Privacy Policy
Effective date: June 2, 2026 · Last updated: June 2, 2026
This Privacy Policy describes how CalBae: Cycle-Aware Calorie Tracker ("CalBae," "we," "us," or "our") collects, uses, and protects your information. This policy applies to the CalBae mobile application (the "App").
Also see our Terms of Service and Support.
Who We Are
Data Controller: Anton, individual developer
Location: Batumi, Georgia
Contact: support@byanton.dev
Website: byanton.dev
As a small-scale individual developer, we are not required to appoint a Data Protection Officer under GDPR Article 37. For all privacy inquiries, contact us at the email above.
Summary: CalBae helps women track calories and macros with daily targets that gently adapt to the menstrual cycle. Your meals, body metrics (age, height, weight, goal) and cycle data are stored only on your device. When you scan a meal, the food photo you take or choose (or a text description you type) is sent to Google Gemini (via our Cloudflare Workers proxy) to estimate calories, macros and wellness "Glow Scores" — processed in real time and not stored on our servers, never sold, and never used to train AI models. We require no account, collect no name, email, location, contacts, or tracking identifiers, show no ads, and do not read Apple Health. CalBae is a wellness tool and is not medical, nutritional, or healthcare advice.
1. AI System Disclosure (EU AI Act Article 50)
You are interacting with an artificial intelligence system. Specifically:
- Meal analysis (estimated food name, portion, calories, protein/carbs/fat, and the Beauty / Mood / Bloat "Glow Scores" with short highlights and cautions) is produced by Google Gemini 2.5 Flash, an AI model from Google LLC, accessed via Google Vertex AI.
- AI estimates are approximate and may contain inaccuracies. They are a wellness aid only — not medical or nutritional advice, not a clinical measurement, and not a guarantee of any weight or health outcome. You can edit any value before saving.
- Your daily calorie/macro targets, cycle-phase guidance and projections are calculated on your device from the figures you enter, using a standard formula (Mifflin–St Jeor). They are gentle estimates, not prescriptions.
2. Information We Collect
2.1 Information You Provide
| Data | Purpose | Storage | Retention |
|---|
| The food photo you capture or pick, or a typed meal description | Estimating calories, macros and Glow Scores for that meal | The chosen image/text is sent ephemerally to Google Gemini for the request; the photo (and a cut-out "sticker") may also be saved with the meal on your device | Cloud: processed in real time, not stored on our servers. Local: until you delete the meal or the App |
| Meal log (name, portion, calories, protein/carbs/fat, Glow Scores, optional satiety rating) | Showing your day, history and trends | On your device only (SwiftData) | Until you delete it or the App |
| Body metrics (age, height, weight, desired weight, goal, activity level, pace) | Calculating your calorie & macro targets and progress | On your device only (SwiftData) | Until you change it or delete the App |
| Menstrual cycle data (last period date, cycle length, period length, logged period starts) | Adapting targets & guidance to your current phase, and showing the cycle calendar | On your device only (SwiftData) | Until you change it or delete the App |
| Preferences (units, reminders on/off) | Personalising the experience | On your device (UserDefaults / SwiftData) | Until you change it or delete the App |
2.2 Information Collected Automatically
- Anonymous subscription status — managed by Apple StoreKit (and RevenueCat for entitlement verification) to confirm CalBae Pro access. No name or email is associated with it.
- Anonymous usage signals — via TelemetryDeck (privacy-first analytics, EU-hosted) to understand which features are used and improve the app. No personal data, no advertising identifiers, no cross-app tracking, and no meal photos or health data are ever sent.
- IP address — visible to our Cloudflare Workers proxy only for rate-limit keying (abuse / cost protection). The IP is never stored in our cache, never shared with Google, and never sold.
- Locale and app version — sent as standard request headers (for response language and diagnostics). Visible to Cloudflare in request logs (~24 h retention).
