Privacy Policy

1. Information We Collect

CalorieTally collects various types of information to provide our AI-powered nutrition tracking service:

1.1 Account and Profile Information

• Registration Data: Username, email address, and password
• Profile Details: Age, gender, height, weight, and activity level
• Health Metrics: BMR (Basal Metabolic Rate) and TDEE (Total Daily Energy Expenditure) calculations
• Goals: Weight goals (lose, gain, maintain), target weight, weekly rate preferences
• Meal Goals: Daily calorie targets, protein, carbohydrate, and fat macronutrient goals
• Preferences: Timezone, notification settings, and onboarding completion status

1.2 Nutrition and Meal Data

• Meal Entries: Food names, descriptions, meal types (breakfast, lunch, dinner, snack)
• Nutritional Information: Calories, protein, carbohydrates, fat content, and health scores
• Food Images: Photos of meals and nutrition labels uploaded for AI analysis
• Voice Recordings: Audio recordings of meal descriptions (transcribed and then deleted)
• Entry Method: How meals were logged (text, image, or audio input)
• Meal Timestamps: When meals were eaten and logged

1.3 AI Chat Data (Premium Feature)

• Chat Messages: Questions and responses in conversations with our AI nutritionist
• Chat Sessions: Conversation history and session metadata
• Usage Limits: Daily message counts and plan-based restrictions
• AI Model Information: Which AI model was used for responses

1.4 Payment and Subscription Data

• Subscription Information: Plan type (Free, Basic, Premium), billing frequency, and status
• PayPal Data: PayPal subscription IDs and payment transaction records
• Billing History: Payment dates, amounts, and subscription changes
• Free Trial Tracking: Trial start dates and expiration

1.5 Technical and Usage Data

• Device Information: Browser type, operating system, and device identifiers
• Usage Analytics: Feature usage, session duration, and interaction patterns
• Error Logs: Technical errors and application performance data
• IP Address: For security, location detection, and service provision
• Cookies: Session management, preferences, and analytics tracking

1.6 Authentication Data

• Google OAuth: If you sign in with Google, we receive your email and basic profile information
• Email Verification: Verification tokens and confirmation status
• Login History: Login timestamps and authentication methods

2. How We Use Your Information

We use collected information for the following specific purposes:

2.1 AI-Powered Nutrition Analysis

• Processing food descriptions, images, and audio through AI models
• Calculating nutritional content (calories, protein, carbs, fat) for meals
• Generating health scores and meal recommendations
• Improving AI accuracy through machine learning
• Providing food recognition from photos and nutrition labels

2.2 Personalized Goal Setting and Tracking

• Calculating BMR and TDEE based on your physical characteristics
• Setting appropriate calorie and macronutrient targets
• Tracking progress toward weight and nutrition goals
• Generating analytics and progress reports
• Creating personalized dashboard views

2.3 AI Nutritionist Chat (Premium)

• Providing conversational AI responses to nutrition questions
• Maintaining chat history for context and reference
• Enforcing usage limits based on subscription plans
• Improving AI chat responses through conversation analysis

2.4 Service Operations

• Creating and maintaining user accounts
• Processing subscription payments through PayPal
• Sending onboarding and welcome emails
• Providing customer support and troubleshooting
• Ensuring security and preventing fraud
• Managing free trials and subscription changes

3. Information Sharing and Disclosure

3.1 Third-Party Service Providers

We share information with trusted service providers who help us operate CalorieTally:

• PayPal: Payment processing, subscription management, and billing
• Google OAuth: Account authentication and email verification
• AI Service Providers: Food recognition, image analysis, and natural language processing
• Cloud Storage: Secure hosting of your data, images, and application files
• Email Services: Delivery of welcome emails, notifications, and support communications
• Analytics Tools: Understanding app usage and improving performance

3.2 Legal Requirements

We may disclose information when required by law:

• In response to court orders, subpoenas, or legal processes
• To comply with government investigations or regulatory requests
• To protect our rights, property, or safety, and that of our users
• To prevent fraud, abuse, or illegal activities
• In emergency situations to protect someone's safety

3.3 Business Transfers

If CalorieTally is acquired or merged, user information may be transferred as part of that transaction, subject to appropriate privacy protections.

