Privacy Policy
Last updated: May 12, 2026
We are Rio, made by Anastasiia Kirzhanova, a sole proprietor (Einzelunternehmerin) operating under the business name Soba Apps in Berlin, Germany.
This Privacy Policy explains what we do with your personal information when you use the Rio mobile app or visit riofoodplan.com.
If you don't agree with how we handle your data, please don't use Rio.
Questions? Write to us at hello@riofoodplan.com.
The short version
What we collect:
Your email, your quiz answers and food settings (which include information about your health), your personal notes, and basic device information. The website also uses Google Analytics.
Your health information:
When you take the quiz, you tell us about your symptoms and food reactions. This is sensitive data, so we ask for your specific permission before we use it. That is what the consent checkbox at sign-up is for.
Where your data is stored:
On servers in the European Union.
Who we share it with:
Only the service providers that help us run Rio. No advertisers. No data brokers. We don't sell your information and we don't use it to train AI.
Your rights:
You can see, change, export, or delete your data at any time. Email us at hello@riofoodplan.com.
Who can use Rio:
Anyone 16 or older.
Where Rio is available:
Globally. The rest of this policy describes the specific rights you have depending on where you live.
1. What we collect
What you give us
To create your account:
- Your email address (when you sign up with email and password)
- A user ID from Apple or Google (when you use Sign in with Apple or Sign in with Google; we don't see your password)
When you use Rio:
- Your quiz answers about symptoms, food reactions, and environmental triggers
- Your food intolerance settings (which chemicals affect you and how strictly)
- Foods you mark as "always avoid"
- Any overrides on specific foods (moving a food to red, yellow, or green)
- Personal notes you write about foods
All of this is stored in your Rio account on servers in the European Union, so it stays available when you sign in on a new device. Only you can see it inside the app, and you can delete all of it from Profile → Delete account at any time.
When you contact us:
- Whatever you write in emails to hello@riofoodplan.com
What we collect automatically
In the mobile app: device type, operating system, app version, IP address (for security and approximate location), crash reports, and which features you use (to improve Rio).
On riofoodplan.com: standard web log data (IP, browser, referrer, pages viewed) and Google Analytics data (see section 9, including how to opt out).
What we don't collect
Precise location, biometric data (Face ID and Touch ID stay on your phone), contacts, photos, microphone, or other phone data. We don't buy information about you from data brokers, and we don't read your social media activity.
2. Your health information: why we ask permission
Your quiz answers, food tolerance settings, and personal notes are about your body and how it reacts to food. Under European law (GDPR Article 9), this is "special category data". Similar rules exist elsewhere: Washington's My Health My Data Act, California's "sensitive personal information" rules, Canada's PIPEDA, and Brazil's LGPD.
This kind of data deserves extra care, so we ask for your specific permission before we collect any of it. You give us that permission by:
- Ticking the "I consent to Rio using my health-related answers" checkbox when you sign up
- Accepting these terms when you create your account
What we use this data for:
Building your personal food list and recommendations inside Rio.
What we never do with it:
- Use it for advertising or marketing
- Share it with third parties for commercial purposes
- Sell it to data brokers
- Use it to train any AI model
- Share it with insurance companies, employers, or anyone who might use it against you
You can withdraw your permission at any time by deleting your account in the app or by emailing us. Anything we did before you withdrew stays legal, but no new processing happens.
3. How we use your data
We use your data to run Rio (sign-in, food list, settings, sync), improve Rio (fix bugs, understand usage), send important account messages, respond to your questions, keep Rio secure, and comply with the law.
We collect only what we need for these purposes.
4. How Rio generates your recommendations
Rio uses your quiz answers and tolerance settings to build a colour-coded food list. In privacy law, this is called "profiling".
- You stay in control. You can change any setting at any time.
- It is not a high-stakes decision. Rio does not determine your insurance, your job, or your access to healthcare. It is educational guidance about food.
- You can always override. Disagree with a suggestion? Change it in the app or email us.
If you live somewhere with specific rights about automated decisions (EU, UK, several US states), you can ask us how Rio's logic applies to you.
5. Why we are allowed to use your data (EU and UK legal basis)
European privacy law (GDPR) requires us to tell you the specific reason we are allowed to process your data:
- Your explicit consent (Article 9(2)(a)) for everything related to your health
- Performing our agreement with you (Article 6(1)(b)) for account creation and providing Rio's core features
- Our legitimate business interest (Article 6(1)(f)) for security, fraud prevention, and basic analytics
- Legal obligations (Article 6(1)(c)) when the law requires us to keep or share something
You can withdraw your consent or object to legitimate-interest processing at any time.
