Privacy Policy for Calorify

Last Updated: January 2025

Introduction

Calorify ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"). Please read this privacy policy carefully.

Information We Collect

Information You Provide to Us

Account Information

  • Email address: Used for account creation and authentication
  • Name: Used for personalization and display purposes
  • Profile information: Age, height, weight, activity level for personalized calorie calculations

Health and Fitness Data

  • Nutrition data: Food logs, calorie intake, macronutrient information
  • Health metrics: Weight changes, BMI calculations (with your explicit consent via HealthKit)
  • Fitness data: Activity levels, calorie burn estimates (with your explicit consent via HealthKit)

User-Generated Content

  • Food photos: Images of meals for AI-powered nutrition analysis (processed on-device when possible)
  • Voice recordings: Temporary audio for voice-to-text meal logging (processed and immediately deleted)
  • Meal descriptions: Text entries about your food consumption

Information Collected Automatically

Usage Data

  • App interactions: Features used, buttons clicked, screens viewed
  • Session information: App launch times, usage duration
  • Performance data: Crash reports, error logs (anonymized)

Device Information

  • Device type: iPhone/iPad model for app optimization
  • Operating system: iOS version for compatibility
  • App version: For support and update purposes

How We Use Your Information

Primary Purposes

  1. Provide Core Functionality: Calculate calories, track nutrition, analyze food
  2. Personalization: Customize calorie goals, meal recommendations
  3. Account Management: Authentication, profile management, data sync
  4. Health Insights: Generate nutrition reports, track progress

Secondary Purposes

  1. App Improvement: Fix bugs, optimize performance, develop new features
  2. Customer Support: Respond to inquiries, provide assistance
  3. Safety and Security: Detect fraud, enforce terms of service

Data Storage and Security

Where We Store Data

  • Primary Storage: Supabase cloud infrastructure (encrypted at rest)
  • Local Storage: iOS Keychain for sensitive authentication tokens
  • Temporary Storage: Device cache for offline functionality

Security Measures

  • Encryption: All data transmitted using TLS 1.3 or higher
  • Authentication: Secure token-based authentication via Supabase Auth
  • Access Controls: Row-level security policies on all database tables
  • Regular Updates: Security patches applied promptly

Data Sharing and Disclosure

We DO NOT:

  • Sell your personal information
  • Share data with advertisers
  • Use your health data for marketing

We MAY Share Data:

  1. With Your Consent: When you explicitly authorize sharing
  2. Service Providers: Supabase for backend services (under strict data processing agreements)
  3. Legal Requirements: If required by law or valid legal process
  4. Safety: To protect rights, property, or safety of users

Third-Party Services

Supabase

We use Supabase for:

  • Authentication services
  • Database storage
  • Real-time data synchronization

Supabase's privacy policy: https://supabase.com/privacy

Apple Services

  • HealthKit: Optional integration for health data (you control what data is shared)
  • CloudKit: Optional iCloud backup (if enabled in iOS settings)
  • StoreKit: For premium subscription processing (Apple handles payment data)

Your Rights and Choices

Data Control

  • Access: View all your data within the app
  • Export: Download your data in common formats
  • Deletion: Delete your account and all associated data
  • Correction: Update incorrect information
  • Portability: Export data to use with other services

Privacy Controls

  • Permission Management: Control camera, microphone, health data access in iOS Settings
  • Data Minimization: Only provide required information
  • Opt-out: Disable analytics in app settings

Data Retention

  • Active Accounts: Data retained while account is active
  • Deleted Accounts: Data deleted within 30 days of account deletion
  • Backups: Backup data deleted within 90 days
  • Legal Holds: Data may be retained longer if legally required

Children's Privacy

Calorify is not intended for children under 4. We do not knowingly collect data from children under 4. If you believe we have collected data from a child, please contact us immediately.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of sale (we do not sell personal information)
  • Right to non-discrimination for exercising privacy rights

European Privacy Rights (GDPR)

EU residents have additional rights:

  • Right to be informed about data processing
  • Right of access to personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes via:

  • In-app notifications
  • Email to your registered address
  • Update notice on first app launch

Contact Us

For privacy-related questions or concerns:

Email: lkmcelik@hotmail.com

Legal Basis for Processing (GDPR)

We process your data based on:

  1. Consent: For health data and optional features
  2. Contract: To provide services you've requested
  3. Legitimate Interests: For app improvement and security
  4. Legal Obligation: When required by law

Privacy by Design

Calorify implements privacy by design principles:

  • Data Minimization: Collect only necessary data
  • Purpose Limitation: Use data only for stated purposes
  • Default Privacy: Privacy-protective defaults
  • Transparency: Clear information about data practices
  • User Control: Easy-to-use privacy controls
  • Security First: Built-in security measures

This privacy policy is effective as of the date listed above and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.