the GATAlife Website can be recognized by the browser address beginning with “https://” and the corresponding lock symbol.
3. Collection, Processing, and Use of Personal Data
3.1. Personal Data
For the purposes of the GDPR, “personal data” means any information relating to an identified or identifiable natural person. Personal data will be processed by the Provider only in accordance with applicable data protection laws.
3.2. Data Collection When Using the GATAlife Website
When visiting https://gatalife.com the web server automatically records log files on the basis of GATAlife’s legitimate interests pursuant to Article 6(1)(f) GDPR. These data include browser type and version, operating system used, referrer URL, IP address of the requesting computer, date and time of server access, and the requested file name. These data are collected solely for statistical analysis and security purposes and are stored for seven (7) days, after which they are deleted.
3.2.1. Use of Cookies
To make the Website and App more user-friendly and to support analytics and advertising features, GATAlife uses cookies and similar tracking technologies. GATAlife obtains, records, and manages user consent for all non-essential cookies and tracking technologies — both on the Website and within the App — through a cookie consent banner and in-app consent screen.
A cookie is a small text file used to record information about the use of the Website. Cookies cannot run programs or transmit viruses to the user’s device.
GATAlife uses the following categories of cookies:
| Category | Purpose | Examples | Duration | Consent Required |
| Strictly necessary | Essential for Website functionality (login sessions, security) | Session cookies | Session / ≤ 1 year | No |
| Functional / Preference | Remember user settings and preferences | Language, region | ≤ 1 year | Yes |
| Analytics | Measure usage and improve the Website (Google Analytics) | ga, gid | ≤ 2 years | Yes |
| Advertising / Retargeting | Deliver relevant ads and track conversions (Google Ads) | Conversion cookies | ≤ 30 days | Yes |
When a user first visits the Website, a cookie consent banner is presented requesting granular consent for each non-essential cookie category. In the App, users are asked for consent via a consent screen before any analytics or advertising tracking begins. Users may withdraw or adjust their consent at any time via the “Cookie Settings” link in the Website footer or via App Settings → Privacy → Tracking Preferences.
Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
3.3. Personal Data When Using the GATAlife App
3.3.1. Required Information for Creating a Personalized User Account
To use the App, the user must create an account and provide: email address and password. These data are used to identify the user and enable communication between the Provider and the user. Account credentials cannot be viewed by other users.
These data are processed on the basis of the user’s consent pursuant to Article 6(1)(a) GDPR and, where necessary for the performance of the contract, Article 6(1)(b) GDPR.
3.3.2. Optional Profile Information
In addition to mandatory account data, the user may optionally provide a first name and last name. These are used solely to personalize the in-app experience. Providing this information is voluntary and has no impact on App functionality.
These data are processed on the basis of the user’s consent pursuant to Article 6(1)(a) GDPR.
3.3.3. Sign in with Apple / Continue with Apple
The user may create a GATAlife account through their Apple account. When signing in with Apple ID, the user’s personal email address may either be shared with GATAlife or remain hidden via Apple’s email relay service. “Continue with Apple” uses two-factor authentication. No additional password is required. Further information: https://support.apple.com/HT210425
3.3.4. Sign in with Google / Continue with Google
The user may create a GATAlife account through their Google account. In this case, GATAlife collects the user’s email address and, optionally, first name, last name, and profile picture from the Google account. The user may configure this transfer in their Google privacy settings. Further information: https://support.google.com/accounts/answer/2541991
3.3.5. Use Without a Personalized User Account
An existing anonymous user account may be converted into a personalized account at any time by adding an email address and password. An anonymous account cannot be linked to a specific user. If the mobile device is lost, GATAlife will not be able to restore an anonymous account.
3.3.6. Food and Meal Logging
The core function of GATAlife is to help users track their nutrition. When using the food diary, users may enter the foods and meals they consume. Users may log meals by:
Text entry: Typing the name of a food or meal.
Photo upload (optional): Taking or uploading a photo of food. GATAlife uses automated image recognition (currently provided by OpenAI, Inc., 3180 18th Street, San Francisco, CA 94110, USA) to identify the food depicted and suggest nutritional estimates. The food photo is stored as part of the user’s diary. The automated analysis assists the user in logging meals more conveniently and does not constitute a medical assessment. The AI provider used for food recognition may change in the future; any such change will be reflected in this policy and in the sub-processor table in Section 4. Users may correct or override any suggested entry.