2.3 Information We Do NOT Collect
- Email address, phone number, name, or physical address (unless you choose to email our support)
- Location (GPS) — we never request location permission
- Contacts, calendar, or microphone
- Apple Health / HealthKit — CalBae does not read from or write to Apple Health
- Advertising identifiers (IDFA) — we do not use App Tracking Transparency
- Browsing history, cookies, or web tracking pixels
- We do not create user accounts or require registration; no Apple, Google, or social sign-in
Camera & Photos: CalBae requests camera access (to photograph a meal) and uses the system photo picker (to choose an existing photo). Only the single image you take or select for a scan is used — the App never browses, scans, or uploads your photo library, and you can decline camera access and type a description instead.
3. Legal Basis for Processing (GDPR Article 6)
| Processing Activity | Legal Basis |
|---|
| Sending your meal photo / text to the cloud AI | Performance of a contract / your request — only happens when you tap "scan" or "analyze" |
| Storing your meals, body metrics and cycle data locally | Performance of a contract (providing the tracking features you requested) |
| Subscription processing | Performance of a contract (via Apple StoreKit and RevenueCat) |
| Rate limiting and abuse prevention | Legitimate interest (service availability, AI-cost protection, and security) |
4. Third-Party Services
Apple Guideline 5.1.2(i) Disclosure: The following named third parties may process your data. Your meal photo or text is shared with Google's AI service only when you actively scan or describe a meal.
| Provider | Service | Data Sent | Retention by Provider |
|---|
| Google LLC (Vertex AI — Gemini 2.5 Flash) | Estimating calories, macros and Glow Scores from your meal | The single meal image or text description you submit + locale | Not retained. Not used for model training per Vertex AI / Gemini enterprise data-usage terms. |
| Cloudflare, Inc. (Workers) | Secure proxy routing between the App and Google's AI API; per-IP rate limiting | Encrypted request body (HMAC-SHA256 signed); IP visible to the rate limiter only | Rate-limit counters: short sliding window. Request logs ~24 h. No long-term storage of your data. |
| Apple Inc. (StoreKit) | In-app purchase / subscription processing | Managed by Apple per Apple's Privacy Policy | Managed by Apple |
| RevenueCat, Inc. | Subscription receipt validation and entitlement verification | Anonymous subscription status and country code | Retained per RevenueCat's privacy policy for the subscription lifetime + audit period |
| TelemetryDeck (Telemetry Deck GmbH, EU) | Privacy-first anonymous usage analytics | Anonymous event signals only (e.g. "paywall viewed", "scan succeeded") — no personal data, no device IDs, no cross-app tracking | Per TelemetryDeck terms, GDPR-compliant, EU-hosted |
All cloud data transfers use TLS encryption, HMAC-SHA256 request signing, and a short timestamp anti-replay window. The meal photo or text you submit is transmitted only for the duration of a single request and is not written to disk on the Cloudflare proxy.
5. Data Storage and Retention
| Data | Where Stored | Retention Period |
|---|
| Meals, photos, body metrics, cycle data, history, preferences | Your device (SwiftData, app sandbox) | Until you delete it in-app or uninstall the App |
| Meal image / text in transit to the AI provider | Cloudflare Workers (in memory) → Google Cloud (in memory) | Processed in real time, not written to disk by our proxy |
| Rate-limit counters | Cloudflare Workers | Short sliding window, per IP |
| Subscription data | Apple servers, RevenueCat servers | Managed per their respective privacy policies |
Because your data lives on your device, deleting the App permanently removes all of it — meals, photos, body metrics and cycle history. There is no server-side copy to request or erase, and your data does not sync between devices.
6. Children's Privacy
CalBae is a body-weight and reproductive-wellness tool intended for adults (18+) managing their own health. It is not directed to children.
- COPPA: We do not knowingly collect personal information from children under 13. If we discover such data was collected, we will delete it immediately.
- GDPR Article 8: The cloud AI features are not intended for minors below your country's digital age of consent.
- We do not sell, share, or use anyone's data for advertising or AI model training.
7. Your Rights
All Users
- Access: Your full history is visible inside the App (Today, Cycle, and Progress).
- Deletion: Delete any meal in-app, and remove all data by deleting the App. Because the data is on-device, this is immediate and complete.
