Privacy policy

Effective: 28 May 2026

This policy explains what Ray collects, why, who else touches your data along the way, and what you can do about it. Ray is operated from Switzerland and applies the Swiss Federal Act on Data Protection (FADP). If you reach Ray from the EU/EEA or the UK, the GDPR / UK GDPR also apply to you.

Quick summary

Your data is hosted in Switzerland on a single server, run by Marco Platzer (sole proprietor, Switzerland).
We never sell your data, and we never share it with advertisers.
Your meals, messages, photos, voice notes, and questions are never used to train AI models.
The only third parties that process your data are Telegram (message transport), Infomaniak AI (Switzerland-based AI inference, photo and voice analysis), and Stripe (payments). Each is described below.
You can delete your account and all associated data at any time from ⚙️ Settings → ⚠️ Danger zone.
You can download a copy of your data as CSV from ⚙️ Settings → 📥 Data → Export.

Who is the data controller?

The data controller for your data is:

Marco Platzer (sole proprietor) Mittlere Gasse 5 8590 Romanshorn Switzerland Email: privacy@latzo.ch

You can also reach us at any time from ⚙️ Settings → 📨 Contact in the bot — that channel is monitored and is usually the fastest way to get a response on a privacy question. Use the email above for formal written requests or if you don’t have a Telegram account.

What we collect

Ray collects only the data needed to give you coaching that uses your real numbers. Everything below is keyed to your Telegram user ID — Ray does not ask for an email, a phone number, or a name beyond what Telegram already exposes.

From Telegram, when you start

Your Telegram numeric user ID (the canonical account key).
Your Telegram username and first name (so Ray can address you).
Your Telegram language code (used to pick a default language; English, German, or Spanish).

Profile data, when you set it up

Stored only if you fill in the onboarding wizard or set them later from 👤 Profile:

Goal (lose fat, maintain, gain muscle, custom).
Sex, birth date, height, weight.
Typical activity level.
Time zone (defaults to Europe/Zurich).
Optional daily calorie and protein targets, and an optional weight target.

Logged meals (the “nutrition” table)

One row per meal you log, by photo, voice, text, or preset. Each row contains the meal name, meal type, source (image / preset / voice / manual), an optional free-text note, the Telegram message ID it came from (used to prevent duplicate inserts on retries), and the nutrient breakdown Ray estimated or you provided: calories, protein, carbohydrates, fiber, sugars, fats (incl. saturated and omega-3), water, alcohol, caffeine, fruit and vegetable servings, plus selected micronutrients (sodium, potassium, magnesium, calcium, iron, selenium, vitamin D, vitamin B12).

Photos and voice notes

Photos and voice notes you send to Ray are forwarded to Infomaniak AI for analysis or transcription (see “Third parties” below). Ray does not store the photo or audio file on its own server after analysis — only the resulting structured nutrition data (saved to the meals table above) and, for voice notes, the transcription used to generate the agent’s reply (stored as a normal message; see below).

Activity and recovery data

If you connect a data source in ⚙️ Settings → 🔌 Integrations — Apple Health via personal webhook URLs, or WHOOP via account sign-in — Ray stores:

Activity (one row per day): active energy, resting energy, source label.
Recovery (one row per day): total sleep time, resting heart rate, HRV, an optional note, source label.

For Apple Health, the webhook URL contains a per-user secret token. You can revoke and rotate that token at any time from the same menu; only the current token can write data to your account.

For WHOOP, Ray uses your account authorization to read recovery, sleep, and daily energy directly — it does not request your name, email, or profile. You can disconnect at any time from the same menu (which revokes Ray’s access at WHOOP) or from your WHOOP account settings.

Weight logs

Individual weight entries (weight, date, optional note), separate from the snapshot in your profile.

Conversation history and long-term memory

Messages: every message exchanged with Ray (your messages, his replies, the tool calls he made, and the tool results) is stored so he can keep context across the conversation. You can wipe this at any time from ⚙️ Settings → ⚠️ Danger zone → 🧹 Clear conversation history.
Agent memories: short facts you ask Ray to remember (e.g. “I’m lactose intolerant”, “I train 4× a week”). You can see and remove them in the same menu, or by asking Ray.

Preferences and operational state

Your tracked-nutrient choices, notification settings (e.g. meal-reminder slots), quick actions, custom meal presets, and in-progress wizard state.

Subscription and billing

If you subscribe, Ray stores your Stripe customer and subscription IDs, the current billing-period end, the cancel-at-period-end flag, and your subscription status (trial / active / past_due / canceled). Ray never sees, stores, or processes your card number or any other payment instrument — that lives entirely with Stripe.

Technical and operational logs

Per-completion metadata: for each AI call Ray makes on your behalf, he logs the model name, token counts, latency, status, and which tools were used. He does not log the prompt or response body in this table — those are in the messages table above. This metadata is used to monitor cost, latency, and errors.
Server logs: short-lived application logs (e.g. “activity upserted for user X on date Y”) used for debugging and incident response. They do not include message content.

What we explicitly do not collect

We do not ask for, store, or have access to your Telegram phone number, contact list, or location.
We do not run analytics or advertising trackers.
We do not store payment card data of any kind.
We do not collect data about anyone but you — if you mention someone else in a message, that text is treated as your message, not as a separate profile.

How we use it

We use your data only to:

Run the coaching service — show you what you logged, answer your questions from your real data, send reminders you enabled, and apply the long-term facts you asked Ray to remember.
Estimate nutrition from photos and voice notes — by sending the image or audio to Infomaniak AI for one-shot analysis (see below).
Bill the subscription — via Stripe; we keep just the IDs and status needed to know whether your access is current.
Operate, debug, and improve the service — through technical logs and per-completion metadata.
Prevent abuse — when you delete your account, Ray keeps your Telegram user ID and an anonymised marker so the same Telegram account can’t repeatedly claim a new 7-day trial. No personal data is retained in that marker.

We do not use your data to train AI models, build profiles about you, or share with anyone outside the processors listed below.

For users to whom the GDPR or UK GDPR applies, we rely on the following legal bases:

Performance of a contract (Art. 6(1)(b)) for everything required to provide the service you signed up for: account setup, meal logging, agent replies, activity/recovery ingestion, billing.
Legitimate interests (Art. 6(1)(f)) for short-lived technical logs, abuse prevention, and per-completion metadata used to keep the service stable and affordable.
Consent (Art. 6(1)(a)) for optional features you turn on yourself — connecting a wearable (Apple Health or WHOOP), enabling notification slots, asking Ray to remember a specific long-term fact. You can withdraw consent at any time by disabling the feature or asking Ray to forget the fact.
Special-category data (Art. 9) — items like weight, sleep, and HRV qualify as health data. We process them under Art. 9(2)(a) (your explicit consent, given by entering them or connecting a data source) for the purpose of providing personal coaching.

Third parties

Ray uses three external processors. None of them receive your data for their own marketing, profiling, or model-training purposes.

Ray is a Telegram bot, so every message you send to him and every reply he sends to you is delivered by Telegram. Telegram sees your message content in transit and stores chat history on their infrastructure under their own privacy policy. We have no control over Telegram’s storage — if you want a message to no longer exist in Telegram, you have to delete it in Telegram. Ray identifies you by your Telegram numeric user ID.

Infomaniak AI (Switzerland)

Ray uses Infomaniak’s AI products for:

Photo analysis of meals (vision model).
Voice transcription of voice notes (Whisper).
Chat completions that generate the agent’s replies.

Infomaniak is a Swiss provider; their AI inference runs on infrastructure in Switzerland. Each call sends only the data needed for that call — typically the image or audio, plus the recent conversation context. Inputs are not used by Infomaniak to train models. Their terms apply to the processing they perform for us.