Barcode Scanning and Product Database Lookup (optional): When you scan a food product barcode, GATAlife sends the barcode number (EAN/UPC) to the Open Food Facts public database (openfoodfacts.org) to retrieve product information such as ingredients and nutritional values. The barcode number is a public product identifier and does not contain or constitute personal data. GATAlife does not transmit any user identifiers, account information, or personal data to Open Food Facts in connection with this request. Open Food Facts is a non-profit open database operated under its own privacy policy available at openfoodfacts.org. Nutritional information retrieved from Open Food Facts may subsequently be processed by OpenAI as described in Section 3.3.6.
Voice input (optional): Users may speak to describe a food or meal. The App converts speech to text using speech-to-text processing (currently provided by OpenAI, Inc., 3180 18th Street, San Francisco, CA 94110, USA) to identify the food and suggest nutritional estimates. Audio recordings are not stored by GATAlife. Only the resulting text transcript is saved as part of the meal log entry. The audio is discarded immediately after transcription.
Food and meal data are processed on the basis of the performance of the contract with the user pursuant to Article 6(1)(b) GDPR, as this data is the primary input required to provide the nutrition-tracking service.
Automated processing disclosure: The AI-based food photo recognition feature involves automated analysis of food photos to identify food items and estimate nutritional content. This is used to suggest meal entries for the user’s convenience. The user retains full control to accept, edit, or reject any suggestion. This processing does not produce legal effects or decisions that significantly affect the user.
3.3.7. Energy and Wellbeing Feelings
Users may optionally log their subjective energy level or sense of wellbeing (for example, via a simple scale or emoji selector) to track how their food choices and daily habits affect how they feel. This is lifestyle data entered voluntarily by the user.
These data are processed on the basis of the user’s consent pursuant to Article 6(1)(a) GDPR. Users may delete this data at any time from within the App.
3.3.8. Data Automatically Recorded by GATAlife
When the App is installed, the following data are recorded once:
installation date
registration date
operating system of the device used (Android / iOS)
device model
country and language (locale settings)
These data are recorded in order to improve and personalize our services and are processed on the basis of GATAlife’s legitimate interests pursuant to Article 6(1)(f) GDPR.
3.3.9. Data Recorded When Using the App
When using the App, GATAlife additionally records:
current IP address
app version used
current time zone
These data are processed on the basis of GATAlife’s legitimate interests pursuant to Article 6(1)(f) GDPR.
3.3.10. Subscription and Payment
GATAlife offers subscription plans (weekly, monthly, and annual) that unlock premium features. If the user chooses to subscribe and clicks the purchase button in the App, they will be redirected to the Apple App Store or Google Play Store, depending on the operating system used.
Payment data are collected directly by the relevant app store and not by GATAlife. GATAlife receives from the app store: the subscription type, start date, end date, and, where applicable, the date and reason for cancellation. GATAlife does not receive or store the user’s payment card details.
The privacy policies of the app stores are available here:
Where a subscription is purchased through the GATAlife Website, payment is processed by Stripe (Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland). GATAlife transmits to Stripe only the data necessary to complete the transaction (name, email, subscription details) pursuant to Article 6(1)(b) GDPR. GATAlife does not store full payment card numbers. Further information: https://stripe.com/legal
4. Disclosure of Data to Third Parties and Sub-Processors
GATAlife only shares personal data with third parties where there is an appropriate legal basis. The following table lists GATAlife’s main data processors and sub-processors.
