Privacy Policy

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support.

Personal Information

• Name and email address
• Profile information (age, weight, height, fitness goals)
• Food and exercise logs
• Health data from Android Health Connect and Apple HealthKit integration
• Payment information (processed securely by third-party providers)
• Google account information (when using Google OAuth login)
• Profile pictures and other uploaded content
• Photo uploads for AI-powered nutrition analysis

Health Data Collection

With your explicit permission, we may collect the following health data:

• Weight and Body Measurements: For nutrition and fitness tracking
• Activity Data: Steps, exercise duration, and physical activity
• Sleep Data: Sleep duration and quality metrics
• Heart Rate Data: Resting and active heart rate information
• Nutrition Data: Food intake and nutritional information
• Fitness Goals: Personal fitness and health objectives

Important: All health data collection requires your explicit consent and can be revoked at any time through your device settings.

Usage Information

• Device information and identifiers
• Log data (IP address, browser type, pages visited)
• Cookies and similar technologies
• Analytics data (Google Analytics, Firebase Analytics, Statsig)
• Authentication tokens and session data
• Error logs and performance metrics (Sentry)
• App usage patterns and feature interactions
• Subscription and payment data (RevenueCat)
• A/B testing and experimentation data (Statsig)

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send technical notices and support messages
• Respond to your comments and questions
• Personalize your experience using AI and machine learning
• Analyze photos for nutrition information using AI services
• Integrate with Android Health Connect for health data
• Process subscription payments and manage billing
• Conduct A/B testing and feature experiments (Statsig)
• Monitor app performance and error tracking (Sentry)
• Analyze user behavior and app usage (Google Analytics)
• Provide customer support and technical assistance

3. Information Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except:

• With service providers who assist us in operating our website and conducting our business
• When required by law or to protect our rights
• In connection with a merger, acquisition, or sale of assets

4. Data Security

We implement appropriate security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure.

5. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this privacy policy, unless a longer retention period is required by law.

Retention Periods

• Account Information: Retained until you delete your account or request deletion
• Usage Data: Retained for up to 2 years for analytics and service improvement
• Authentication Data: Retained for the duration of your account plus 30 days
• Error Logs: Retained for up to 90 days for debugging and service improvement
• Payment Information: Retained as required by law and payment processor requirements

6. Your Rights

You have the following rights regarding your personal information:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information and account
• Portability: Request a copy of your data in a structured, machine-readable format
• Restriction: Request restriction of processing of your personal information
• Objection: Object to processing of your personal information for certain purposes
• Withdrawal of Consent: Withdraw consent for data processing where consent is the legal basis

To exercise these rights, please contact us at privacy@calori.com. We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your experience, analyze usage, and provide personalized content.

Types of Cookies We Use

• Essential Cookies: Required for basic website functionality, authentication, and security
• Analytics Cookies: Help us understand how visitors interact with our website (Google Analytics)
• Preference Cookies: Remember your settings and preferences
• Authentication Cookies: Keep you logged in and maintain your session

Third-Party Cookies and Services

• Google Analytics: We use Google Analytics to analyze website traffic and user behavior. This service may set cookies to track your interactions.
• Google OAuth: When you log in with Google, Google may set cookies for authentication purposes.
• Google Firebase: For authentication, analytics, and cloud services.
• RevenueCat: For subscription management and payment processing.
• Statsig: For A/B testing, feature flags, and analytics.
• Sentry: For error tracking and performance monitoring.
• Supabase: For database services and real-time features.
• OpenRouter/Groq/Gemini: For AI-powered nutrition analysis and content generation.

You can control cookie settings through your browser preferences. However, disabling certain cookies may affect the functionality of our services.

8. Third-Party Services and Data Sharing

We integrate with several third-party services to provide you with the best experience. Here's how we share data with these services:

Google Services

• Google Analytics: We share anonymous usage data to understand how our website is used and improve user experience.
• Google OAuth: When you log in with Google, we receive your basic profile information (name, email, profile picture) as permitted by your Google account settings.
• Google Firebase: We share authentication data and app usage analytics for user management and service improvement.
• Google Cloud Storage: We store uploaded photos and processed images in secure cloud storage.

Payment and Subscription Services

• RevenueCat: We share subscription and payment information to process transactions and manage your subscription status.

AI and Machine Learning Services

• OpenRouter: We share uploaded photos for AI-powered nutrition analysis and calorie calculation.
• Groq: We share text data for AI-powered content generation and analysis.
• Google Gemini: We share data for AI-powered features and content generation.

Analytics and Experimentation

• Google Analytics: We share anonymous usage data to understand how our app is used and improve user experience.
• Firebase Analytics: We share app usage data, user engagement metrics, and performance data for app optimization.
• Statsig: We share user behavior data for A/B testing, feature flags, and product experimentation.
• Sentry: We share error logs and performance data to monitor and improve our service reliability.