- Subscription: Manage or cancel anytime via Settings → Apple ID → Subscriptions, or restore a prior purchase from the App's Profile screen.
EU/EEA Residents (GDPR)
- Right to access, rectification, erasure, restriction of processing, portability, and objection
- Right to withdraw consent at any time without affecting prior processing
- Right to lodge a complaint with your local data protection authority (e.g., CNIL in France, BfDI in Germany, DPC in Ireland)
- Our AI processing is for informational wellness support only and produces no legal or similarly significant automated decisions
California Residents (CCPA/CPRA)
- Right to know, delete, correct, and opt-out of sale/sharing
- We do not sell or share your personal information and do not use your data for cross-context behavioral advertising
Brazil (LGPD) · Turkey (KVKK) · Japan (APPI)
- Rights to confirmation, access, correction, deletion, portability, and consent withdrawal as provided under each law
- We respond to verified data-subject requests within the statutory window (e.g., 15 days LGPD, 30 days KVKK)
- Cross-border transfers to the US are conducted under appropriate safeguards (see Section 9)
8. Apple Required Privacy Disclosures
8.1 Required Reasons API (PrivacyInfo.xcprivacy)
CalBae declares the following API usage in its privacy manifest:
| API | Reason |
|---|
| UserDefaults | Store app preferences, onboarding state, and reminder settings (reason: CA92.1) |
8.2 App Store Privacy Nutrition Label
| Data Type | Linked to Identity | Used for Tracking | Purpose |
|---|
| Health & Fitness (calories, weight, menstrual-cycle data) | No | No | App Functionality (stored on-device for your tracking) |
| User Content (the meal photo / text you submit) | No | No | App Functionality (AI meal analysis) |
| Purchases (Subscription Status) | No | No | App Functionality (entitlement verification) |
| Usage Data / Diagnostics (anonymous product analytics) | No | No | Analytics / App Functionality (TelemetryDeck anonymous signals) |
We do not collect any data type not listed above, and we do not engage in tracking as defined by Apple's App Tracking Transparency framework.
9. International Data Transfers
Meal images/text sent to AI features are processed in the United States (Google Cloud Platform, Cloudflare). These transfers are protected by EU Standard Contractual Clauses (GDPR Article 46), the Google Cloud Data Processing Addendum, Cloudflare's data processing agreement, the EU-US Data Privacy Framework where applicable, and TLS encryption with HMAC-SHA256 request signing.
10. Data Security
- All data in transit encrypted using TLS (HTTPS)
- All API requests to our Cloudflare Workers proxy are signed with HMAC-SHA256 and a short timestamp window to prevent tampering and replay attacks, plus a bundle-identifier check and per-IP rate limiting
- Your meals, body metrics and cycle data are stored on your device, protected by iOS sandboxing
- Server-side processing keeps your image/text in memory only — not written to disk on the proxy
- No user accounts, no passwords, no saved credentials — minimal attack surface
11. No Tracking, No Advertising
- CalBae does not track you across apps or websites
- We do not use advertising identifiers (IDFA) or App Tracking Transparency
- We do not display advertisements
- We do not share data with data brokers or ad networks
- We do not sell or share your personal information under any circumstances
12. Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will notify affected users and relevant supervisory authorities within 72 hours of discovery as required (GDPR, LGPD, KVKK), and take immediate steps to contain and remediate it.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through an updated "Last updated" date and, where practicable, an in-app notice. Continued use after changes constitutes acceptance.
14. Not Medical Advice
CalBae provides general wellness and informational estimates only. Calorie and macro targets, cycle-phase guidance, projections, and the Beauty / Mood / Bloat "Glow Scores" are not medical, nutritional, diagnostic, or healthcare advice, and are not a substitute for a physician, registered dietitian, or other qualified professional. Cycle information is an estimate and is not a contraceptive or fertility method. Do not use CalBae to diagnose or treat any condition. If you are pregnant or breastfeeding, have a medical condition, or have a history of disordered eating, please consult a healthcare professional before changing your diet, and seek help from a qualified provider or a local support line if you need it.
15. Contact Us
© 2026 Anton. All rights reserved.