Privacy Policy

Effective date: May 11, 2026 · Last updated: May 11, 2026

This Privacy Policy explains how Caloy ("Caloy", "we", "us", or "our") collects, uses, shares, and protects information when you use our iOS application and related services (collectively, the "Service"). By using Caloy, you agree to the practices described below.

1. Who we are

Caloy is operated by the developer listed on the Caloy App Store page (the "Developer"). The Developer is the data controller responsible for the personal data described in this Policy. If you have privacy questions, contact us at support@caloyapp.com.

2. Information we collect

2.1 Sign in with Apple

Caloy uses Sign in with Apple at the end of onboarding to create your account and back up your data across devices and reinstalls. When you sign in, Apple shares with us:

• A stable, unique Apple-provided user identifier (a long opaque string, not your real Apple ID).
• Your name, only if you choose to share it on the Apple sign-in sheet.
• An email address — either your real Apple ID email or Apple's privacy relay address (@privaterelay.appleid.com) — if you choose to share it.

You may decline to share your name and use a relay email. We do not receive any other Apple ID information.

2.2 Profile and onboarding data

During the onboarding flow you enter the following so Caloy can calculate your personalized calorie and macro targets:

• Age, sex, height, and current weight.
• Target weight and weight goal (lose, maintain, or gain).
• Weekly pace (e.g. 0.25, 0.40, or 0.50 kg per week).
• Activity level.
• Tracking style (e.g. casual, focused, detailed).
• Eating rhythm and meal times.
• Meals per day.
• Nutrition preference (e.g. no preference, vegetarian, vegan, keto, low-carb, high-protein, balanced, paleo, DASH, Mediterranean).
• Long-term motivation and goal context.
• Reminder preferences (which reminders to send and at what time).

2.3 Daily food, water, and progress data

• Meal logs: photos you take with the camera, AI-estimated foods, ingredients, portion sizes, calories, and macros.
• Water logs: hydration entries you record.
• Weight check-ins: weight values you enter over time.
• Gamification telemetry: streak counts, badges unlocked, and when each badge was earned — used to display your Achievements view.

2.4 Information collected automatically

• Device information: device model, operating system version, app version, and language.
• IP address: collected by our backend (Firebase) for spam prevention and rough geolocation (country/region). We do not store precise location.
• Usage data and crash reports: screens viewed, features used, and crash diagnostic data via Firebase Crashlytics and Analytics — used to improve the app.
• Subscription status: whether you have an active Caloy Premium subscription (managed by Apple and RevenueCat).
• Push notification token (only if you grant notification permission): used to deliver meal, water, and reminder pings.
• Attribution & install measurement: via AppsFlyer (configured in SKAdNetwork-only mode), we measure where new Caloy installs come from (e.g. App Store search, a paid campaign, a referral link) and a small set of post-install events (e.g. "started trial", "subscribed"). We share only a per-app vendor identifier (Apple IDFV) and the aggregated, privacy-preserving postbacks that iOS itself generates through Apple's SKAdNetwork / AdAttributionKit. We do not collect Apple's device-level advertising identifier (IDFA), we do not ask you for App Tracking Transparency permission, and we do not link your data with data from other companies' apps or websites for advertising purposes.
• Customer support correspondence: when you email support@caloyapp.com, we retain the email thread (your message, attached screenshots, and our reply) so we can follow up and resolve your issue. Support correspondence is kept for up to 24 months after the case is closed, then deleted.

2.5 What we do not collect

• We do not access your contacts, calendar, location precise to street level, microphone, or HealthKit data.
• We do not access your photo library to read existing photos — only photos you actively capture inside the meal scanner, or images you explicitly pick to import a meal.
• We do not collect Apple's device-level advertising identifier (IDFA), we do not ask you for App Tracking Transparency permission, and we do not show in-app advertising.

3. How we use information

• To calculate your daily calorie and macro targets from the profile data you provide.
• To analyze meal photos with AI and return calorie and macro estimates.
• To generate a weekly meal plan that fits your goal, preferences, and lifestyle.
• To save your food, water, weight, and achievement history so you can view it later and restore it across reinstalls.
• To send the reminders you have opted into (meal pings, water reminders, evening summaries).
• To diagnose crashes, detect abuse, and improve the app.
• To verify subscription status and process purchases through Apple and RevenueCat.
• To measure, in aggregate and without your device's advertising identifier, which marketing channel brought you to Caloy, so we can evaluate the effectiveness of our marketing (see §2.4).

