Privacy Policy for Calor

Last Updated: January 2, 2025

Introduction

Calor ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the App.

Information We Collect

Personal Information You Provide

When you create an account and use Calor, we collect:

• Account Information: Email address, name, and authentication credentials (if using email/password sign-in)
• Profile Information: Display name, profile photo (optional), date of birth, gender, height, current weight, goal weight, activity level
• Health & Fitness Data: Daily calorie intake, macronutrient consumption (protein, carbohydrates, fats), weight measurements, and meal logs
• Photos: Images of meals you photograph for AI-based food recognition
• User-Generated Content: Comments, posts, and reactions shared in social groups

Information Collected Automatically

• Usage Data: Features used, time spent in the app, interactions with content
• Device Information: Device type, operating system version, unique device identifiers
• Log Data: App crashes, performance data, and error reports

HealthKit Data

With your explicit permission, Calor integrates with Apple HealthKit to:

• Read your weight measurements
• Write weight data you log in Calor back to HealthKit

Camera and Photo Library

We request access to your camera and photo library to:

• Capture photos of meals for AI-based calorie estimation
• Select existing photos from your library for food analysis
• Upload meal images to our secure servers for processing

How We Use Your Information

We use the information we collect to:

1. Provide Core Services
   • Calculate personalized calorie and macro goals
   • Analyze food images using AI (OpenAI GPT-4 Vision API)
   • Track your progress toward weight and nutrition goals
   • Maintain daily streak counts for motivation
2. Social Features
   • Enable group creation and participation
   • Display posts, comments, and reactions within groups
   • Show member leaderboards and activity
3. Improve Our Services
   • Analyze app usage patterns to improve features
   • Identify and fix technical issues
   • Enhance AI food recognition accuracy
4. Communications
   • Send push notifications for daily logging reminders
   • Send streak milestone notifications
   • Provide customer support
5. Legal and Security
   • Prevent fraud and abuse
   • Comply with legal obligations
   • Protect user safety and app integrity

How We Share Your Information

We do NOT sell your personal information. We may share your information only in the following circumstances:

With Service Providers

• Firebase (Google): We use Firebase for authentication, database storage, file storage, and cloud functions. Firebase processes data according to Google's privacy policies.
• OpenAI: We send meal photos to OpenAI's GPT-4 Vision API for food recognition. OpenAI processes images according to their API terms and does not use API data to train models as of their current policy.

With Other Users (Limited)

• Within Groups: When you join a group, other members can see your display name, profile photo, posts, comments, and streak count.
• Public Features: Information you share in groups is visible to all group members.

Legal Obligations

We may disclose your information if required by law, court order, or governmental request, or to protect our rights, property, or safety.

Data Storage and Security

Where Your Data is Stored

• Firebase Firestore: User profiles, food logs, weight logs, groups, posts, and comments
• Firebase Storage: Meal photos and profile pictures
• Your Device: HealthKit data, app preferences, cached data

Security Measures

We implement industry-standard security measures:

• Data encryption in transit (HTTPS/TLS)
• Data encryption at rest (Firebase encryption)
• Firebase App Check to prevent unauthorized API access
• Secure authentication with Firebase Auth
• Regular security audits

Data Retention

• Active Accounts: We retain your data while your account is active
• Deleted Accounts: When you delete your account, we delete your personal data within 30 days, except where we must retain it for legal compliance
• HealthKit Data: Remains only on your device; we never store it on our servers

Your Rights and Choices

Access and Control

You have the right to:

• Access: View all personal data we have about you
• Correction: Update inaccurate information through the app
• Deletion: Delete your account and associated data at any time
• Export: Request a copy of your data in a portable format
• Object: Opt out of certain data processing activities

How to Exercise Your Rights

To exercise these rights:

1. Go to Profile → Settings → Privacy in the app
2. Contact us at privacy@calor.app

Opt-Out Options

• Push Notifications: Disable in iPhone Settings → Calor → Notifications
• HealthKit Integration: Revoke in iPhone Settings → Health → Data Access & Devices
• Camera Access: Revoke in iPhone Settings → Calor → Camera
• Photo Library Access: Revoke in iPhone Settings → Calor → Photos

Children's Privacy

Calor is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn we have collected personal information from a child under 13, we will delete that information immediately. If you believe a child under 13 has provided us with personal information, please contact us at privacy@calor.app.

International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States where our servers (Firebase) are located. These countries may have different data protection laws. By using Calor, you consent to the transfer of your information to these countries.

For European Users (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland:

• Legal Basis: We process your data based on your consent, contract performance, legitimate interests, and legal obligations
• Data Controller: Calor is the data controller for your personal information
• Data Protection Officer: Contact dpo@calor.app

For California Users (CCPA/CPRA)

California residents have additional rights:

• Right to know what personal information is collected
• Right to know whether personal information is sold or shared
• Right to opt out of the sale of personal information
• Right to deletion of personal information
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising privacy rights

We do NOT sell your personal information.

To exercise your California privacy rights, contact us at privacy@calor.app.

Third-Party Services

OpenAI

We use OpenAI's GPT-4 Vision API to analyze food images. When you scan a meal:

• The image is sent to OpenAI's servers for processing
• OpenAI's API does not use your data to train their models (per OpenAI API terms)
• OpenAI may retain request data for up to 30 days for abuse prevention
• Review OpenAI's privacy policy at: https://openai.com/privacy

Firebase/Google

Firebase services process your data according to Google's privacy policy:

• https://policies.google.com/privacy
• https://firebase.google.com/support/privacy

Apple HealthKit

HealthKit data never leaves your device. Apple's privacy policy applies:

• https://www.apple.com/legal/privacy/

Analytics and Crash Reporting

We use Firebase Analytics and Firebase Crashlytics to:

• Understand how users interact with the app
• Identify and fix crashes and bugs
• Improve app performance and user experience

This data is pseudonymized and aggregated. You cannot be individually identified from analytics data.

Cookies and Tracking

Calor does not use cookies. We do not track you across other websites or apps. We do not display advertisements or use advertising tracking technologies.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy in the app
• Updating the "Last Updated" date at the top
• Sending a push notification (for significant changes)

Your continued use of Calor after changes constitutes acceptance of the updated policy.

Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify you within 72 hours of discovering the breach
• Describe the nature of the breach and data affected
• Provide steps you can take to protect yourself
• Report to relevant authorities as required by law

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices:

• Email: privacy@calor.app
• For EU Users: dpo@calor.app
• For California Users: privacy@calor.app

Consent

By using Calor, you consent to this Privacy Policy and our collection, use, and sharing of your information as described herein.