← Back to CaloWise

Privacy Policy

Last updated: May 2025

This Privacy Policy explains how CaloWise ("we", "us", "the app") collects, uses, and protects your information when you use our iOS application. We comply with the GDPR for EEA users, the CCPA for California residents, and other applicable privacy laws.

1. Information we collect

Information you provide:

• Account information: Name and email address when you sign in with Apple or Google.
• Health data: Age, gender, height, weight, activity level, and dietary goals you enter manually.
• Meal data: Food photos, meal descriptions, barcode scans, nutrition label scans, and text meal descriptions.

Information from third parties:

• Apple Health (optional): Step counts, active calories burned, and basal metabolic rate — only if you grant permission.
• Open Food Facts: Publicly available product nutritional data retrieved when you scan a barcode.

Automatically collected:

• Device type and operating system version.
• App usage data: features used, scan modes, crash reports.
• We do not collect precise location data.

2. How we use your information

• To calculate your personalised daily calorie and macronutrient targets.
• To analyse food photos, nutrition labels, and text descriptions using AI.
• To look up packaged food products via barcode scanning.
• To sync your progress and data across devices via Firebase.
• To manage your subscription status via RevenueCat and the Apple App Store.
• To send notifications and reminders (if you enable them).
• To comply with legal obligations.

3. AI processing of food photos and text

CaloWise uses AI to analyse your meals through five methods:

• AI Food Photo — camera or gallery photo analysed by AI and Cloud Functions.
• Nutrition Label Scan — camera photo of a nutrition facts label analysed by AI.
• Barcode Scan — product barcode looked up in the Open Food Facts public database. No AI is involved and no image is transmitted.
• Gallery Photo — photo from your device library analysed by AI.
• AI Text Input — text description of a meal analysed by AI.

Photos are compressed and sent securely (TLS) to our Firebase Cloud Functions hosted on Google Cloud (us-central1), which forward them to Anthropic's API. Images and text are not retained after analysis completes and are not used to train AI models.

4. Data sharing

We do not sell your personal data. We share data only with the service providers required to operate the app:

• Firebase (Google Cloud): Authentication, database storage, and cloud function hosting.
• Anthropic: AI food recognition — photos and text descriptions only; no personal identifiers are shared.
• Open Food Facts: Barcode lookups (your device queries their public API; no personal data is shared).
• RevenueCat: Subscription management and receipt validation. RevenueCat receives your anonymised app user ID and App Store receipts only — not your name, email, or payment card details.
• Apple: App Store payment processing and (optionally) Apple Health sync.
• Legal authorities: When required by law, court order, or government request.

All service providers are bound by data processing agreements and privacy obligations.

5. Apple Health integration

If you connect CaloWise with Apple Health:

• Read access: weight, steps, active energy burned, basal metabolic rate.
• Write access: weight entries logged in the app.
• You can revoke access at any time in iOS Settings → Privacy & Security → Health.
• Apple Health data is processed locally and never shared with third parties.

6. Subscription and RevenueCat

CaloWise requires an active premium subscription. Subscription state is managed by RevenueCat, which receives your anonymised app user ID and purchase receipts from the Apple App Store solely to verify and manage your entitlement. You can review RevenueCat's privacy policy at revenuecat.com/privacy.

7. Data retention and deletion

Your account data is retained for as long as your account is active. You may request deletion at any time by contacting us at help@calowise.app. Upon deletion, all associated personal data is permanently removed.

8. Your rights

All users may request access to, correction of, or deletion of their personal data.

EEA residents (GDPR) additionally have the right to data portability, restriction of processing, and the right to lodge a complaint with your local data protection authority. Data transfers outside the EEA are protected by Standard Contractual Clauses.

California residents (CCPA) have the right to know what data is collected, the right to delete it, and the right to opt out of sale (we do not sell data).

To exercise any of these rights, contact us at help@calowise.app.

9. Children

CaloWise is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe we have done so, contact us immediately and we will delete the information.

10. Security

Data is transmitted over HTTPS (TLS 1.2+) and stored encrypted at rest in Firebase. We follow industry-standard security practices, though no system is 100% secure.

11. International data transfers

Your data may be processed in the United States, where our cloud infrastructure and AI service providers are located. We ensure appropriate safeguards, including Standard Contractual Clauses for EEA transfers, are in place.

12. Changes to this policy

We may update this policy from time to time. Material changes will be communicated in the app and by updating the "Last updated" date above. Continued use of CaloWise after changes constitutes acceptance.

13. Contact

Questions about this Privacy Policy or your data? Email help@calowise.app. For GDPR inquiries, you may also contact your local data protection authority.