Privacy Policy

Your privacy matters to us. This Privacy Policy describes how contaCal ("we," "us," or "our") collects, uses, and protects your information when you use the contaCal mobile application ("App") and related services ("Service").

1. Information We Collect

1.1 Profile Information

When you set up the App, you provide personal information to calculate personalized nutritional goals:

• Gender
• Birth year / age
• Height and weight
• Target weight
• Activity level (sedentary to extra active)
• Fitness goal (lose weight, maintain, or gain)
• Unit system preference (metric or imperial)

This information is stored locally on your device and is used to calculate your daily calorie and macronutrient targets.

1.2 Meal and Nutrition Data

When you log meals, we collect:

• Food entries: Food names, serving sizes, quantities, calorie and macronutrient data
• Meal sessions: Meal type (breakfast, lunch, dinner, snack), timestamps
• Water intake: Daily hydration logs
• Saved meals: Favorited meal combinations for quick re-logging

All meal and nutrition data is stored locally on your device in an encrypted database.

1.3 AI Analysis Data

When you use AI-powered features, certain data is temporarily transmitted to our servers:

• Photo analysis: Meal photos are sent as base64-encoded images for AI food recognition
• Voice input: Voice recordings are sent as base64-encoded audio for transcription and meal analysis
• Text input: Text descriptions of meals for AI nutritional analysis
• User context: Your calorie goal, macro targets, weight goal, activity level, and unit system are included with AI requests to improve accuracy

1.4 Device Information

• Device identifier: A unique device ID used for API authentication via HMAC-SHA256 signing
• Language/locale: Your device language preference for localization
• Platform: iOS or Android, for platform-specific features

1.5 Usage Analytics

We collect anonymous usage events to improve the Service:

• Onboarding completion status
• Feature usage (which logging methods you use, barcode scans)
• Screen navigation patterns
• AI analysis counts (to enforce free tier limits)
• Subscription status

Analytics events are sent to our internal logging system and do not include personally identifiable information.

2. How We Use Your Information

We use your information to:

• Provide the Service: Calculate nutritional goals, analyze meals via AI, display your tracking dashboard, and manage your subscription
• Improve accuracy: User context (goals, activity level) helps the AI provide more relevant nutritional estimates
• Improve the Service: Anonymous analytics help us understand which features are most valuable and identify issues
• Communicate: Send important service-related notifications (we do not send marketing emails)

3. Data Storage and Security

3.1 Local Storage

The majority of your data (profile, meals, food entries, water intake, saved meals) is stored locally on your device using SQLDelight, an encrypted local database. This data does not leave your device unless you use AI-powered features or a future cloud sync feature.

3.2 Server-Side Processing

When you use AI features:

• Photos, voice recordings, and text descriptions are transmitted to our servers over HTTPS with HMAC-SHA256 request signing
• AI analysis is performed in real-time
• The resulting nutritional data is returned to your device
• Photos and voice recordings are not permanently stored on our servers after analysis is complete

3.3 Security Measures

We implement the following security measures:

• HMAC-SHA256 request signing for all API communications
• HTTPS encryption for all data in transit
• No storage of raw photos or voice recordings after AI processing
• No email/password authentication (device-based only, reducing attack surface)

4. Third-Party Services

The App integrates with the following third-party services:

• OpenFoodFacts (openfoodfacts.org): Open food product database used for barcode lookups. When you scan a barcode, the barcode number is sent to OpenFoodFacts to retrieve product nutritional data. See their privacy policy.
• Apple App Store / Google Play Store: Subscription billing and app distribution. Your payment information is handled entirely by Apple or Google and is never shared with us.
• RevenueCat: Subscription management and entitlement verification. RevenueCat receives your anonymous app user ID and subscription status. See their privacy policy.

We do not sell, rent, or share your personal information with third parties for advertising or marketing purposes.

5. Data We Do NOT Collect

For transparency, we want to be clear about what we do not collect:

• Email addresses or passwords (no account system)
• Location data or GPS coordinates
• Contacts, call logs, or SMS
• Browsing history
• Financial or payment information (handled by app stores)
• Advertising identifiers

6. Your Rights

6.1 Access and Portability

All your data is stored locally on your device and is accessible to you at all times through the App. Pro subscribers can export their data.

6.2 Deletion

You can delete all your data at any time from the Settings screen in the App. This permanently removes all meals, food entries, and profile data from your device. This action cannot be undone.

6.3 European Users (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access: You can access your data directly through the App
• Right to rectification: You can edit your profile and meal data at any time
• Right to erasure: You can delete all data from the Settings screen
• Right to data portability: Pro subscribers can export their data
• Right to object: You can stop using AI features at any time to prevent data transmission

Our legal basis for processing your data is:

• Contract performance: Processing necessary to provide the Service you requested
• Legitimate interest: Anonymous analytics to improve the Service

6.4 California Users (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used
• Request deletion of your personal information
• Opt out of the sale of personal information (we do not sell your data)
• Non-discrimination for exercising your rights

7. Permissions

The App requests the following device permissions:

• Camera: Used to take meal photos for AI analysis and to scan barcodes. Photos are only captured when you explicitly initiate the camera.
• Microphone: Used for voice-based meal logging. Audio is only recorded when you explicitly press and hold the record button.
• Photo Library: Used to select existing photos from your gallery for AI meal analysis. We only access photos you explicitly select.
• Internet: Required for AI analysis, barcode lookups, and subscription verification.

All permissions are requested at the time of first use and can be revoked at any time through your device settings.

8. Data Retention

• Local data: Stored on your device until you delete it or uninstall the App
• AI processing data: Photos and voice recordings are processed in real-time and discarded immediately after analysis. They are not permanently stored.
• Analytics data: Anonymous usage events are retained for up to 12 months for service improvement purposes
• Subscription data: Managed by Apple, Google, and RevenueCat according to their retention policies

9. Children's Privacy

The App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will take steps to remove such information.

10. International Data Transfers

Our servers are located in Europe. If you use the App from outside the European Economic Area, your data may be transferred to and processed in Europe. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this Policy periodically. For material changes, we will provide notice through the App.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: support@contacal.com

For GDPR-related inquiries, you may also contact your local data protection authority.