Privacy Policy

Effective date: April 23, 2026

CaloriFit ("we", "us", or "our") operates the CaloriFit mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the App.

By using CaloriFit, you agree to the practices described in this policy. If you do not agree, please do not use the App.

1. Information We Collect

1.1 Information You Provide

• Account information: name, email address, and password when you register, or profile data received from Apple or Google Sign-In.
• Profile data: age, gender, height, weight, activity level, fitness goal (e.g., weight loss, maintenance, muscle gain), and preferred unit system (metric or imperial).
• Food logs: meal descriptions, food names, quantities, calorie and macronutrient values (protein, carbohydrates, fat), meal type (breakfast, lunch, dinner, snack), and the date of each entry.
• Saved foods: foods you bookmark for quick re-logging.
• Weight logs: body weight entries and the dates they are recorded.
• Photos: images you capture or select from your photo library to identify food via AI. Photos are transmitted to our AI processing service for analysis and are not stored on our servers after processing.
• Text input to AI: descriptions of meals you type into the AI food logger.

1.2 Information Collected Automatically

• AI usage data: a count of how many AI food-parsing requests you have made, used to enforce free-tier limits.
• Subscription status: your current plan (Free or Premium) and related billing identifiers managed by our payment processor.
• Device identifiers: anonymous identifiers used by our payment processor (RevenueCat) for purchase attribution. We do not collect your device's advertising identifier (IDFA).

1.3 Information We Do Not Collect

• We do not collect precise location data.
• We do not collect contacts, calendars, or health data from Apple HealthKit or Google Fit.
• We do not use advertising trackers or third-party analytics SDKs.
• We do not collect your device's advertising identifier (IDFA) and do not participate in ad tracking.

2. How We Use Your Information

• Provide and improve the App: calculate personalized calorie and macro targets, log meals, track weight, and display progress charts.
• AI food analysis: process your food descriptions and photos through Google Gemini AI to identify foods and estimate nutritional content. Only the content of your current request (text, images, and recent conversation context) is sent; no persistent profile data is shared with Google beyond what is needed for the request.
• Subscription management: process payments, verify entitlements, and restore purchases via RevenueCat.
• Offline synchronization: sync your data between your device and our cloud database so your information is available across sessions.
• Account support: respond to requests, troubleshoot issues, and send transactional emails (e.g., password resets, email verification).

3. Third-Party Services

We use the following third-party services to operate CaloriFit:

• Supabase (database, authentication, cloud functions) — your account data and logs are stored in Supabase-hosted infrastructure. Supabase Privacy Policy.
• PowerSync (offline data synchronization) — facilitates real-time sync between your device and the cloud database. PowerSync Privacy Policy.
• Google Gemini AI (food recognition and nutrition analysis) — food descriptions and photos are sent to Google's Generative AI API for processing. Data is used solely for generating a response and is subject to Google's API Terms.
• RevenueCat (subscription and payment management) — handles purchase validation and subscription status. RevenueCat Privacy Policy.
• Apple Sign-In / Google Sign-In (authentication) — if you choose to sign in with Apple or Google, we receive your name and email address (or a relay email in Apple's case) from the provider. We do not receive your password.

4. Data Storage and Security

Your data is stored on servers managed by Supabase and PowerSync. We use industry-standard security measures including:

• Encrypted connections (HTTPS/TLS) for all data in transit.
• Row-level security (RLS) policies in our database ensuring you can only access your own data.
• Authentication tokens stored securely on your device.
• Server-side ownership checks on all data mutations.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

• Your account data and logs are retained for as long as your account exists.
• Photos sent for AI analysis are processed in memory and are not persisted on our servers after the response is generated.
• When you delete your account, all personal data (profile, food logs, weight logs, saved foods, AI usage records, and target history) is permanently deleted from our database.

6. Your Rights and Choices

6.1 Account Deletion

You can delete your account at any time from the Settings screen in the App. Deletion is permanent and removes all your data from our servers. If you have an active subscription, you must cancel it separately through your device's subscription settings (Apple App Store).

6.2 Data Access

You can view all data the App stores about you directly within the App (profile, food logs, weight logs, saved foods). To request a full data export, contact us at support@calorifit.com.

6.3 Camera and Photo Library

The App requests camera and photo library access only when you choose to log a meal using a photo. You can revoke these permissions at any time in your device's Settings.

6.4 Email Communications

We only send transactional emails (password resets, email verification). We do not send marketing emails.

7. Children's Privacy

CaloriFit is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us personal information, please contact us at support@calorifit.com.

8. International Data Transfers

Your data may be processed in countries other than your own. Our service providers (Supabase, PowerSync, Google) operate globally. By using the App, you consent to the transfer of your information to these providers' facilities, which may be located outside your jurisdiction.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective date" at the top of this page. We encourage you to review this policy periodically. Continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or your data, please contact us:

Email: support@calorifit.com