Privacy Policy

Personal Data: Information relating to an identified or identifiable individual.

Usage Data: Information collected automatically through use of the Service or the underlying infrastructure (for example, access times, session duration, or diagnostic data).

Cookies: Small files stored on your device that may be used for authentication, preferences, or analytics, where applicable.

Data Controller: The entity that determines the purposes and means of processing personal data.

Data Processors (Service Providers): Entities that process personal data on behalf of the Data Controller.

Data Subject: The identified or identifiable individual to whom Personal Data relates.

User: The individual who accesses or uses the Service, who may also be the Data Subject.

Personal Data: We may ask you to provide information such as your email address, first name, and last name when you register or contact us.

Nutrition, wellness, and app content: We process and store data you enter or generate in Caloera—such as food and water logging, search and barcode lookups, body metrics and goals, saved recipes, notification preferences, and related profile fields—on our systems so the Service can sync, show your history, and provide the features you use. This is linked to your account. For Apple Health and Google Health Connect, see Section 8: we do not upload those on-device health readings to our servers.

Device and session data: When you use the Service on a mobile device, we may collect information such as device type, operating system, unique device identifiers, IP address, app version, and diagnostic and performance data. If you use features that capture images, the camera is accessed only when you choose to do so, in accordance with your device permissions.

Usage data: We collect information about how the Service is accessed and used, including feature interactions, approximate timestamps, and error or diagnostic data, to maintain reliability and develop improvements.

• Operating and maintaining the Service, including authentication, synchronization, and feature delivery.

• Communicating with you about updates, support requests, and important administrative notices.

• Enabling optional interactive features when you elect to use them.

• Providing customer support and responding to inquiries.

• Analyzing usage in aggregate or de-identified form to understand performance and to improve the Service.

• Detecting, investigating, and helping prevent technical issues, fraud, abuse, or security incidents.

• Where permitted by law and, where required, with your consent, sending promotional communications about products or services you may opt out of as described in applicable notices or in your account settings.

Usage and diagnostic data are typically kept for a shorter period, except where retention is justified for security, fraud prevention, service improvement, or legal compliance.

If you are located outside Austria and use the Service, you understand that your information may be transferred to and processed in Austria (including Vienna), where our primary operations are based.

Where we transfer Personal Data across borders, we implement appropriate safeguards in line with applicable law, such as contractual clauses or other mechanisms recognized by relevant regulators, where required.

• Comply with applicable law, regulation, legal process, or governmental request.

• Protect the rights, property, or safety of Caloera, our users, or others, including to enforce our agreements or policies.

• Investigate fraud, security, or technical issues, or to respond to user support needs.

We do not use information read from HealthKit or Health Connect for marketing, advertising, or use-based data mining, and we do not sell, rent, or license that health or activity data to third parties or data brokers.

This data is processed on your device to display in Caloera. We do not upload HealthKit or Health Connect health or activity readings to Caloera’s servers. You can grant or revoke access at any time in your device settings (iOS: Settings → Privacy & Security → Health; Android: the Health Connect app and system permissions for Caloera).

Authentication: Clerk provides sign-up, sign-in, multi-factor authentication, and session services. Categories of data may include your email, phone, name, profile information, IP address, device identifiers, and authentication events. See: https://clerk.com/legal/privacy

Build and infrastructure: We use Expo (EAS) for application builds and distribution; Expo may process build artifacts and related metadata. We use Sevalla (Kinsta) for hosting. See: https://expo.dev/privacy and https://kinsta.com/legal/privacy-policy

Push notifications: We use Expo’s push service to send reminders you have configured. A device push token is processed to deliver those notifications. You can disable notifications in your device or in-app settings. See: https://expo.dev/privacy

Apple Health (HealthKit) and Google Health Connect: For how we use data read on your device, see Section 8. Apple: https://www.apple.com/legal/privacy/ · Google (Health Connect): https://policies.google.com/privacy

Payments: In-app purchases are processed by the platform (Apple or Google) and, where applicable, by RevenueCat; we do not receive or store your full payment card number on our own systems. Processors are subject to industry security standards (such as PCI-DSS) where applicable.

Direct marketing: Where permitted, we may send product updates or promotional emails. You may opt out at any time via unsubscribe links or by contacting us.

Open Food Facts: We use this open database to supplement product information. We transmit search queries or barcodes as needed to retrieve food data, not a full user profile, as described in their policy: https://world.openfoodfacts.org/privacy

OpenAI: Certain AI features send your input (for example, text you enter or a meal image you select) to OpenAI for processing. We structure requests to focus on the food-related content you submit. See: https://openai.com/policies/privacy-policy

RevenueCat: Manages subscription and entitlement state between your app install and the app stores, using identifiers required for that purpose. See: https://www.revenuecat.com/privacy

We encourage you to read each provider’s privacy policy for a complete description of their practices.

We are not responsible for the content, practices, or security of third-party resources. We encourage you to review the policies of any site you visit before providing personal information.

To exercise these rights, contact us at support@caloera.com. We will respond within the timeframe required by law (typically one month, subject to extension where permitted).

We process Personal Data where we have a valid legal basis, such as performance of a contract, consent, legitimate interests (where not overridden by your rights), compliance with a legal obligation, or protection of vital interests, as applicable to each processing activity.

In the preceding 12 months, we may have collected categories such as identifiers (for example, name, email) and network or service interaction data. We do not "sell" personal information as that term is defined by the CCPA/CPRA.

To submit a request, contact support@caloera.com. We will verify your identity in accordance with applicable law and respond within 45 days (or up to 90 days where a permitted extension applies).

The Service is not a traditional advertising-funded website; we do not use third-party cross-context behavioral advertising trackers as part of the Service. If your browser sends a Do Not Track signal, we do not use that signal to profile you for advertising because we do not run interest-based advertising through the app in that manner.

Where required by law, we will provide additional notice. Continued use of the Service after the effective date of an update constitutes your acceptance of the revised Policy, to the extent permitted by law. If you do not agree, you should stop using the Service.

General contact: contact@caloera.com

Privacy requests: support@caloera.com