CalorieCountglobal Privacy Policy

Last updated: 2026-05-04.

This is a draft. The operator hosts the rendered HTML at https://caloriecountglobal.app/privacy before clicking Submit in App Store Connect — App Review will reject the binary if the URL 404s or returns placeholder text.

Legal review by qualified counsel is recommended before publishing. This draft is written to mirror the actual on-device behavior of CalorieCountglobal v1.0.0 and to satisfy GDPR Article 13/14 + CCPA §1798.100 disclosure requirements at a baseline level.


1. