Privacy Policy for Calora Last updated: May 28, 2026 This Privacy Policy describes how the Calora mobile application (Calora, the App, We, Us, Our) collects, uses, and discloses information when You use the App. It also describes Your privacy rights and how the law protects You. Calora is a calorie- and weight-tracking application. Calora is developed and operated by an individual developer (sole proprietor / natural person), not a corporate entity. By using Calora, You agree to the collection and use of information in accordance with this Privacy Policy. 1. Summary (Plain Language) No account, no sign-up. Calora does not require You to register or create an account. Your data stays on Your device. Your profile, weight history, body measurements, water intake, and meal entries are stored locally on Your iPhone in the App's private storage. They are not synced to any server, cloud account, or backend belonging to Us. AI food recognition uses a third-party service. When You take or upload a photo of food, or describe a meal in text, the image or text is sent to OpenAI (via Our proxy server hosted on Vercel) to be analyzed for calories and macronutrients. The image is not stored by Us after analysis. Barcode scanning uses Open Food Facts. Scanned product barcodes are sent to the public Open Food Facts API to retrieve nutritional information. No analytics, no advertising, no tracking SDKs. Calora does not embed Firebase Analytics, Google Analytics, Facebook SDK, advertising IDs, RevenueCat, AppsFlyer, Adjust, or any similar tracking or attribution technology. No location tracking. Calora does not request or use Your location. No HealthKit integration. Calora does not read from or write to Apple Health. 2. Definitions Application / Service refers to Calora, the iOS application. Device means any iOS device that can access the Service. Personal Data is any information that relates to an identified or identifiable individual. You means the individual using the App. Service Provider means a third party that processes data on Our behalf or provides infrastructure used by the App. 3. Information We Collect 3.1. Information You provide and that is stored locally on Your device The following information is entered by You and stored only on Your device (in the App's private container, under ~/Library/Application Support/Calora/). It is not transmitted to Us or to any backend We control. Profile data: name (optional), sex, age (date of birth or age), height, current weight, target weight, activity level, weight goal type, daily calorie target, macronutrient targets (protein, carbohydrates, fat). Health and body data: weight log entries (date and value), body measurements (chest, waist, hips, biceps), water intake (volume and timestamp). Food and diet data: meal entries — meal name, calories, protein, carbohydrates, fat, fiber, meal type (breakfast/lunch/dinner/snack), source (manual / photo / barcode / text), date and time. This data never leaves Your device unless You explicitly send it (for example, by backing up Your device to iCloud through iOS — in which case the backup is governed by Apple's privacy policy, not Ours). 3.2. Information transmitted to third-party services when You use AI / barcode features To provide the AI food-recognition and barcode-lookup features, the App sends the following data to the following third parties only at the moment You use the feature: Photo food analysis — the photo You take or select (compressed JPEG, ~30–120 KB), Base64-encoded — sent to OpenAI (via Our proxy at calora-proxy.vercel.app) — purpose: recognize the dish and estimate calories / macros. Text meal description — the text You type (e.g. "200 g of rice and chicken") — sent to OpenAI (via Our proxy at calora-proxy.vercel.app) — purpose: parse the description into a structured meal. Barcode scan — the barcode string (EAN/UPC) — sent to Open Food Facts (world.openfoodfacts.org) — purpose: retrieve product nutritional information. We do not attach Your name, profile, device identifier, IP-based account, or any other identifying information to these requests. The requests are anonymous from the perspective of the App. We do not persist the photo, the text, or the barcode on Our proxy after the response is returned to Your device. Our Vercel proxy may log standard request metadata (timestamp, IP address) for short-term operational and abuse-prevention purposes, in line with Vercel's standard logging. OpenAI and Open Food Facts process this data under their own privacy policies: - OpenAI: https://openai.com/policies/privacy-policy - Open Food Facts: https://world.openfoodfacts.org/privacy 3.3. Information We do NOT collect For clarity, Calora does not collect or process: - Your location (no GPS, no Wi-Fi, no IP-based geolocation in the App). - Apple HealthKit data. - Contacts, calendar, microphone, or motion data. - Device advertising identifier (IDFA). - Crash reports through third-party SDKs (Apple may collect anonymous crash logs at the OS level if You have enabled "Share With App Developers" in iOS Settings — this is governed by Apple's policy). - Push notification tokens (the App does not send push notifications). - Payment or purchase data (the App has no in-app purchases or subscriptions). - Cookies (the App is not a website). 