Where data are processed outside the European Economic Area (EEA), this occurs only where the requirements of Articles 44 et seq. GDPR are satisfied. For transfers to the United States, GATAlife relies on the EU–U.S. Data Privacy Framework (DPF) where the recipient is DPF-certified, and on Standard Contractual Clauses as a supplementary or alternative mechanism. Further information: https://www.dataprivacyframework.gov/
| Processor | Country | Purpose | Transfer Mechanism |
| Stripe Payments Europe Ltd | Ireland (EU) | Web payment processing | N/A (EEA) |
| Apple Inc. | USA | Sign in with Apple; App Store payments; Apple Search Ads; ATT framework | EU-U.S. DPF / SCCs |
| Google Ireland Limited | Ireland (EU) | Sign in with Google; Google Analytics; Firebase; Google Ads; Google Tag Manager | N/A (EEA) |
| Google LLC | USA | Analytics data storage; Firebase backend infrastructure | EU-U.S. DPF / SCCs |
| OpenAI, Inc. | USA | Automated food photo recognition and nutritional analysis | EU-U.S. DPF / SCCs |
| Intercom, Inc. (planned) | USA | Customer support ticketing | EU-U.S. DPF / SCCs |
| Supabase, Inc. | USA | Analytics data storage | EU-U.S. DPF / SCCs |
| Singular Labs, Inc. | USA | Unified marketing data, intelligent insights, and automation services. | EU-U.S. DPF / SCCs |
| Adapty Tech Inc. | USA | Marketing data and insights, payment processing data analysis. | EU-U.S. DPF / SCCs |
| Open Food Facts (French "Loi 1901" Association). | France (EU) | Food product lookup by barcode | EU-U.S. DPF / SCCs |
GATAlife has entered into Data Processing Agreements (DPAs) with each of the above processors pursuant to Article 28(3) GDPR. Users may request further information about the transfer mechanisms applicable to specific processors by contacting privacy@gatalife.com.
5. Contact and Customer Support
GATAlife processes user inquiries submitted via email at help@gatalife.com. GATAlife plans to introduce a dedicated customer support platform (Intercom) in the future; this policy will be updated when that platform is activated.
Personal data provided in the context of a support inquiry (name, email address, device type, subscription status, description of the issue) are used exclusively to respond to the request. The support team may access data stored in the user’s account solely to the extent necessary to resolve the inquiry.
These data are not disclosed to third parties except where necessary to provide the requested support, and will be deleted 12 months after the inquiry is resolved, unless a longer retention period is required by applicable law.
Data processing is carried out on the basis of the user’s consent pursuant to Article 6(1)(a) GDPR and, where applicable, under a data processing agreement pursuant to Article 28(3) GDPR.
6. Newsletter and Mailings
GATAlife may inform users by email about nutrition-related trends, recipes, and other relevant offers, insights, and well-being tips. Registration is voluntary and is carried out using a double opt-in process. After registration, the user receives a confirmation email to verify the subscription.
The email communications are sent on the basis of the user’s consent pursuant to Article 6(1)(a) GDPR. The recording of the consent event is carried out on the basis of GATAlife’s legitimate interests pursuant to Article 6(1)(f) GDPR.
The user may withdraw consent to receive such emails at any time by:
Sending an email to help@gatalife.com
Clicking the unsubscribe link at the end of each newsletter.
Following unsubscribe, GATAlife will retain only a pseudonymized record of the prior subscription and consent for up to two (2) years, solely for the purpose of demonstrating that valid consent was previously given and to defend against related legal claims.
7. Use by Children
GATAlife’s services are not directed at persons under the age of 16 and are not intended for use by children. The App is rated 16+ in the Apple App Store and Google Play Store.
At the point of account registration, users are required to confirm that they are 16 years of age or older. If a user indicates that they are below 16, account creation is not permitted. GATAlife does not knowingly collect personal data from users below this age without verifiable parental consent in accordance with Article 8 GDPR.
If GATAlife becomes aware that personal data relating to a user below the minimum age have been collected without parental consent, GATAlife will promptly take steps to delete such data. Parents or guardians who believe that their child has submitted personal data should contact GATAlife at: help@gatalife.com
For users in the United States: GATAlife’s services are not directed at children under 13. GATAlife does not knowingly collect personal information from children under 13. If GATAlife learns that it has inadvertently collected personal information from a child under 13, it will delete that information promptly in accordance with the Children’s Online Privacy Protection Act (COPPA).
8. Cookie Consent and Tracking Preferences
GATAlife obtains and records user consent for non-essential cookies and tracking technologies before any such processing begins — both on the Website and within the App.
Website: When you first visit https://gatalife.com, a cookie consent banner will allow you to accept, reject, or customize your consent for non-essential cookie categories (functional, analytics, and advertising cookies). Your preferences are saved and respected on subsequent visits.
