Privacy Policy

Effective from: May 2026

1. Information We Collect

1.1 Personal Information (Provided by You)

• Account Information: Name, email address, and profile photo obtained through Google Sign-In or Apple Sign-In.
• Profile Data: Gender, age, height, weight, goal weight, activity level, and dietary preferences entered during onboarding.
• Body Measurements: Waist, neck, and hip circumference (user-entered via tape measure, not sensor-based).
• Food & Nutrition Logs: Meal entries, food items, serving sizes, calorie and macronutrient data, custom recipes, and meal photos.
• Weight Logs: Daily weight entries and accompanying notes.
• Water Intake: Daily water consumption records.

1.2 Automatically Collected Information

• Device Information: Device type, operating system version, device identifiers, and app version.
• Usage Analytics: Screen views, feature interactions, session duration, and engagement metrics (collected via Firebase Analytics).
• Crash Reports: Application crash logs, stack traces, and error information (collected via Firebase Crashlytics) to improve app stability.
• Performance Data: App startup time, network request latency, and general performance metrics.

1.3 AI Processing Data

• Meal Photos: When you use the AI food scanning feature, your meal photos are temporarily sent to cloud AI services for nutritional analysis. Images are not stored on our servers after analysis is complete.
• AI Coach Interactions: Context data (daily nutrition summary, recent meals) may be processed by AI services to generate personalized suggestions. This data is not stored by AI providers beyond the request-response cycle.

2. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide core features including food tracking, calorie counting, weight monitoring, and body metric estimation.
• AI Analysis: To process meal photos through AI services and return estimated nutritional data.
• Personalization: To calculate personalized calorie goals, macro targets, and body composition estimates based on your profile.
• Progress Tracking: To generate charts, reports, and trend analysis of your nutrition and wellness journey.
• Notifications: To send reminders for meal logging, water intake, and weight tracking (configurable in settings).
• App Improvement: To analyze usage patterns and crash data to improve app performance, features, and user experience.
• Subscription Management: To manage your subscription status, process payments, and provide access to premium features.
• Security: To detect and prevent fraud, abuse, and unauthorized access to the App.

3. Data Sharing and Disclosure

We may share your data with the following categories of service providers, solely for the purpose of delivering our services:

3.1 Authentication Providers

• Google Sign-In: Account authentication and identity verification.
• Apple Sign-In: Account authentication and identity verification (iOS).

3.2 Cloud & Analytics Services

• Firebase (Google): Authentication, analytics, crash reporting, push notifications, and remote configuration.

3.3 AI Processing Services

• Cloud AI Providers (e.g., Google Gemini, OpenRouter, Groq): Temporary processing of meal images for nutritional analysis. Images are processed in transit and not retained by these providers.

3.4 Payment & Subscription Services

• Apple App Store / Google Play Store: Subscription billing and purchase management.
• Qonversion: Subscription status tracking and cross-platform purchase management.

3.5 Food Database Providers

• OpenFoodFacts: Open-source food product data used for barcode scanning and nutrition lookup.
• USDA FoodData Central: Reference nutritional data for food items.

3.6 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of our users and the public.

4. Data Storage and Security

• Local Storage: Your food logs, weight entries, body metrics, and other data are primarily stored locally on your device using an encrypted SQLite database.
• Cloud Synchronization: Premium/Pro users may opt to sync data to cloud servers for cross-device access. Cloud data is encrypted in transit (TLS/HTTPS) and at rest.
• Secure Credentials: Authentication tokens and sensitive credentials are stored using platform-native secure storage (iOS Keychain / Android Keystore).
• Image Processing: Meal photos sent for AI analysis are transmitted over encrypted connections and are not stored on our servers after processing.
• We implement industry-standard security measures to protect your data. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

5. Camera and Photo Permissions

• The App requests camera access to allow you to photograph meals for AI food scanning and barcode scanning.
• The App may request photo library access to allow you to select existing photos for food scanning or profile customization.
• Camera and photo permissions are optional. You can use manual food logging without granting these permissions.
• Photos taken within the App are stored locally on your device. They are only sent to cloud AI services when you explicitly use the AI scan feature.

6. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request deletion of your personal data and account. You can do this directly through Profile → Settings → Delete Account, or by emailing us.
• Data Portability: Request a copy of your data in a structured, machine-readable format.
• Opt-Out: Opt out of analytics data collection or personalized features through the App settings.
• Withdraw Consent: Withdraw your consent for data processing at any time, where consent is the legal basis for processing.

To exercise these rights, contact us at nhanntv113@gmail.com. We will respond within 30 days (or as required by your local law).

7. Children's Privacy

• CalDietAI is intended for users aged 13 years and older.
• We do not knowingly collect personal information from children under 13.
• Users between 13 and 18 must have parental or guardian consent to use the App.
• If we discover that we have inadvertently collected data from a child under 13, we will promptly delete that data.
• If you believe a child under 13 has provided us with personal information, please contact us immediately.

8. Health Data Sensitivity

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our service providers operate. We ensure appropriate safeguards are in place for such transfers, including:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Compliance with applicable cross-border data transfer regulations

10. Data Retention

• Account Data: Retained until you delete your account.
• Food & Weight Logs: Retained locally on your device. Cloud-synced data is deleted upon account deletion.
• Analytics Data: Retained for up to 24 months, then automatically anonymized or deleted.
• Crash Reports: Retained for up to 12 months for debugging purposes.
• AI Processing Data: Meal images are not stored after AI analysis. AI Coach interactions are cached locally and expire automatically.
• Subscription Data: Managed by Apple/Google and Qonversion according to their respective retention policies.

11. Third-Party Links and Services

The App may contain links or integrations with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of:

• Google Privacy Policy
• Apple Privacy Policy
• Firebase Privacy Policy
• Qonversion Privacy Policy

12. Regional Compliance

12.1 European Union (GDPR)

If you are located in the EU/EEA, you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and object to processing (Articles 15-22). Our legal bases for processing include consent, contract performance, and legitimate interests.

12.2 California (CCPA/CPRA)

California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information.

12.3 Vietnam (PDPL 91/2025)

In compliance with Vietnam's Personal Data Protection Law 91/2025 and Decree 13/2023/NĐ-CP, we provide granular consent mechanisms, the right to withdraw consent, Do Not Track support, and 72-hour breach notification.

12.4 Other Jurisdictions

• South Korea (PIPA): Data portability rights (effective March 2025).
• Thailand (PDPA): Consent-based data processing and user rights.
• Malaysia (PDPA): Data Protection Officer appointed; 72-hour breach notification.
• Indonesia (UU PDP): Compliance with personal data protection requirements.
• Japan (APPI): Explicit consent for non-essential data processing.
• China (PIPL): Cross-border data transfer compliance.
• Russia (Federal Law 152-FZ): Local data storage requirements for Russian citizens.

13. Updates to This Policy

We may update this Privacy Policy from time to time. When material changes are made:

• We will notify you through the App or via email.
• The "Effective from" date at the top of this policy will be updated.
• Continued use of the App after the effective date constitutes acceptance of the updated policy.

14. Contact Us