Privacy Policy

1. Introduction

Welcome to CalorieTaker ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").

2. Information We Collect

2.1 Personal Information

• Account Information: Email address, name (when provided)
• Authentication Data: Google OAuth tokens (managed securely by Google)
• Subscription Data: Payment information, billing history (processed by RevenueCat/Google Play)
• Usage Data: App usage patterns, features accessed

2.2 Food and Health Data

• Meal Records: Food items, calorie counts, nutritional information
• Food Photos: Images uploaded for AI analysis. Images are stored in our Supabase Storage buckets ("meal-images" for meal scans, "workout-selfies" for gym progress shots, "community" for shared posts) for historical access and data exports. Images are removed when you delete your account or as specified in our retention policy.
• Weight Tracking: Weight entries and trends (optional)
• Achievements: Progress tracking and milestone data
• Health Connect (Android): Optional integration to import activity data (steps, exercise, distance, calories burned) for accurate energy expenditure calculations
• Google Fit: Optional integration to import fitness metrics (steps, heart rate, weight, sleep)

2.2.1 Community Features (Optional)

• Profile Information: Display name, bio, avatar photo (stored in "community" bucket)
• Public Posts: Meal posts, progress updates, tips you choose to share publicly
• Community Images: Photos uploaded to community posts (stored separately in "community" bucket)
• Social Interactions: Likes, comments, bookmarks, follows, blocks
• Content Moderation: Reports submitted for inappropriate content
• Privacy Controls: Profile visibility settings, ability to delete posts anytime

2.3 AI Analysis Data

• Image Processing: Food photos sent to AI services (Gemini, Claude, OpenAI, Grok) for analysis
• Analysis Results: Nutritional data returned from AI providers
• Usage Metrics: AI service usage for billing purposes

2.4 Device Information

• Device Details: Device type, operating system, app version
• Camera Access: Food photos for meal logging
• Microphone Access: Voice input for hands-free meal logging (audio not stored, converted to text locally)
• Storage Access: Local data storage for offline functionality

2.5 Automatically Collected Information

• Log Data: App crashes, performance metrics (for improvement)
• Analytics: Anonymous usage statistics

3. How We Use Your Information

3.1 Core Functionality

• Provide calorie tracking and AI-based nutritional analysis
• Enable voice-to-text meal logging (microphone access, audio not stored)
• Integrate with Health Connect for activity-based calorie calculations
• Store and display your food history and meal records
• Facilitate community features for sharing meals and connecting with others (optional)
• Generate personalized insights and nutrition trends
• Enable offline functionality and data sync

3.2 Authentication & Security

• Verify user identity through Google Sign-In
• Secure your account and data with encryption
• Prevent unauthorized access and fraud

3.3 App Improvement

• Analyze usage patterns to improve features
• Fix bugs and optimize performance
• Develop new features based on user feedback

3.4 Communication

• Send you important account notifications
• Respond to your inquiries and support requests
• Notify you of policy changes

4. Data Sharing

We do not sell your personal information. We may share data only in these limited cases:

4.1 Service Providers

• AI Providers: Gemini, Claude, OpenAI, Grok (for food analysis)
• Payment Processors: RevenueCat, Google Play (subscription management)
• Cloud Storage: Supabase (data storage)
• Authentication: Google (account verification)

4.2 Legal Requirements

We may disclose information if required by law or if we believe in good faith that such disclosure is necessary to:

• Comply with applicable laws or court orders
• Protect our legal rights and your safety
• Prevent fraud or security breaches

5. Data Retention

We retain your data for as long as your account is active. When you delete your account:

• All meal records, photos, and personal data are permanently deleted
• Subscription information is removed from our active systems
• We comply with GDPR's "Right to Erasure"

6. Security

We employ industry-standard security measures including:

• Encrypted data transmission (HTTPS/TLS)
• Secure database storage with access controls
• Regular security audits and penetration testing
• Secure authentication with OAuth 2.0

7. Your Rights

You have the right to:

• Access: Request a copy of your data
• Delete: Delete your account and all associated data
• Correct: Update inaccurate information
• Export: Download your data in standard formats
• Opt-out: Disable analytics and non-essential tracking

8. Third-Party Services

CalorieTaker integrates with third-party services. Please review their privacy policies:

• Google (Authentication, Firebase Analytics, AdMob): Google Privacy Policy
• Meta / Facebook (AppEvents): Facebook / Meta Privacy Policy
• Supabase (Storage): Supabase Privacy Policy
• RevenueCat (Subscriptions): RevenueCat Privacy Policy

Note: Analytics and advertising providers such as Firebase, Facebook AppEvents and Google Mobile Ads may collect event-level data, device identifiers and advertising identifiers to enable analytics, conversion measurement and ad personalization. Review provider privacy pages for details and opt-out instructions.

9. Integrations & Sensitive Data

Some integrations (for example, Google Fit and AI features) require your explicit consent. When you enable these integrations we will share only the minimal data necessary to provide the feature, and you can disconnect or revoke access at any time through the App or by managing connected services in your account settings. Please review third‑party provider policies before enabling integrations.

10. GDPR & CCPA Compliance

If you are in the EU (GDPR) or California (CCPA), you have additional rights including data portability, right to know, and deletion. Contact us to exercise these rights.

10. Children's Privacy

CalorieTaker is not intended for users under 13. We do not knowingly collect information from children. If we discover we have collected data from a child, we will delete it immediately.

11. Contact Us

For privacy concerns or data requests, please contact us:

• Email: info@calorietaker.com
• Address: Via email

12. Policy Changes

We may update this Privacy Policy from time to time. We will notify you of significant changes via in-app notification or email. Your continued use of the app constitutes acceptance of the updated policy.