App (iOS and Android): When you first use the App, a consent screen is presented before any analytics or advertising tracking begins. On iOS devices running iOS 14.5 or later, GATAlife will additionally request your permission via Apple’s App Tracking Transparency (ATT) framework before tracking your activity across other companies’ apps and websites.
ATT on iOS: When you first open the GATAlife App on a supported iOS device, you will receive an ATT prompt. If you grant permission, GATAlife may use your data to deliver personalized advertisements through third-party advertising services (such as Google Ads). If you deny permission, GATAlife will not track your activity across other companies’ apps and websites, and advertising features will be limited to non-personalized ads. You may change your ATT preference at any time in: Settings → Privacy & Security → Tracking → GATAlife.
Updating your preferences: You may update your consent choices at any time via:
Website: “Cookie Settings” link in the Website footer (planned)
9. Use of Tools for Web Analytics, Remarketing, and Retargeting
All analytics and advertising tools described in this section are activated only upon the user’s prior, informed, and granular consent (see Section 8).
9.1. Google Tag Manager / Google Analytics / Firebase
GATAlife uses Google Tag Manager on the Website (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) to manage and deploy analytics and tracking tools. Google Tag Manager itself does not create user profiles or store cookies independently.
GATAlife uses Google Analytics on the Website and Firebase / Google Analytics for Firebase in the App to analyze usage and improve features. GATAlife has enabled IP anonymization. Data may be transmitted to Google servers in the United States on the basis of the EU–U.S. Data Privacy Framework and Standard Contractual Clauses. Data retention in Google Analytics is configured to the GA4 default (2 months for user-level and event-level data).
Users may opt out of interest-based advertising from Google: http://www.google.com/ads/preferences
Google’s Privacy Policy: https://www.google.com/policies/privacy
9.2. Google Ads Remarketing / Conversion Tracking
GATAlife uses Google Ads Remarketing on the Website and in the App (Google Ireland Ltd., Dublin 4, Ireland) to show relevant advertisements to users who have previously visited the Website or used the App. In connection with Google Ads, GATAlife uses conversion tracking cookies (valid for 30 days) that are not used to personally identify individual users and produce only aggregated conversion statistics.
Users who wish to opt out of conversion tracking may use the browser opt-out plugin: https://tools.google.com/dlpage/gaoptout
9.3. Apple Search Ads
GATAlife uses Apple Search Ads in the App (Apple Inc., One Infinite Loop, 95014 Cupertino, USA) so that the GATAlife App may appear as a top result in the App Store. Users may restrict Apple’s use of their data for advertising in iPhone Settings. More information: https://searchads.apple.com/privacy
10. Data Retention Periods
GATAlife retains personal data only for as long as necessary for the purposes for which it was collected, and in compliance with applicable legal retention obligations.
| Data Category | Retention Period | Legal Basis |
| Account credentials (email, password hash) | Duration of account + 30 days post-deletion | Contract / Consent |
| Optional profile data (name) | Duration of account + 30 days post-deletion | Consent |
| Food and meal diary entries | Duration of account + 30 days post-deletion | Contract performance |
| Food photos | Duration of account + 30 days (or until user deletes manually) | Contract performance |
| Voice transcripts (text only; audio not stored) | Duration of account + 30 days post-deletion | Contract performance |
| Energy / wellbeing log entries | Duration of account + 30 days post-deletion | Consent |
| Subscription and payment records | 7 years from transaction date | Legal obligation (accounting / tax law) |
| Website server log files | 7 days | Legitimate interests |
| Customer support inquiry records | 12 months from resolution | Consent / Legitimate interests |
| Newsletter consent records | 2 years from unsubscribe (pseudonymized) | Legitimate interests |
| Analytics data (Firebase / Google Analytics) | 2 months (GA4 default) | Consent |
| App installation and technical data | Duration of account + 30 days | Legitimate interests |
| Cookie consent records | 3 years from consent event | Legal obligation (proof of consent) |
Where data must be retained longer to comply with a legal obligation, the data will be restricted for other purposes until the legal retention period expires.