Stripe (payments)

If you subscribe, the checkout flow is hosted by Stripe. You enter your card details on Stripe, not on Ray. Stripe sends Ray webhook events (subscription created, updated, cancelled; payment failed) so the bot can grant or revoke access. Stripe is the controller for the card data; we are the controller for the resulting subscription IDs and status flags. Stripe is a PCI-DSS Level 1 service provider.

No other recipients

We do not share your data with advertisers, data brokers, analytics vendors, or any other party.

Where your data lives

Your data is stored in a single Postgres database on a Swiss-hosted server, operated by Marco Platzer (the controller named above). Backups, when made, are stored in the same jurisdiction.

The third-party processors above handle data as follows:

Telegram — international infrastructure, governed by Telegram’s own policies.
Infomaniak AI — Switzerland.
Stripe — international payments infrastructure, with Stripe’s own safeguards for cross-border transfers.

For EU/EEA users, transfers outside the EU/EEA in connection with Telegram and Stripe are covered by those providers’ own transfer mechanisms (e.g. Standard Contractual Clauses, adequacy decisions) under their respective agreements with us and their public policies.

How long we keep your data

Active accounts: as long as your account exists. You can delete it at any time.
After you delete your account: nutrition, activity, recovery, weight, messages, agent memories, presets, notification settings, quick actions, wizard state, completion metadata, and health webhook tokens are removed immediately. The users row is kept in an anonymised form (Telegram user ID only) so the same Telegram account cannot abuse the 7-day trial.
Stripe: billing records held by Stripe are retained per Stripe’s own retention rules and any applicable tax/accounting law.
Server logs: short-lived, rotated by the host.

Your rights

Under Swiss FADP and (where it applies) the GDPR / UK GDPR you have the rights below. Most of them are exposed directly in the bot so you can exercise them without writing to us:

Right	How to exercise it
Access / portability — get a copy of your data	⚙️ Settings → 📥 Data → Export generates a ZIP of CSVs covering your profile, meals, activity, recovery, weight, presets, agent memories, and settings.
Rectification — correct your data	Update your profile in 👤 Profile, edit logged meals by asking Ray to delete the wrong one and re-logging it, or use ⚙️ Settings → 📥 Data → Import to re-import a corrected export.
Erasure / “right to be forgotten”	⚙️ Settings → ⚠️ Danger zone → Delete account wipes all data described above, immediately and permanently.
Restrict specific processing	Disable the feature involved — e.g. disconnect your data source in ⚙️ Settings → 🔌 Integrations, turn off notifications, clear the conversation history.
Object to processing based on legitimate interests	Use ⚙️ Settings → 📨 Contact to explain what you object to. We will stop unless we have a legal basis that overrides the objection.
Withdraw consent for any optional feature	Disable the feature in the bot, or ask Ray to forget a specific remembered fact. Withdrawal does not affect prior processing.
Complain to a supervisory authority	Swiss residents may contact the Federal Data Protection and Information Commissioner (FDPIC). EU/EEA residents may contact their national data protection authority. UK residents may contact the ICO.

For requests that aren’t fully exposed in the menus, write to us via ⚙️ Settings → 📨 Contact or by email at privacy@latzo.ch.

Children

Ray is not directed at children. You must be at least 16 years old to use Ray, or the applicable digital-consent age in your country if it is higher. If you believe a child has created an account, contact us and we will delete it.

Security

The Ray server runs behind a reverse proxy with TLS, and only the proxy can reach the application. The database is reachable only inside the server. Telegram updates are authenticated either by polling against Telegram’s API or by a webhook secret. Stripe webhooks are verified by signature. Health webhook URLs contain a per-user secret token that you can rotate. No system is perfectly secure, but we keep the surface small and rely on well-audited components (Postgres, Stripe, Telegram, Infomaniak).

Changes to this policy

If we change this policy, the new version will appear at this URL with an updated effective date. Material changes will additionally be announced inside the bot before they take effect.

Contact

For any privacy question — access requests, deletion confirmation, objections, complaints — use ⚙️ Settings → 📨 Contact in the bot (fastest), or write to privacy@latzo.ch or to the postal address listed under “Who is the data controller?” above.