4. Permissions the App Requests Calora asks for the following iOS permissions, only when needed: Camera (NSCameraUsageDescription) — to take photos of food for AI analysis and to scan product barcodes. Photo Library (NSPhotoLibraryUsageDescription) — to let You pick existing photos of food from Your library for AI analysis. You can grant or revoke these permissions at any time in iOS Settings → Calora. The App functions without these permissions, but the corresponding features (photo recognition, barcode scan) will be unavailable. 5. How We Use Your Information Because the App stores Your data on Your device and does not maintain user accounts, We do not "use" Your personal data on Our servers in the traditional sense. The data is used on Your device to: - Calculate Your daily and weekly calorie and macronutrient progress. - Display Your weight history, body-measurement history, and water-intake history. - Provide goal-tracking and recommendations within the App. Information transmitted to third-party services (Section 3.2) is used only to return the AI / barcode result back to Your device. We do not use Your information for advertising, profiling, behavioral analysis, or sale to third parties. 6. Sharing of Information We do not sell, rent, or trade Your personal information. We share data with third parties only as described in Section 3.2 (OpenAI via Our Vercel proxy, and Open Food Facts) and only the minimum data needed to perform the requested action. We may also disclose information if required to do so by law, by a valid request from a public authority, or to protect Our rights or the safety of others. Because We do not store Your personal data on Our servers, in most cases We will have no data to disclose. 7. Data Retention Data on Your device: retained until You delete it from within the App, delete the App from Your device, or reset the device. We have no ability to access or retain this data. Data sent to OpenAI / Open Food Facts: governed by their respective privacy policies. We do not retain copies. Vercel proxy logs: standard short-term operational logs (timestamps, IP) may be retained by Vercel as Our infrastructure provider for a limited period and are not used to identify or profile users. 8. Sensitive (Health) Data Information such as Your weight, body measurements, age, and dietary intake may be considered "health data" or "sensitive personal data" under laws such as the EU GDPR (Art. 9) and the California Consumer Privacy Act (CCPA / CPRA). This data is stored exclusively on Your device and is not transmitted to Us. We do not process this sensitive data on Our servers. Photos of food sent to OpenAI for analysis are processed to identify a dish, not to derive a health profile. By using the App, You consent to processing this data on Your device for the purpose of calorie and weight tracking. 9. Your Rights Depending on Your jurisdiction (GDPR, UK GDPR, CCPA/CPRA, and similar), You may have the right to: - Access the personal data We hold about You. - Request correction or deletion of Your data. - Object to or restrict processing. - Withdraw consent. - Lodge a complaint with a supervisory authority. Because Your data is stored locally on Your device: - To access Your data: open the App. - To correct Your data: edit it in the App. - To delete Your data: delete the relevant entries inside the App, or uninstall the App (uninstalling removes all local data). You can also contact Us using the details in Section 14 for any rights-related request. 10. Children's Privacy Calora is intended for users 16 years of age and older. The App is not directed at children under 16, and We do not knowingly collect personal information from children under 16. If You are a parent or guardian and believe a child has used the App, please contact Us so We can advise. Note: in the App Store, Calora is rated with content appropriate for diet- and weight-related health content. Weight-loss content may not be suitable for users with disordered-eating histories; Calora is not a medical device and does not provide medical advice. 11. Transfers of Information The third-party services We use (OpenAI, Vercel, Open Food Facts) may process data on servers located outside of Your country, including in the United States and the European Union. By using the AI and barcode features of the App, You acknowledge that minimum data necessary to perform those features may be transferred internationally. 12. Security We use commercially reasonable measures to protect data in transit between the App, Our Vercel proxy, and OpenAI (HTTPS / TLS). Because Your personal data is stored on Your own device, the security of that data also depends on the security of Your device (passcode, Face ID / Touch ID, iOS updates, etc.). No method of transmission over the Internet or method of electronic storage is 100% secure, and We cannot guarantee absolute security. 13. Changes to This Privacy Policy We may update this Privacy Policy from time to time. We will indicate changes by updating the "Last updated" date at the top of this document and, where appropriate, by posting a notice within the App. Continued use of the App after changes become effective constitutes acceptance of the revised Privacy Policy. 14. Contact Us If You have any questions about this Privacy Policy or wish to exercise any of Your rights, You can contact the developer: Email: webidev@icloud.com Phone: +44 7426 064171 Calora is an independent project developed by an individual developer. It is not affiliated with Apple Inc., OpenAI, Vercel, or Open Food Facts.