3.4 Anonymized Data

We may share aggregated, anonymized nutrition data that cannot identify individual users to:

• Improve our AI models and food recognition accuracy
• Conduct nutrition research and analysis
• Develop new features and services
• Share general usage statistics

4. Data Security and Protection

We implement comprehensive security measures to protect your personal and health information:

4.1 Encryption and Secure Storage

• Data in Transit: All communications use TLS encryption
• Data at Rest: Your information is encrypted in our databases
• Image Storage: Food photos are securely stored with access controls
• Password Protection: Passwords are hashed and never stored in plain text

4.2 Access Controls

• Employee access to user data is strictly limited and monitored
• Multi-factor authentication for administrative access
• Regular security audits and vulnerability assessments
• Incident response procedures for potential data breaches

4.3 Audio Data Protection

• Voice recordings are processed for transcription and then permanently deleted
• Audio files are never stored long-term on our servers
• Transcription occurs in secure, encrypted environments
• Only text transcriptions are retained for meal logging

5. Data Retention and Deletion

We retain your information for different periods depending on its type and purpose:

5.1 Account and Profile Data

• Active Accounts: Retained while your account is active
• Deleted Accounts: Permanently deleted within 90 days of account deletion
• Profile Updates: Previous profile data is overwritten with new information

5.2 Meal and Nutrition Data

• Meal Logs: Retained to provide historical tracking and analytics
• Food Images: Stored until account deletion or individual image removal
• Nutritional Calculations: Retained for progress tracking and AI improvement
• Manual Deletion: You can delete individual meal entries at any time

5.3 Chat and Communication Data

• AI Chat History: Retained to provide conversation context and improve AI responses
• Support Communications: Retained for 2 years for quality assurance
• Email Communications: Delivery records retained as required by law

5.4 Payment and Subscription Data

• PayPal Records: Retained as required by financial regulations (typically 7 years)
• Subscription History: Retained for account management and support
• Billing Information: Processed by PayPal and not stored on our servers

6. Your Privacy Rights and Controls

You have several rights and controls over your personal information:

6.1 Account Management

• Profile Updates: Change your personal information, goals, and preferences
• Password Changes: Update your account password at any time
• Email Preferences: Control marketing and notification emails
• Account Deletion: Delete your entire account and associated data

6.2 Data Access and Portability

• Data Export: Download your meal data, analytics, and account information
• Meal History: View and download your complete nutrition tracking history
• Progress Reports: Export PDF reports of your nutrition and weight progress

6.3 Data Correction and Deletion

• Meal Editing: Modify or delete individual meal entries
• Goal Updates: Change your weight and nutrition goals
• Image Removal: Delete specific food photos from your account
• Chat Deletion: Delete individual chat messages or entire conversations

7. Children's Privacy

CalorieTally is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete such information promptly and disable the account.

8. International Data Transfers

CalorieTally operates globally and may transfer your information to countries other than your own. We ensure appropriate safeguards for international transfers through:

• Using cloud providers with global data protection certifications
• Implementing standard contractual clauses for data transfers
• Ensuring equivalent privacy protections in all jurisdictions
• Obtaining explicit consent for transfers when required by law

9. Regional Privacy Rights

9.1 California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it's used
• Delete your personal information (with certain exceptions)
• Opt-out of the sale of personal information (we don't sell data)
• Non-discrimination for exercising your privacy rights
• Request specific information about data sharing with third parties

9.2 European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, you have the right to:

• Access, rectify, and erase your personal data
• Restrict or object to processing of your data
• Data portability for your nutrition and meal information
• Withdraw consent for AI processing and analytics
• Lodge a complaint with your local data protection authority

10. AI and Machine Learning

CalorieTally uses artificial intelligence extensively. Here's how AI affects your privacy:

10.1 AI Training and Improvement

• Your meal data helps improve our food recognition algorithms
• Images are analyzed to enhance AI accuracy for future users
• Chat conversations help improve AI nutritionist responses
• All AI training uses anonymized, aggregated data

10.2 Automated Decision Making

• AI calculates nutritional content based on your meal descriptions
• Algorithms generate health scores and meal recommendations
• You can always manually edit AI-generated nutritional information
• AI decisions do not have legal or similarly significant effects

11. Email Communications

We send several types of emails as part of our service:

11.1 Required Service Emails

• Welcome emails after account registration
• Email verification and confirmation messages
• Password reset and security notifications
• Subscription and billing confirmations

11.2 Optional Communications

• Nutrition tips and health information
• Feature updates and service announcements
• Progress reminders and goal encouragement
• Marketing communications about new features

You can opt out of optional communications while continuing to receive required service emails.

12. Third-Party Links and Integrations

CalorieTally may contain links to third-party websites or integrate with external services. This Privacy Policy does not apply to such third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

• Changes to our data practices or AI technology
• New features or subscription plans
• Legal or regulatory requirements
• User feedback and privacy improvements

We will notify you of material changes via email or in-app notification. Continued use after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

For questions about this Privacy Policy or your personal information:

• Support: support@calorietally.com