11. Deletion of User Data
Users may delete their GATAlife account at any time via App Settings → Profile → Delete Account or by contacting help@gatalife.com. Upon account deletion, the following data will be permanently and irreversibly deleted within 30 days:
email address and account credentials
first name and last name (if provided)
all food diary entries, meal logs, and food photos
voice transcript entries
energy and wellbeing log entries
links to third-party sign-in providers (Apple ID, Google account)
Payment transaction records are retained for 7 years as required by accounting and tax law but are not used for any other purpose after account deletion.
12. Resetting User Account Settings
The user may reset their account settings. In that case, a new account is transparently created and the user’s settings (email address, password, and preferences) are copied to the new account. Personal identifiers previously associated with the original account — including email address, name, and any linked third-party IDs — will be removed from the original account.
13. User Rights
The user has the following rights under the GDPR. These rights may be exercised by:
Email: privacy@gatalife.com
Post: GATALIFE LTD, Arch. Makariou III, 240, P. LORDOS CENTER, BLOCK B, Office 206, Limassol, Cyprus
GATAlife will respond to all rights requests within one (1) month of receipt. In cases of complexity or high volume, this period may be extended by a further two months; GATAlife will inform the user of any such extension within the initial one-month period. GATAlife may request verification of your identity before processing a request.
13.1. Right of Access (Article 15 GDPR)
The user has the right to obtain, free of charge, information about the personal data stored by GATAlife, including the origin of the data, recipients, purposes of processing, storage period, and a copy of the personal data undergoing processing.
13.2. Right to Rectification (Article 16 GDPR)
The user has the right to request the prompt correction of inaccurate personal data and the completion of incomplete personal data.
13.3. Right to Withdraw Consent (Article 7(3) GDPR)
The user has the right to withdraw any consent at any time with effect for the future, without providing reasons. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
13.4. Right to Erasure (Article 17 GDPR)
Subject to the conditions of Article 17 GDPR, the user may request the deletion of personal data. This right applies in particular where GATAlife no longer needs the data for the purposes for which they were collected, or where the user withdraws consent and there is no other legal basis for processing.
13.5. Right to Restriction of Processing (Article 18 GDPR)
Subject to the conditions of Article 18 GDPR, the user may request restriction of the processing of personal data.
13.6. Right to Data Portability (Article 20 GDPR)
The user has the right to receive the personal data they have provided in a structured, commonly used, and machine-readable format, or to transmit those data to another controller, where processing is based on consent or contract and carried out by automated means.
13.7. Right to Object (Article 21 GDPR)
The user has the right to object at any time to processing of personal data where such processing is based on Article 6(1)(f) GDPR (legitimate interests). GATAlife will no longer process the personal data unless there are compelling legitimate grounds that override the user’s interests, rights, and freedoms, or unless processing serves the establishment, exercise, or defense of legal claims.
Where personal data are processed for direct marketing purposes, the user has the right to object at any time, including to profiling insofar as it relates to direct marketing.
13.8. Right Not to Be Subject to Automated Decision-Making (Article 22 GDPR)
The user has the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects them. The AI-based food photo analysis described in Section 3.3.6 involves automated processing to suggest meal entries but does not produce legal effects or decisions that significantly affect the user. Users may correct or override any automated suggestion at any time.
13.9. Right to Lodge a Complaint (Article 77 GDPR)
The user has the right to lodge a complaint with a competent supervisory authority. GATAlife’s lead supervisory authority is:
Office of the Commissioner for Personal Data Protection of the Republic of Cyprus
1 Iasonos Street, 1082 Nicosia, Cyprus
Tel: +357 22 818 456
Website: https://www.dataprotection.gov.cy/
14. California Privacy Rights (CCPA / CPRA)
This section applies to residents of the State of California and supplements the other sections of this Privacy Policy, pursuant to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
14.1. Categories of Personal Information Collected
In the preceding 12 months, GATAlife has collected the following categories of personal information from California residents:
| CCPA Category | Examples | Collected |
| Identifiers | Email address, account ID, IP address, device ID | Yes |
| Personal information (Cal. Civ. Code §1798.80) | Name (optional) | Yes |
| Commercial information | Subscription type, purchase history | Yes |
| Internet / electronic network activity | App usage data, pages visited, clickstream | Yes |
| Audio / visual information | Food photos (optional); voice transcripts (audio not stored) | Yes |
| Inferences | Usage patterns inferred from food diary for personalization | Yes |
| Sensitive personal information | Account credentials (email + password) | Yes |
14.2. Purposes for Collection
GATAlife collects the personal information listed above for the following business purposes: providing and improving the App; personalizing nutrition recommendations; processing payments; communicating with users; analytics and product development; legal compliance; and fraud prevention.
