Privacy Policy

Last updated: April 12, 2026

Calorie Crusher ("we", "our", "us") operates the Calorie Crusher mobile application (the "App") and the website at caloriecrusher.ai (the "Site"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data.

By using the App or Site, you consent to the practices described in this policy. If you do not agree, please do not use the App.

1. Information We Collect

1.1 Personal Data You Provide

Email address — used solely for account creation and sign-in. This is the only personally identifiable information we store. We do not collect your name, phone number, physical address, or any other personal identifiers.

1.2 Data You Create Within the App

When you use the App, you may create the following data which is stored in your account:

• Food logs and nutrition data: Meals you log, AI-generated calorie and macro estimates, micronutrient data, daily goals, weight entries, recipes, and shopping lists.
• Chat history: Conversations with the AI calorie assistant, including text messages you send.
• Dietary preferences: Food preferences, likes, dislikes, and dietary restrictions you configure.

1.3 Data Collected With Your Permission

The following data is collected only when you explicitly grant permission through iOS system prompts:

• Health data (HealthKit): Active calories burned, read from Apple HealthKit to display your daily energy balance. See Section 7 for detailed HealthKit disclosures.
• Photos: Meal photos you choose to capture or select for AI-based calorie estimation. Photos are transmitted to our servers for processing.
• Approximate location: Coarse location (city-level) used to improve local food and shopping search results. We do not access precise GPS coordinates or track location history.

1.4 Automatically Collected Data

We collect minimal technical data to operate and maintain the service:

• API usage metrics: Request counts, response times, and error rates — used for service reliability monitoring.
• Device type and OS version: Sent with API requests for compatibility purposes.

We do not use third-party analytics SDKs (no Google Analytics, Firebase Analytics, Mixpanel, or similar). We do not use advertising SDKs or tracking frameworks. We do not collect device advertising identifiers (IDFA).

2. How We Use Your Information

We use the information described above for the following purposes:

• Provide core functionality: AI calorie estimation, food logging, nutrition tracking, recipe suggestions, and shopping list management.
• Display your progress: Daily intake summaries, macro breakdowns, trends, and goal tracking.
• Personalize AI responses: Use your dietary preferences and chat history to provide relevant, context-aware nutrition guidance.
• Account management: Sign-in, authentication, and subscription management.
• Service maintenance: Monitor API performance, diagnose errors, and improve reliability.
• Communication: Send essential account-related emails (e.g., password reset, critical service notices). We do not send marketing emails.

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA) or the United Kingdom, we process your data under the following legal bases:

• Contract performance: Processing necessary to provide the App and its features (Article 6(1)(b) GDPR).
• Consent: For optional data such as HealthKit access, photos, and location — you grant or revoke consent through iOS system permissions (Article 6(1)(a) GDPR).
• Legitimate interests: Service reliability monitoring and fraud prevention (Article 6(1)(f) GDPR).
• Legal obligation: When required to comply with applicable laws (Article 6(1)(c) GDPR).

4. AI Processing and Third-Party Services

Your food descriptions and meal photos are processed by third-party AI services to generate calorie and nutrition estimates:

• OpenAI — processes food text descriptions and meal photos to estimate calories, macros, and micronutrients. OpenAI processes this data according to their privacy policy.
• xAI (Grok) — used as a fallback AI provider when the primary service is unavailable.

We do not send the following to AI providers: your email address, health data, location data, personal identifiers, or any data that could identify you personally. AI providers receive only the food-related content of your request.

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We share data only with the following categories of service providers, strictly for operating the App:

• AI processing providers (OpenAI, xAI) — food descriptions and photos only, as described in Section 4.
• Cloud infrastructure (Oracle Cloud) — servers and databases that host the App backend.
• Database provider (MongoDB Atlas) — stores your account and food log data.
• Email delivery (SMTP provider) — sends account-related emails only.
• Payment processing (Apple App Store) — manages subscriptions. We do not directly process payment information.

