Privacy Policy

Effective date: 5 May 2026 · Last updated: 5 May 2026

This Privacy Policy describes how CaloriePath ("we", "our", "the app") collects, uses, and protects your information when you use the CaloriePath iOS application.

Plain-English summary: We collect only what's needed to run the app — your account info, the wellness data you log, and basic analytics. We don't sell your data. We don't use it for advertising. HealthKit data stays between you and your iCloud-synced devices, plus your own private cloud backup. You can delete your account and all associated data from inside the app at any time.

1. Who we are

CaloriePath is an independent indie wellness app. For privacy questions, contact us at kaybersoftware2025@gmail.com.

2. What we collect

2.1 Account information

Email address — provided by Sign in with Apple or Sign in with Google.
Name — your chosen display name.
Authentication identifier — a stable Firebase user ID, plus the corresponding Apple or Google subject identifier.

2.2 Profile and wellness data you log

Optional profile fields: weight, height, date of birth, sex, activity level, goal type.
Meal entries you create or scan via barcode (food name, portion, calories, macros).
Walking sessions you record (start/end time, distance, path coordinates, calories).
Daily reminder preferences (notification time, on/off).

2.3 Apple Health (HealthKit)

If you grant permission, CaloriePath reads the following from Apple Health:

Step count, distance walked or run, active energy burned
Body weight, height, date of birth, biological sex

CaloriePath also writes back, with your permission:

HKWorkout records for the walks you complete in the app
dietaryEnergyConsumed samples for the meals you log

HealthKit data is treated specially. In line with Apple's HealthKit terms:

We do not use HealthKit data for advertising or any similar services.
We do not share, sell, or rent HealthKit data to third parties for any purpose.
We do not use HealthKit data for marketing without your express permission.
HealthKit data is used only for the wellness features you have explicitly opted into.

2.4 Location

If you grant permission, the app uses your precise location to:

Suggest walking and running routes near you
Track the polyline of a walk you have started

Background location is requested only if you explicitly enable it in Profile, so the app can keep tracking when the screen is locked. You can revoke this at any time in iOS Settings.

2.5 Analytics and diagnostics

Product analytics events (screen views, feature usage) via Mixpanel and Firebase Analytics.
Crash logs and performance traces via Sentry.

These are used to understand what works, fix bugs, and improve the app. They are not used for advertising, and they do not include your email, name, HealthKit data, location coordinates, or meal contents.

2.6 Camera

The camera is used only when you tap the barcode scanner inside the meal logger. The image is processed on-device by Apple's Vision framework and is not stored, transmitted, or used for any other purpose.

3. What we do not collect

We do not collect your contacts, photos library (other than the camera frame for barcode scanning, processed on-device), browsing history, or device advertising identifier (IDFA).
We do not track you across other apps or websites.
We do not use ad networks or sell data to data brokers.

4. How we use your data

Run the app's core features — show your dashboard, save your meals and walks, sync across your devices.
Personalise recommendations — adjust calorie targets, suggest routes, surface AI-generated insights based on the wellness data you provide.
Send notifications you have opted into — local daily reminders at the time you choose.
Keep the app working — diagnose crashes, monitor performance, fix bugs.
Improve the product — aggregated, de-identified analytics on which features are used.

5. Third-party services

We use the following processors. Each has its own privacy policy:

Service	Purpose	Policy
Firebase (Google)	Authentication, Firestore database, Cloud Functions, basic analytics	firebase.google.com/support/privacy
Apple	Sign in with Apple, HealthKit, App Store	apple.com/legal/privacy
Google	Sign in with Google	policies.google.com/privacy
Mixpanel	Product analytics	mixpanel.com/legal/privacy-policy
Sentry	Crash and performance reporting	sentry.io/privacy
Open Food Facts	Public food database for barcode lookups	openfoodfacts.org/privacy — only the barcode is sent; no user data is shared
Google Gemini (via our backend)	AI-generated wellness insights when you opt in	policies.google.com/privacy — anonymised, no account identifiers sent

6. Where your data lives

Your data is stored on Google Cloud servers operated by Firebase, primarily in the United States. By using CaloriePath you agree to the international transfer of your data, processed under the safeguards described in Firebase's privacy documentation.

7. How long we keep your data

We keep your account and content for as long as your account exists. When you delete your account, we delete your authentication record and your private user subtree (profile, meals, walks, achievements) within thirty days. Aggregated, de-identified analytics may be retained longer to inform product decisions.

8. Your rights

Access and export — write to us at kaybersoftware2025@gmail.com and we will provide a copy of the data we hold about you.
Correction — most fields can be edited directly inside the app from the Profile screen.
Deletion — open the app, go to Profile, scroll to the bottom and tap "Delete account". This removes your authentication record and your private user subtree from our backend.
Withdraw consent — you can revoke notification, location, camera, and HealthKit permissions any time from iOS Settings.
Object or restrict processing — for users in the EU/EEA, the UK, and similar jurisdictions, you have the right to object to or restrict the processing of your data. Contact us and we will respond within thirty days.

9. Children

CaloriePath is not intended for children under thirteen, and we do not knowingly collect data from anyone under thirteen. If you believe a child has provided us with data, please contact us and we will delete it.

10. Security

Data in transit is encrypted via TLS. Data at rest in Firestore is encrypted by Firebase. Authentication uses industry-standard OAuth flows (Sign in with Apple, Google). No system is perfectly secure — please use a strong, unique password on your Apple ID and Google account, and enable two-factor authentication.

11. Changes to this policy

We may update this Privacy Policy as the app evolves. Material changes will be announced inside the app and at the top of this page. The "Last updated" date above always reflects the current version.

12. Contact

Privacy questions, deletion requests, or anything else: kaybersoftware2025@gmail.com.