Privacy Policy

1. Information We Process

1.1 Data That Stays on Your Device (We Do Not Collect)

The following data is stored locally on your device only. It is never transmitted to our servers, and we have no access to it:

• Profile information (name, age, gender, weight, height, dietary preferences, allergens, goals)
• Food log (meals, nutritional values, ingredients, portion sizes, meal types)
• Weight history and hydration logs
• Progress photos
• Recipes you have saved
• App settings and preferences

1.2 Data Temporarily Transmitted for Processing

The following data is sent to our AI processing service when you use specific features. It is processed in real-time and not stored on our servers after a response is generated:

• Food photos: When you use photo scanning, your image is transmitted to our AI service for nutritional analysis. The photo is discarded after processing (typically under 10 seconds).
• Text descriptions: When you describe food in text, your description is sent to our AI service. Not retained after the response is delivered.
• Chat messages: When you chat with an AI coach, your message and relevant nutritional context (today's intake, goals) are sent to generate a response. Not retained after the session.
• Barcode numbers: When you scan a barcode, the number is sent to the Open Food Facts database to look up product information. No personal data is included.

1.3 Minimal Technical Data

• Anonymous device ID: A random identifier generated locally on your device, used solely for API requests. It is not linked to your Apple ID, name, email, or any personally identifiable information.
• Subscription status: Confirmed through Apple's StoreKit framework. We do not receive your payment details or Apple ID credentials.

1.4 Data We Do NOT Collect

• We do not collect email addresses, phone numbers, or physical addresses
• We do not use analytics or tracking SDKs
• We do not use advertising identifiers (IDFA)
• We do not track your location
• We do not access your contacts, calendar, or other personal data
• We do not create user accounts or maintain a server-side user database

2. How We Use Your Information

• Nutritional analysis: Food photos and text descriptions are transmitted to our AI processing service (via a Cloudflare Workers proxy) to generate nutritional estimates. Data is processed in real-time and discarded after the response is delivered.
• AI coaching: Your messages and relevant nutritional context (today's intake, goals, dietary preferences) are sent to AI language models to generate personalized coaching responses.
• Recipe generation: Your dietary preferences, allergens, nutritional gaps, and calorie targets are sent to AI models to generate recipe suggestions.
• Barcode scanning: Scanned barcodes are sent to the Open Food Facts public database to retrieve product information, which is then enriched by our AI service.

3. Data Storage and Retention

• Local data: Stored on your device indefinitely until you delete it manually or uninstall the app.
• Food photos sent for analysis: Processed in real-time by our AI service and not stored after the response is generated. Typical processing time is under 10 seconds.
• Chat messages: Processed by AI models to generate responses and not retained after the session.

If you delete the app, all locally stored data is permanently and irrecoverably removed. We recommend using the CSV export feature in Settings to back up your data before uninstalling.

4. Third-Party Services

CalGram uses the following third-party services to deliver its features. Each service may process limited data as described:

4.1 OpenAI API

Used for: food photo analysis, text-based food analysis, AI coaching, and recipe generation.

Data sent: food photos (as base64-encoded images), text descriptions, nutritional context for coaching, dietary preferences for recipes.

Privacy policy: openai.com/policies/privacy-policy

4.2 Cloudflare Workers

Used for: API proxy layer between the app and OpenAI. All requests to AI services are routed through Cloudflare Workers.

Data processed: all data transmitted to OpenAI passes through Cloudflare.

Privacy policy: cloudflare.com/privacypolicy

4.3 Open Food Facts

Used for: barcode-based product lookup and nutritional data retrieval.

Data sent: barcode numbers only. No personal data is transmitted.

Privacy policy: world.openfoodfacts.org/privacy

4.4 Apple App Store / StoreKit

Used for: app distribution, subscription billing, and payment processing.

Data processed by Apple: payment information, Apple ID, subscription status. CalGram does not receive or store your payment details.

Privacy policy: apple.com/legal/privacy

We do not use advertising networks, social media SDKs, third-party analytics platforms, or any other tracking services.

5. Data Sharing

We do not sell, rent, trade, or otherwise share your personal information with third parties for their marketing or advertising purposes.

Your data may only be disclosed in these limited circumstances:

• With the third-party services listed in Section 4, solely to deliver core app functionality as described above.
• If required by law, regulation, legal process, court order, or governmental authority.
• To protect the rights, safety, or property of CalGram, our users, or the public.

6. Data Security

• All communication between the app and our API services uses HTTPS/TLS encryption.
• Food photos are transmitted over encrypted connections, processed in memory, and not written to persistent storage on our servers.
• Local data on your device is protected by your device's built-in security features (passcode, Face ID, Touch ID, device encryption).
• We do not store passwords or authentication credentials, as there are no user accounts.

While we implement reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data during transmission to third-party services.

7. Children's Privacy

CalGram is not intended for use by children under the age of 13. We do not knowingly collect, store, or process personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided information through the App, please contact us at contact@calgram.app and we will take steps to delete such information promptly.

8. Your Rights and Choices

Since your data is stored locally on your device, you have direct and complete control over it:

• Access: View all your data within the app at any time — food log, profile, weight history, recipes, and settings.
• Export: Use the CSV export feature in Settings to download a complete copy of your food log data.
• Correction: Edit any value directly within the app — all fields (calories, macros, micronutrients, ingredients, name, portion) are tappable and editable.
• Deletion: Delete individual meals from your daily log, delete items from food history, or delete all data by uninstalling the app.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:

• Right to know: You have the right to know what personal information we collect, use, and disclose. This is fully described in this Privacy Policy.
• Right to delete: You can delete your data at any time by deleting meals within the app or by uninstalling the app entirely.
• Right to opt-out of sale: We do not sell your personal information to third parties. We have never sold personal information and have no plans to do so.
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

CalGram does not use or share personal information for targeted advertising or cross-context behavioral advertising as defined under CPRA.

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) provides you with additional rights:

• Legal basis for processing: We process your data based on your consent (by choosing to use AI features) and the legitimate interest of delivering the service you subscribed to.
• Right of access: You can access all your data within the app at any time.
• Right to rectification: You can edit any data directly within the app.
• Right to erasure: You can delete your data by removing entries or uninstalling the app.
• Right to data portability: You can export your data in CSV format from Settings.
• Right to withdraw consent: You can stop using AI-powered features at any time. You can cancel your subscription and delete the app to withdraw all consent.
• Right to lodge a complaint: You have the right to lodge a complaint with your local data protection authority.

Data transferred to third-party AI services (OpenAI, Cloudflare) may be processed in the United States. These services maintain appropriate safeguards for international data transfers as described in their respective privacy policies.

11. Do Not Track

CalGram does not track users across third-party websites or apps. We do not respond to "Do Not Track" browser signals because we do not engage in any tracking activity. We do not use cookies, pixels, or any web-based tracking technologies within the App.

12. Data After Subscription Expiration

If your subscription expires or is cancelled:

• All locally stored data (food log, profile, weight history, preferences) remains on your device and is not deleted.
• You will not be able to access the App's features until you resubscribe.
• No data is transmitted to our servers after your subscription expires.
• If you uninstall the app, all local data is permanently deleted regardless of subscription status.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. The updated version will be posted on this page with a revised effective date. If we make material changes that affect how we handle your personal information, we will notify you through the App or by other appropriate means before the changes take effect.

Your continued use of the App after any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

contact@calgram.app