We do not sell your personal information. We do not show in-app advertising and we do not retarget you with ads elsewhere. We do not link your in-app data with data from other companies' apps or websites for advertising purposes. We do not share your health, food, water, weight, photo, or achievement data with any advertiser or ad network — the only thing shared for marketing measurement is the aggregated, privacy-preserving install attribution data described in §2.4.

3.1 Legal basis for processing (GDPR users)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following lawful bases under Article 6 GDPR:

• Contract (Article 6(1)(b)): processing necessary to provide the Service you signed up for — calculating your calorie targets, saving meals, generating meal plans, and syncing your account.
• Consent (Article 6(1)(a)): push notifications, camera access, photo selection, and processing of health-adjacent data (see §3.2). You can withdraw consent at any time by revoking the relevant iOS permission or by deleting your account.
• Legitimate interests (Article 6(1)(f)): crash diagnostics, abuse prevention, basic analytics to improve the app, and product security. Our interest in operating a secure, working service is balanced against your privacy interests, and you can object via support@caloyapp.com.
• Legal obligation (Article 6(1)(c)): retaining purchase records to meet tax and consumer-protection requirements.

3.2 Health-adjacent data (GDPR Article 9)

Some of the data you enter (current weight, target weight, height, sex, age, and food choices) may qualify as "data concerning health" under Article 9 GDPR. We process this data only with your explicit consent, given when you complete the Caloy onboarding and confirm your Apple sign-in. This data is used solely to calculate personalized calorie and macro targets and to generate your meal plan — never for profiling outside the app or for marketing. You can withdraw this consent at any time by deleting your account (see §6).

3.3 Automated decision-making

Caloy's AI estimates of calories and macros, and the meal-plan generator, are automated and produced without human review. These are informational estimates only — they do not produce legal or similarly significant effects on you (Article 22 GDPR is not triggered). You can always edit any AI-generated value before saving it to your log.

Note: Caloy's recipe catalog (the ~2,000 recipes used by the meal planner) is pre-generated and stored statically on our servers — recipes are not created on demand from your personal data. The meal planner selects from this fixed catalog based on your preferences; it does not feed your personal data into any generative AI at meal-plan time. See our Terms §6.1 for details on how the catalog itself was produced.

4. AI processing of your meal photos

When you scan a meal, Caloy sends the photo to Google's Gemini 2.5 Flash model (Generative Language API) through our secure backend (Google Cloud Functions) to identify the food and estimate calories and macros. The photo is processed transiently to produce a result; under Google's API data usage policy for the Generative Language API, prompts and responses are not used to train Google's general-purpose AI models.

A compressed JPEG copy of the meal photo (≈30–60 KB) is stored in our Firebase Storage bucket under your account so you can review or edit the scan later. Photos in this bucket are automatically deleted by our 15-day Google Cloud Storage lifecycle rule. Only the resulting nutrition data (calories, macros, ingredients) is kept in your long-term meal log.

4.1 Food database queries (text search and barcode lookup)

When you search the food database by text, or scan a product barcode, Caloy's backend queries two public nutrition data sources to return the result:

• USDA FoodData Central (fdc.nal.usda.gov) — U.S. government nutrition reference database, public domain.
• Open Food Facts (world.openfoodfacts.org) — community-maintained packaged-product database, made available under the Open Database License (ODbL).

Only the food name you typed or the barcode you scanned is forwarded to these sources. No personal identifiers, account IDs, device IDs, IP address, or other profile data is included — these databases simply return matching nutrition records, which Caloy then displays to you.

5. Third-party services we use

Caloy relies on the following processors to operate. Each handles only the data necessary for its function and is bound by its own privacy commitments.