6. Who we share your data with
We share your data only with service providers that help us run Rio. They work for us under contract and cannot use your data for their own purposes. Categories include:
- Cloud hosting and database providers, located in the European Union
- Authentication providers (Apple and Google) when you use Sign in with Apple or Sign in with Google
- Website analytics providers for riofoodplan.com only (currently Google Analytics)
- App analytics providers for the mobile app (currently PostHog, hosted in the European Union) — to understand which features are used and improve Rio. They process only non-health usage events under a data processing agreement and never receive your quiz answers, tolerance settings, or notes.
- Crash and error diagnostics providers (currently Sentry, hosted in the European Union) — to detect and fix crashes and errors. They receive only technical diagnostics (stack traces, device and app version), never your email, quiz answers, tolerance settings, or notes.
- App distribution (Apple App Store)
These providers may change over time as we improve Rio. We will keep using only providers that meet GDPR and equivalent data protection requirements.
We never share your data with:
Advertisers, ad networks, data brokers, marketing platforms, social networks, companies that train AI models, insurance companies, employers, or healthcare providers.
We may share information if the law requires us to (for example, a valid court order) or if Rio is acquired by another company. In that case, we will notify you first and your rights will carry over.
7. Where your data is stored and international transfers
Your data is stored on servers in the European Union.
If you use Rio from outside the European Economic Area (EEA), your data is transferred to and processed in the EU. By using Rio, you consent to this transfer.
Some providers (such as Apple and Google) operate globally. When data moves outside the EU, it is protected by Standard Contractual Clauses approved by the European Commission, plus the EU-US Data Privacy Framework where it applies.
Your health data does not leave the EU/EEA.
8. How long we keep your data
- While your account is active: as long as you have an account
- After account deletion: removed from active systems within 30 days
- Backups: may retain data for up to 90 days before being permanently erased
- Tax and legal records: kept longer when required by law (typically up to 7 years for tax records under German law)
You can delete your account at any time.
9. Cookies, analytics, and tracking
In the Rio mobile app:
No web cookies, no advertising SDKs, no cross-app tracking, no use of Apple's advertising identifier (IDFA).
We use privacy-friendly product analytics (currently PostHog, hosted in the EU) to understand in-app usage and improve Rio. It records only non-health events, never your quiz answers, settings, or notes, and does not use advertising identifiers or track you across other apps. You can turn this off at any time in Profile → Account → Let Rio learn from how you use it.
We also use a crash-reporting tool (currently Sentry, EU-hosted) that records technical diagnostics when the app crashes — stack traces and device info only, never your personal or health data.
You can turn this off at any time in Profile → Account → "Let Rio learn from how you use it". When the switch is off, no analytics events are sent from your device. This does not affect the data we store on your behalf to run your account (see section 1).
On riofoodplan.com:
Essential cookies (to keep the site working) and Google Analytics (to understand how visitors use the site). Analytics data is aggregated and not used to identify you personally.
You can opt out of Google Analytics through the Google Analytics Opt-Out Browser Add-on (tools.google.com/dlpage/gaoptout), through your browser's privacy settings, or by enabling Do-Not-Track. We may add a cookie consent banner on the website; until then, by using the site you accept these cookies.
10. Sign in with Apple and Sign in with Google
When you use Sign in with Apple or Google, they send us only what we need to create your account: a unique sign-in identifier and your email (or a relay email if you choose Apple's "Hide My Email").
We never see your password. We never see your activity on Apple or Google. Their privacy policies cover that side: apple.com/legal/privacy and policies.google.com/privacy.
If you use Face ID or Touch ID to unlock the app, that happens entirely on your phone. We never receive your biometric data.
11. Children
Rio is for users 16 and older. If we discover we have collected data from someone under 16, we will deactivate the account and delete the data. In the United States, we also comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect data from children under 13.
If you believe we have collected data from a child, email hello@riofoodplan.com.
12. How we keep your data safe
We use industry-standard security measures, including encryption in transit and at rest, access controls, and audit logging.