Database and Infrastructure Services

• Supabase: We share user data for database operations and real-time features.
• Google Cloud SQL: We store user data and application data in secure cloud databases.
• Google BigTable: We store analytics and usage data for service optimization.

Health Data Integration

• Android Health Connect: We access health data from your Android device with your explicit permission for fitness tracking and nutrition analysis.

All third-party services are required to maintain appropriate security measures and are prohibited from using your personal information for any purpose other than providing services to us.

9. International Data Transfers

Your personal information may be transferred to and processed in countries other than your country of residence. We ensure that such transfers are made in accordance with applicable data protection laws and that appropriate safeguards are in place to protect your personal information.

10. Compliance with Data Protection Laws

We comply with applicable data protection laws, including:

• GDPR (General Data Protection Regulation): For users in the European Union
• CCPA (California Consumer Privacy Act): For users in California, USA
• PIPEDA (Personal Information Protection and Electronic Documents Act): For users in Canada
• Other applicable local data protection laws

11. Data Deletion and Account Management

You have the right to delete your account and all associated personal data at any time. We provide multiple ways to request data deletion:

Self-Service Data Deletion

• Account Settings: Logged-in users can delete their account directly through the app settings
• Data Deletion Page: Visit https://www.calori.com/delete to request account deletion
• Email Request: Send a deletion request to support@calori.com

What Gets Deleted

• Your profile and personal information
• All food entries and health data
• Your preferences and settings
• Your subscription and payment history
• Uploaded photos and processed images
• Analytics data associated with your account

Processing Time

Data deletion requests are processed within 1-3 business days. You will receive a confirmation email once your data has been permanently deleted.

12. App Store Compliance

Our app complies with Google Play Store and Apple App Store policies and requirements:

Google Play Store Compliance

• We clearly disclose all data collection practices in this privacy policy
• We obtain explicit consent before collecting sensitive data
• We provide easy-to-use data deletion mechanisms
• We comply with Google Play's data safety requirements
• We follow Google Play's health data collection guidelines
• We implement proper data retention and deletion policies

Apple App Store Compliance

• We comply with Apple's App Store Review Guidelines
• We follow Apple's privacy requirements for health data
• We implement proper data minimization practices
• We provide clear data usage explanations
• We follow Apple's guidelines for third-party analytics

Health Data Integration

• Android Health Connect: Integration requires explicit user permission and follows Google's health data guidelines
• Apple HealthKit: Integration requires explicit user permission and follows Apple's health data guidelines
• Health data is only used for fitness and nutrition tracking within our app
• Health data is not shared with third parties without explicit consent
• Users can revoke health data access at any time through device settings
• Health data is encrypted in transit and at rest
• We only access health data types that are necessary for our app's functionality

Required App Permissions

Our app may request the following permissions to provide full functionality:

Android Permissions (Google Play Store)

• Health Connect Permissions: READ_WEIGHT, WRITE_WEIGHT, READ_ACTIVITY, READ_SLEEP
• Camera Permission: For photo-based nutrition analysis
• Storage Permission: For saving and accessing user photos
• Internet Permission: For syncing data and accessing cloud services

iOS Permissions (Apple App Store)

• HealthKit Permissions: Read and write access to health data types
• Camera Permission: For photo-based nutrition analysis
• Photo Library Permission: For accessing and saving user photos
• Motion & Fitness Permission: For activity tracking and health data

Note: All permissions are optional and can be denied or revoked at any time. The app will continue to function with limited features if permissions are not granted.

Analytics and Tracking

• Google Analytics: We use Google Analytics for app usage analytics and user behavior tracking
• Firebase Analytics: We use Firebase Analytics for app performance and user engagement metrics
• Statsig: We use Statsig for A/B testing, feature flags, and product analytics
• All analytics data is anonymized and aggregated
• Users can opt-out of analytics tracking in app settings
• Analytics data is used only for improving our app and user experience

AI and Photo Processing

• Photo uploads are processed using secure AI services (OpenRouter, Groq, Gemini)
• Photos are automatically deleted after processing
• AI analysis results are stored securely and can be deleted
• Users can opt-out of photo analysis features
• AI processing follows both Google and Apple guidelines for data handling

Data Safety and Security

• Encryption: All sensitive data is encrypted in transit and at rest
• Access Controls: Strict access controls limit who can access user data
• Data Minimization: We only collect data that is necessary for app functionality
• Regular Audits: We regularly audit our data practices for compliance
• Secure Storage: User data is stored in secure, encrypted cloud databases
• Third-Party Security: All third-party services meet our security standards

Compliance with App Store Guidelines

• Google Play Store: We comply with Google Play's data safety requirements and health data guidelines
• Apple App Store: We comply with Apple's privacy guidelines and health data requirements
• Data Transparency: We clearly disclose all data collection and usage practices
• User Control: Users have full control over their data and can delete it at any time
• Consent Management: We obtain explicit consent for all data collection
• Regular Updates: We regularly update our privacy practices to meet evolving requirements

13. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us immediately.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date below.