Privacy Policy
2eat Privacy Policy
Last updated: September 18, 2025
This Privacy Policy describes how the 2eat app collects, uses, stores, shares, and protects user information, in accordance with Brazil’s General Data Protection Law (LGPD – Law No. 13.709/2018) and industry best practices. By using 2eat, you agree to the terms of this Policy. If you have any questions, please contact our Data Protection Officer (DPO) via the email provided at the end of this document.
1. Data Collection
Personal Data Provided by the User:
When registering and using 2eat, we collect personal data you provide, such as (but not limited to) name, email, phone number, date of birth, and profile information. As a food, leisure, and wellness app, we may also collect data such as weight, height, fitness or nutritional goals, dietary preferences, and other health or wellness-related information you choose to provide. These may be considered sensitive data (e.g., health data) and will only be collected and processed with your explicit consent, as required by law.
Automatically Collected Data:
When you use 2eat, we may automatically collect technical and usage data to enable the full app experience. This includes (but is not limited to): IP address, device identifiers (e.g., device ID or UUID), browser or OS type and version, mobile carrier, language settings, and logs of app usage (pages/screens visited, time spent, clicks, and actions taken).
We may also collect approximate or precise geolocation data, if authorized by you, to enable location-based features (e.g., nearby venue suggestions). Additionally, we use cookies and similar technologies in 2eat’s web interfaces to recognize users and collect browsing information such as visited pages and clicked links, to personalize your experience and ensure platform security. App activity logs are also generated for auditing and troubleshooting.
Third-Party Integrations (Social Networks and Connected Devices):
2eat may now or in the future offer integration with third-party services, including:
Social Networks: Sign-up/login via third-party accounts (e.g., Google, Facebook, or Apple). In these cases, 2eat may access basic profile info (such as name, email, and photo) according to the permissions you grant.
Connected Health Devices and Apps: Integration with wearables and fitness/nutrition apps like Apple Health, Google Fit, Strava, or smart devices. With your permission, 2eat may import data (e.g., step count, heart rate, calories burned, exercise logs) to create insights and personalized suggestions. We may also sync basic data back to these services if authorized.
Any such integration will be communicated, and your permission requested before data is accessed or shared.
Data from Minors:
As detailed later, 2eat does not intentionally collect data from children without parental or guardian consent. Age confirmation is required at sign-up. If we become aware of improperly collected data from minors, we will delete it.
2. Purpose and Use of Data
Data collected by 2eat is used for various legitimate purposes, always under appropriate legal bases (e.g., contractual necessity, consent, or legitimate interest), to provide an efficient, personalized, and secure service.
Key purposes include:
Personalized Experience: We use data (profile, history, preferences, etc.) to offer customized suggestions, recipes, activities, and content. For instance, health data and goals help 2eat suggest appropriate meal or activity plans.
App Functionality: We process data to enable services like account registration/login, meal logging, activity suggestions, personal statistics (e.g., weight progress, calories in/out), reminders, notifications, and other 2eat features.
Essential Communications: We may use your email, phone, or app notifications for important service messages (e.g., registration confirmation, password recovery, security alerts, terms/policy updates). These are non-promotional and necessary.
Customer Support: Contact information and inquiry content may be used to respond to support requests and resolve issues. This includes accessing usage logs when necessary.
Service Improvement and Research: Usage data and feedback help us understand how 2eat is used and improve it. We may conduct statistical analyses, monitor feature success, and create or improve features accordingly.
AI Training and Behavioral Analysis: We may use anonymized usage logs and interactions for machine learning and AI to improve our features, such as recommendation systems or support bots. Sensitive data is not used for unrelated purposes.
Marketing and Offers: With your consent, we may send marketing communications (e.g., emails, messages, push notifications) about new features, tips, partner offers, or promotions. You can opt out at any time.
Security and Fraud Prevention: Data is used to ensure platform and user security, including detection of suspicious activity, unauthorized access, or potential misuse.
Payments and Transactions: For paid features (e.g., premium subscriptions), provided payment data will be used only for processing. We do not store full card data; payments are handled by secure third parties.
Legal Compliance: We may process data to comply with legal obligations, such as responding to court orders, official investigations, or regulatory requirements.
If we intend to use your data for new purposes not covered here, we will update this Policy and seek your consent when needed. We do not sell your personal data. Any marketing is done in a controlled manner and respects your privacy preferences.
3. Data Storage and Security
Storage Environment: Data is stored on secure servers (either owned or contracted cloud providers), with strict access controls—only authorized, trained personnel may access data, and only as needed.
Data Protection in Transit and at Rest: We use encryption (e.g., HTTPS/TLS, encrypted databases), pseudonymization/anonimization, security audits, penetration tests, and constant monitoring to protect your data.
Retention Period: We keep your data only as long as needed to fulfill the purposes described or to comply with legal obligations. Upon account deletion, we remove or anonymize your data within X days unless retention is legally required.
