Privacy Policy
CalorieLens (“CalorieLens”, “we”, “us”) treats meal photos, profile information, weight history, and any body-related data as sensitive personal information. This policy explains what we collect, why, how we use it, who we share it with, and the choices you have.
1. Who we are
CalorieLens is a nutrition-tracking service offered as a mobile application. The service is operated by the CalorieLens team. You can reach us any time at support@calorielensai.com.
2. What we collect
Account information
- Email address (required to sign in).
- Display name (optional, provided by you at signup).
- Encrypted password hash (we never see or store your plaintext password).
Profile & goals
- Age or approximate age band.
- Biological sex (only when required by the calorie formula you select).
- Height, current weight, goal weight, activity level, primary goal, dietary preferences.
- Preferred measurement system (US or Metric).
Meals & nutrition data
- Photos of meals you upload for analysis.
- Structured nutrition data derived from those photos (foods detected, portions, calories, macros, confidence values).
- Any manual edits or additions you make.
- Meal type, timestamp, and any notes you add.
Body & progress
- Weight entries and any notes attached to them.
- (Optional) Progress photos, stored privately.
Billing
- Subscription plan, status, renewal date, and cancellation flag.
- A reference to your Stripe customer record. We never see or store your full card number, expiry, CVC, or bank details. Payment information is handled entirely by Stripe under Stripe’s privacy policy and PCI-DSS obligations.
Device & usage
- Basic device information (platform, OS version) sent as part of your app requests.
- Anonymous product analytics events (e.g. “paywall viewed”, “checkout completed”) to understand which features are used.
- Server-side logs of API requests for security, debugging, and rate limiting.
3. How we use your information
- Provide the service. Analyze your meal photos, calculate your nutrition targets, store your meals and progress, and personalize your dashboard.
- Improve accuracy for you. Use your edits and preferences to show more accurate serving units and more useful defaults on your own account.
- Billing. Charge your subscription through Stripe, provision Pro access when a payment succeeds, and notify you of billing events.
- Communication. Send account emails you request, security alerts, and (optional, opt-in) product updates.
- Security & abuse prevention. Detect and prevent fraudulent access, brute-force attempts, and abusive scraping.
- Legal compliance. Respond to lawful requests, enforce our Terms, and defend against legal claims.
4. Who we share data with
We share the minimum data needed to operate the service, with these categories of processors:
- OpenAI — when you scan a meal, the photo is sent to OpenAI’s Vision API for analysis. OpenAI processes the image to produce the nutrition estimate and does not use inputs submitted through the API to train its models by default. See OpenAI’s API data-usage policy for details.
- Stripe — subscription payments and billing are handled by Stripe, Inc. Your card data flows directly to Stripe; we receive only a customer reference and subscription status.
- Hosting & infrastructure providers — application servers, database, and CDN operate on cloud infrastructure. These providers process encrypted network traffic and stored data on our behalf under contractual data-protection obligations.
- Transactional email provider — used to send you account emails such as sign-in verification or subscription notices.
- Legal & safety — if required by law, court order, or to protect the safety of a person or the service.
5. Storage & retention
- Meal photos are stored privately, tied to your account, and never public by default. You can delete an individual meal (which deletes its photo) at any time from the app.
- Structured meal data (foods, calories, macros) is retained while your account is active so you can view your history and analytics.
- Weight entries and progress photos are retained until you delete them or your account.
- Server logs are retained for a limited period for security and debugging.
- You can delete your entire account from Profile → Delete account. This permanently deletes your profile, meals, weights, and photos from our production database. Backups may take up to 30 days to age out.
6. Your rights
Depending on where you live, you may have rights to:
- Access the personal data we hold about you.
- Correct inaccurate data (or edit it directly in the app).
- Delete your account and associated data.
- Export a copy of your data.
- Object to or restrict certain processing.
- Withdraw consent for optional processing (for example, marketing emails) without affecting any processing that occurred before the withdrawal.
- Lodge a complaint with your local data-protection authority (for example, the ICO in the UK or a state attorney general in the US).
To exercise any of these rights, contact us at support@calorielensai.com. We will respond within the timeframe required by applicable law.
7. Children
CalorieLens is not directed at children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact us and we will delete it.
8. International transfers
Depending on where you live and where our providers are located, your information may be transferred to and processed in countries other than your own. Where required, we rely on standard contractual clauses and other lawful transfer mechanisms.
9. Security
- Passwords are hashed with a modern algorithm (bcrypt); we never store plaintext.
- All app traffic is encrypted in transit (HTTPS/TLS).
- Stored data is protected by access controls and row-level authorization.
- Card data is handled exclusively by Stripe under PCI-DSS.
- Webhooks from third parties are verified via signature before we act on them.
No system is ever completely secure. If you become aware of a security issue, please email us so we can investigate.
10. Changes to this policy
We may update this policy from time to time. If we make material changes we will notify you (for example, via email or in-app) before they take effect. The date at the top of this page reflects the latest revision.
11. Contact
Questions or requests: support@calorielensai.com.