No system is 100% secure. If a data breach puts your personal data at risk, we will notify the data protection authority (in Germany: Berliner Beauftragte für Datenschutz) within 72 hours, as required by GDPR Article 33, and notify you directly without delay if the breach is likely to seriously affect you (Article 34). Equivalent rules apply in other jurisdictions where they exist.
13. How to delete your account or make a privacy request
Inside the Rio app:
- Edit your account: Profile, Settings
- Adjust your health settings: Settings, Your food tolerance / Food exclusions
- Delete your account: Profile, Settings, Delete account (your data leaves our active systems within 30 days)
By email:
Send a request to hello@riofoodplan.com. We will acknowledge within 5 business days and respond fully within 30 days (45 days for some US states). We may need to verify your identity.
You may also use an authorised agent to act on your behalf (we will ask for proof). If we decline a request, you can appeal by emailing us, and if we decline the appeal too, you can contact your local data protection authority.
14. If you are in the EU, UK, or Switzerland
Under European privacy law (GDPR, UK GDPR, and Switzerland's FADP), you have the right to access your data, correct mistakes, delete it ("right to be forgotten"), limit how we use it, object to processing based on legitimate interest, withdraw consent at any time, receive a portable copy, object to automated decisions with legal or major effects on you, and complain to your data protection authority.
To exercise these rights, email hello@riofoodplan.com with "GDPR Request" in the subject. We will respond within 30 days.
15. If you are in the United States
Rio is available throughout the United States. Your rights depend on your state.
California (CCPA / CPRA)
In the past 12 months we have collected: identifiers (email, IP, account ID), names (if you provide one), sensitive personal information (your health data from the quiz), internet activity (app usage, website analytics), and approximate geolocation from IP.
We collect this from you directly, automatically as you use the app and website, and from Apple or Google for sign-in. We use it to run Rio, keep it secure, and comply with the law.
We do not sell or share your personal information for cross-context behavioural advertising as defined by California law, and we have not done so in the past 12 months.
Your California rights include: knowing what we collect and why, accessing specific pieces of your information, deletion, correction, limiting our use of sensitive personal information (we already limit health data use to running Rio's core service), opting out of sale or sharing (automatic, since we don't), and non-discrimination for exercising your rights.
California "Shine the Light": once a year, California residents may request information about disclosures of personal information to third parties for direct marketing. We do not make such disclosures.
Email hello@riofoodplan.com with "California Request" to exercise these rights.
Washington (My Health My Data Act)
Washington residents have additional rights under the My Health My Data Act (MHMDA) over their consumer health data (your quiz answers, symptoms, food intolerance information, and notes in Rio): to confirm whether we are collecting, sharing, or selling it; to access it and learn which third parties have received it; to withdraw consent; and to delete it (including from our backups).
What we want you to know: we obtain your explicit consent before collecting your consumer health data (the checkbox at sign-up), we never sell it, we never share it with third parties for advertising or marketing, and we do not use geofencing technology around healthcare facilities.
Email hello@riofoodplan.com with "Washington Request" to exercise these rights.
Other US states
If you live in another US state with a comprehensive privacy law (such as Colorado, Connecticut, Texas, Virginia, and others), you may have similar rights: access, correction, deletion, portability, opting out of targeted advertising or sale (we don't do either), and limiting use of sensitive data. Email hello@riofoodplan.com to exercise these rights.
16. If you are in Canada, Australia, New Zealand, Brazil, or elsewhere
You still have the rights described in this Privacy Policy. Local laws may give you additional rights, including under Canada's PIPEDA and Quebec's Law 25, Australia's Privacy Act 1988, New Zealand's Privacy Act 2020, and Brazil's LGPD.
To exercise these rights, email hello@riofoodplan.com.
17. Do Not Track
Some browsers and operating systems have a "Do Not Track" setting. There is no agreed standard for how apps should respond. The Rio mobile app does not track you across sites, so this setting does not apply. The riofoodplan.com website respects Do-Not-Track signals where technically feasible, and you can opt out of Google Analytics as described in section 9.
18. Changes to this policy
We may update this policy from time to time. The updated version will have a new "Last updated" date at the top. For material changes, we will notify you in the app or by email at least 30 days before they take effect. Continued use of Rio after that means you accept the updated policy.
19. Contact us
Questions about this policy or your data?
Anastasiia Kirzhanova
operating as Soba Apps
Am Kutscherhaus 6
12555 Berlin
Germany
Email: hello@riofoodplan.com
We aim to respond within 10 business days, and at most within 30 days (45 in some US states).