We may also disclose data when required by law, court order, or governmental authority, or to protect the rights, safety, or property of our users or the public.

6. Data Retention

• Account data (email): Retained for as long as your account is active. Deleted upon account deletion request.
• Food logs and chat history: Retained for as long as your account is active. You can delete individual entries within the App or request full deletion.
• API usage metrics: Retained for up to 30 days, then automatically purged.
• Photos: Processed in real-time for AI estimation. Not stored permanently on our servers after processing.
• AI conversation context: Stored on OpenAI servers with store: true for response chaining. Subject to OpenAI's data retention policies.

When you delete your account, we delete all associated data from our systems within 30 days, except where retention is required by law.

7. Apple HealthKit Data

We integrate with Apple HealthKit solely to read active energy burned (calories) and display it alongside your food intake for a complete daily energy balance view. We comply fully with Apple's HealthKit guidelines:

• HealthKit data is never sold to third parties, data brokers, or advertisers.
• HealthKit data is never used for advertising, marketing, or user profiling.
• HealthKit data is never shared with third parties except as displayed to you within the App.
• HealthKit data is not stored on our servers — it is read from the device and displayed in real-time.
• HealthKit data is never disclosed to AI providers or any external service.
• You can revoke HealthKit access at any time in iOS Settings > Privacy & Security > Health.

8. Data Storage and Security

We take the security of your data seriously:

• Encryption in transit: All data transmitted between the App and our servers is encrypted using TLS (HTTPS).
• Encryption at rest: Database storage is encrypted at rest.
• Authentication: Secure token-based authentication (JWT) for all API requests.
• Access control: Server infrastructure uses private subnets, firewalls, and role-based access.
• Secure credential storage: Authentication tokens are stored using iOS Keychain (via flutter_secure_storage).

While we implement industry-standard security measures, no system is 100% secure. If you become aware of a security issue, please contact us immediately at support@caloriecrusher.ai.

9. International Data Transfers

Our servers are located in the United Kingdom (Oracle Cloud, London region). If you access the App from outside the UK, your data will be transferred to and processed in the UK. For EEA users, the UK is recognized as providing an adequate level of data protection.

AI processing via OpenAI may involve data transfer to the United States. OpenAI participates in standard contractual clauses and other transfer mechanisms to ensure adequate protection.

10. Your Rights

10.1 All Users

• Access: Request a copy of the data we hold about you.
• Deletion: Request deletion of your account and all associated data.
• Correction: Update or correct your data within the App or by contacting us.
• Permissions: Revoke HealthKit, camera, photo library, or location permissions at any time in iOS Settings.

10.2 EEA and UK Users (GDPR)

In addition to the above, you have the right to:

• Data portability: Receive your data in a structured, machine-readable format.
• Restriction: Request restriction of processing in certain circumstances.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Withdraw consent at any time for consent-based processing, without affecting the lawfulness of prior processing.
• Lodge a complaint: File a complaint with your local data protection authority (e.g., the UK Information Commissioner's Office at ico.org.uk).

10.3 California Users (CCPA/CPRA)

• You have the right to know what personal information we collect and how it is used.
• You have the right to request deletion of your personal information.
• We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
• We do not respond to Do Not Track (DNT) browser signals, as there is no uniform standard for DNT.

11. Children's Privacy

The App is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we learn that we have collected data from a child under the applicable age, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at support@caloriecrusher.ai.

12. Cookies and Tracking

The App does not use cookies. The website at caloriecrusher.ai does not use analytics cookies, advertising cookies, or tracking technologies. No third-party cookies are set.

13. Third-Party Links

The App or Site may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

14. Business Transfers

If Calorie Crusher is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you via email or prominent notice in the App before your data is transferred and becomes subject to a different privacy policy.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page with a revised "Last updated" date.
• Sending an email notification for significant changes.
• Displaying an in-app notice when applicable.

Your continued use of the App after changes are posted constitutes acceptance of the revised policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: support@caloriecrusher.ai

Website: https://caloriecrusher.ai