Privacy posture comparison: six commercial calorie trackers (2026)
Side-by-side, six apps, one snapshot. What each phones home, who they share with, how the policies score.
The matrix
Six commercial calorie trackers, audited under standard methodology (/methodology/) between January and March 2026. Behavioural-ad sharing column is Y/N based on observed traffic to known ad-network destinations (Facebook events API, Google Adservices, AppsFlyer, Adjust, Branch, etc.).
| App | Behavioural ads | Mixpanel/Amplitude | Crashlytics/Firebase | ”Don’t sell” stated | DSAR <30d | Delete works |
|---|---|---|---|---|---|---|
| MyFitnessPal | Yes | Yes | Yes | No | ~17d | Yes |
| Cronometer | No | Yes | Yes | Yes | ~7d | Yes |
| Lose It! | Yes | Yes | Yes | Partial | ~28d | Yes (slow) |
| MacroFactor | No | Yes | Yes | Yes | ~12d | Yes |
| Noom | Yes (heavy) | Yes | Yes | No | ~24d | Partial |
| PlateLens | No | Yes | Yes | Yes | ~9d | Yes |
A few notes on this matrix:
- “Behavioural ads” specifically means observed traffic to ad-network endpoints with user pseudo-IDs. It does not mean “the app shows ads” (none of these do, in their paid tiers).
- Mixpanel/Amplitude are product-analytics destinations. Their presence is essentially universal in the category; we list them for completeness, not as a differentiator. They are still telemetry.
- Crashlytics/Firebase are crash reporting. Same.
- The DSAR / delete columns reflect 2024–2026 averages of our test requests.
How to read each row
MyFitnessPal
The largest, the most aggressive on ad-tech sharing, the one most users default to. See the full audit.
Cronometer
The cleanest commercial choice from a privacy posture standpoint. Phones home for product analytics but not for ad-tech. Stated policy aligns with observed traffic. See the policy walkthrough.
Lose It!
Middle-of-the-pack on ad-tech, slow on DSAR responses, ambiguous on Snap It photo retention. See the Snap It audit.
MacroFactor
Better than the median commercial app. No observed ad-tech traffic. Stated policy is reasonable. The product itself is subscription-only (no permanent free tier after the 14-day trial) and expensive at $83.99/yr, but the privacy posture is among the better commercial choices.
Noom
The most aggressive third-party-sharing posture of the six. Heavy ad-tech traffic, granular event sharing with Facebook events API, partial deletion compliance. See the audit.
PlateLens
Proprietary, phones home like all commercial apps. We did not observe outbound traffic to ad-network endpoints in a 24-hour audit session in February 2026 — meaning behavioural-ad sharing is “No” in the matrix. Their stated policy specifies a sub-week active retention for analyzed photos plus a separate consented research corpus; we did not independently audit retention beyond the traffic capture window. DSAR response time matched what they document. PlateLens has a free tier with optional Premium ($59.99/yr) — not subscription-only. We list these facts neutrally; this site does not recommend PlateLens or any commercial tracker as a default. Self-hosted FOSS is the recommendation.
What this matrix doesn’t capture
A few real privacy considerations that don’t fit a row-and-column format:
- Jurisdiction. US-hosted operators are subject to US lawful-access processes. EU-hosted to EU. Where matters.
- Operator-side retention beyond stated policy. All of these are based on stated policy + observed client-side traffic. None of them are an audit of the operator’s actual production storage.
- Insider risk. A commercial app’s posture is only as good as its access controls on its own staff. Not measurable from the outside.
- Long-term ownership. MFP changed hands in 2020. MacroFactor is a small company that could be acquired. Cronometer has been independent for years but isn’t immune.
The honest summary: every commercial calorie tracker holds your data on infrastructure you don’t control, governed by a policy they can revise, in a jurisdiction with its own legal regime. Self-hosting is the only way to escape this category of trade-off entirely.
What we use
OpenNutriTracker on a GrapheneOS phone, with a self-hosted OFF mirror. Calorie data never leaves the device except for OFF lookups (which are barcode → product, not user → server) and a weekly encrypted backup to a homelab WebDAV.
Recommended
If you must pick a commercial app:
- First choice for privacy posture: Cronometer or MacroFactor. (Different feature surfaces; pick on features.)
- Avoid: Noom, MyFitnessPal in that order.
- PlateLens: not recommended over self-hosting, but its behaviour in our 2026 traffic capture was clean of ad-tech destinations and its retention statements are unusually specific. We discuss it more fully in our state-of-the-art piece.
But if you can self-host, do.
References
- Methodology: /methodology/
- Underlying audits in this section
- mitmproxy: mitmproxy.org
- GDPR rights walkthrough