14.3. Sharing for Cross-Context Behavioral Advertising
GATAlife uses Google Ads Remarketing, which involves sharing certain identifiers (such as cookies and device identifiers) with Google for the purpose of serving personalized advertisements to users across other apps and websites. Under the CPRA, this constitutes “sharing” personal information for cross-context behavioral advertising purposes.
You have the right to opt out of this sharing at any time. To exercise your opt-out right:
iOS: Deny App Tracking Transparency (ATT) permission when prompted, or at Settings → Privacy & Security → Tracking → GATAlife
Email: Send a request to privacy@gatalife.com with the subject line “CCPA Opt-Out — Do Not Share My Personal Information”
GATAlife does not sell personal information for monetary consideration.
14.4. Your California Privacy Rights
Right to Know: You may request disclosure of the categories of personal information collected about you, the sources, the business purposes, the categories of third parties to whom information is disclosed, and the specific pieces of personal information held about you.
Right to Delete: You may request that GATAlife delete personal information collected from you, subject to certain exceptions.
Right to Correct: You may request that GATAlife correct inaccurate personal information it maintains about you.
Right to Limit Use of Sensitive Personal Information: You may direct GATAlife to limit the use of your sensitive personal information to the purposes strictly necessary to provide the requested services. Contact privacy@gatalife.com.
Right to Non-Discrimination: GATAlife will not discriminate against you for exercising any of your California privacy rights.
14.5. How to Submit a Request
To exercise any of the rights above, submit a verifiable consumer request to:
Email: privacy@gatalife.com (subject line: “California Privacy Rights Request”)
GATAlife will respond to verifiable consumer requests within 45 days of receipt. If more time is required, GATAlife will notify you within the 45-day period and may extend by an additional 45 days.
15. Planned Future Features
GATAlife intends to expand the App with additional features. This section describes planned data processing activities that are not yet active. When these features are introduced, this Privacy Policy will be updated, users will be notified in advance, and — where required — fresh consent will be obtained before any new data processing begins.
15.1. Health Metrics (Planned)
GATAlife plans to allow users to optionally log the following body- and health-related data:
age / date of birth
sex
height
diet type (for example, veganism)
goal (for example, weight loss)
activity level
logged activities
calorie intake and activity calories
steps
starting weight, weight development, and target weight
blood pressure
fasting details (for example, number of fasting hours)
water intake
Important: Several of these data types — including blood pressure and detailed body measurements — may constitute special category personal data under Article 9(1) GDPR. Before activating these features, GATAlife will: (a) update this Privacy Policy; (b) implement a dedicated explicit consent mechanism under Article 9(2)(a) GDPR, separate from general account registration; (c) assess whether a Data Protection Officer appointment is required pursuant to Article 37 GDPR; and (d) notify existing users and obtain their explicit consent before processing any such data.
15.2. Wearable Device Integrations (Planned)
GATAlife plans to offer optional integrations with the following health platforms. These integrations are not currently active.
Google Fit (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland): When activated, GATAlife may receive activity data, steps, and workout information from Google Fit. GATAlife will comply with the Google API Services User Data Policy, including the Limited Use requirements.
Apple Health / HealthKit (Apple Inc., One Infinite Loop, 95014 Cupertino, USA): When activated, GATAlife may read and write activity data, steps, workouts, and physical measurements from Apple Health. GATAlife will comply with Apple’s HealthKit API Terms, including the requirement that HealthKit data is not used for advertising, marketing, or user-based data mining. Users will be able to revoke access at any time in the iOS Privacy settings.
When these integrations are activated, this Privacy Policy will be updated to describe the specific data flows, transfer mechanisms, and legal bases in full detail.
16. Version and Updates of This Privacy Policy
This Privacy Policy is effective as of May 7, 2026. The current version is always available at: https://gatalife.com/policy
Where changes to this Privacy Policy are material, GATAlife will notify users in advance — by in-app notification or email — and will obtain fresh consent where required by applicable law.
© 2026 GATA AI. All rights reserved.