Data Deletion on Request: You may request deletion of your data at any time. Once deleted, your data and history cannot be recovered. Backup removal may take a short additional time but will be isolated and protected.
Security Incidents: In case of a data breach, we will notify affected users and the Brazilian Data Protection Authority (ANPD) as required, explaining what happened, what we did, and how to mitigate risks.
International Data Transfers: If data is transferred or stored abroad (e.g., cloud servers in other countries), we apply appropriate safeguards per LGPD, including standard clauses or ensuring equivalent protection levels.
4. Data Sharing
We value your privacy and do not sell your data. We may share information with trusted third parties in the following circumstances:
Service Providers (Data Processors): Contracted companies that help operate the app (e.g., cloud hosting, push/email delivery, analytics, authentication providers, payment gateways). These parties only receive what’s necessary and are bound by confidentiality and data protection obligations.
Business Partners: With your consent, we may share limited data with partners in health, food, or fitness to offer complementary services (e.g., gym partnerships or nutritionist offers). This is done preferably in anonymized form. Sensitive data is never shared without explicit consent.
Social Media and Third-Party Platforms: If you log in or interact via third parties (e.g., Google Fit, Facebook), relevant data may be shared based on your action and consent. Content shared publicly is under your control.
Analytics and Advertising: We may share anonymized/aggregated data with analytics tools to understand app usage. If 2eat begins running ads, we may share technical identifiers (e.g., device ad ID), but never your name or contact details without authorization.
Business Transfers: In the event of mergers, acquisitions, or company restructuring, your data may be transferred to successor entities, with notice provided and privacy commitments upheld.
Legal Requirements and Protection of Rights: Data may be shared when legally required or to protect rights and safety, such as in response to court orders or fraud investigations. We will disclose only what is strictly necessary.
In all cases, we aim to preserve your privacy, using anonymization when possible and requiring third parties to uphold equivalent security and confidentiality standards.
5. User Rights
Under LGPD, you have the right to:
Confirmation of Processing: Know whether we process your personal data.
Access: Obtain a copy of your data and details of shared entities.
Correction: Correct inaccurate or outdated personal data.
Anonymization, Blocking, or Deletion: Request these actions for unnecessary or improperly processed data.
Consent Withdrawal and Deletion: Revoke consent and request deletion of data collected under it.
Portability: Request your data in a structured, interoperable format.
Objection: Object to certain data uses based on legitimate interest.
Automated Decision Review: Request human review of significant automated decisions (currently not in use at 2eat).
Information on Sharing: Request details about data sharing with third parties.
Marketing Preferences: Unsubscribe from marketing communications at any time.
You can exercise these rights through the app or by contacting our DPO at privacidade@2eat.com. We may request additional information to verify your identity before processing your request. In some cases, we may be legally required to retain certain data.
6. Policy for Minors
Under 13: We do not knowingly collect personal data from children under 13. If detected, the data will be deleted promptly.
Ages 13–17: Use is allowed only with parental/legal guardian consent and supervision. Some features may be restricted.
Age Verification: We may request birth date or proof of consent for compliance.
Parental Responsibility: Parents/guardians should guide minors in safe online behavior. Requests for review or deletion of a child’s data will be honored as required by law.
7. Cookies and Tracking Technologies
2eat uses cookies and similar technologies to enhance user experience, analyze performance, and support marketing.
Cookies: Small text files stored on your browser/device to remember you and your preferences. Used in the web version of 2eat for login persistence, language settings, personalization, security, and analytics.
Similar Technologies: Web beacons (pixel tags), SDKs, mobile ad identifiers (IDFA, GAID), and device fingerprinting. These help track usage, measure ad campaigns, or facilitate remarketing.
Purposes:
Authentication and functionality
User preference storage
Analytics (traffic, behavior)
Marketing (campaign performance, remarketing)
User Options:
Configure browser settings to block or alert about cookies
Adjust privacy settings on mobile devices
Revoke app permissions (e.g., location, integrations)
Disable image display in emails to block pixel tracking
Reset or limit mobile ad IDs
We only use third-party cookies from trusted partners. We do not currently respond to “Do Not Track” browser signals.
8. Updates and Contact
Policy Updates:
This Policy may be updated due to legal changes or new features. We will notify you of significant changes via email, in-app notices, or other channels. Continued use of 2eat implies acceptance of the revised Policy.
Contact Information:
2eat has a Data Protection Officer (DPO) responsible for compliance and handling requests:
DPO: Matheus Vasconcellos de Marchi Silva
Email: contato@2eat.com
Address: Rua José Margarido, 227, Santana, São Paulo
We will respond as promptly as possible, usually within 15 days.
Governing Law and Jurisdiction:
This Policy is governed by the laws of the Federative Republic of Brazil. Disputes shall preferably be resolved amicably. If not possible, the chosen forum is the District Court of [Your City], with express waiver of any other.
By accepting this Privacy Policy, you confirm you have read and understood its terms. 2eat is committed to giving you control over your data and full transparency. Thank you for being part of 2eat!