• Apple — handles Sign in with Apple, App Store distribution, in-app purchases, App Attest device verification, and push notification delivery. Apple Privacy.
• Google Firebase (Authentication, Realtime Database, Storage, Cloud Functions, Crashlytics, Analytics) — stores your user account, profile, meal photos, and daily logs; processes callable function requests; and reports crashes. Firebase Privacy.
• Google Generative Language API (Gemini 2.5 Flash) — receives meal photos and structured prompts via our backend to generate calorie and macro estimates. Prompts and responses are not used to train Google's general models per the Generative Language API data policy. Gemini API Terms.
• fal.ai (ByteDance Seedream and Flux models) — used only on the server side to generate the static recipe catalog and decorative images. No user-supplied photos or personal data are sent to fal.ai. fal.ai Privacy.
• RevenueCat — manages your Caloy Premium subscription, trial state, and purchase entitlements. RevenueCat Privacy.
• AppsFlyer (configured in SKAdNetwork-only mode) — mobile attribution and install-measurement provider. Receives a per-app vendor identifier (Apple IDFV), basic device information, the source of your install (e.g. App Store, paid campaign, referral link), and a small set of in-app events (e.g. "trial started", "subscription purchased") used to measure marketing performance. AppsFlyer does not receive Apple's device-level advertising identifier (IDFA) and does not link your data with data from other companies' apps or websites for advertising purposes. AppsFlyer does not receive your meal photos, health-adjacent profile data, or any food / water / weight / achievement log content. AppsFlyer Privacy.

6. Data retention

• Account & profile: retained for as long as your Sign in with Apple account remains active.
• Meal photos: automatically deleted after 15 days via Google Cloud Storage lifecycle.
• Meal nutrition logs, water, weight, badges: retained as long as your account is active so you can view your history.
• Crash logs and analytics: retained according to Firebase's standard retention windows.

You can request immediate deletion of all data tied to your Caloy account by emailing support@caloyapp.com, or by revoking Sign in with Apple in iPhone Settings → Apple ID → Sign in with Apple → Caloy.

7. Your rights

Depending on your location, you may have the following rights:

• Access (GDPR Art. 15): request a copy of the data we hold about you.
• Correction (Art. 16): ask us to correct inaccurate data.
• Deletion (Art. 17, "right to be forgotten"): ask us to delete your data.
• Restriction (Art. 18): ask us to limit processing while a dispute or correction is resolved.
• Portability (Art. 20): receive your data in a machine-readable format (JSON export available on request).
• Object (Art. 21): object to processing based on our legitimate interests — for example, crash diagnostics, abuse prevention, or basic analytics described in §3.1. We will stop the objected processing unless we can show overriding legitimate grounds.
• Opt-out of "sale" of personal information (we do not sell — but California residents may exercise this right under the CCPA).

To exercise any of these rights, email support@caloyapp.com from the email tied to your Apple ID, or include the Apple user identifier shown in Caloy's Settings → About screen so we can locate the correct record.

7.1 Right to lodge a complaint

If you are in the EU/EEA, the UK, or Switzerland, you have the right to lodge a complaint with your local data-protection supervisory authority — for example, the Bulgarian Commission for Personal Data Protection (cpdp.bg), or the supervisory authority of your habitual residence. We would, however, appreciate the opportunity to address your concerns directly before you escalate — please reach out to support@caloyapp.com.

8. Security

Data in transit between your device and our backend is encrypted using TLS. Data at rest in Firebase Realtime Database and Firebase Storage is protected by industry-standard encryption. Access to our paid AI endpoints is protected by Firebase Authentication and per-user rate limits to prevent abuse.

9. Children's privacy

Caloy is not intended for users under 13 years old. We do not knowingly collect data from children under 13. If you believe a child under 13 has provided data to Caloy, contact us and we will delete it promptly.

If you are in the European Economic Area, the United Kingdom, or Switzerland and are between 13 and the age of digital consent in your country (which under GDPR Article 8 can be set between 13 and 16 — for example, 16 in Germany, the Netherlands, and Luxembourg; 14 in Spain and Croatia; 15 in France), please make sure a parent or guardian has reviewed this Policy with you and agrees to your use of Caloy.

10. International transfers

Our backend (Apple, Firebase, Google Generative Language API, fal.ai, RevenueCat) is hosted primarily in the United States. If you use Caloy from outside the US, your data will be transferred to and processed in the US under standard contractual clauses or equivalent safeguards.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top and, where appropriate, notify you in the app. Continued use of Caloy after a change constitutes acceptance of the revised policy.

12. Contact

Questions, requests, or complaints? Email support@caloyapp.com.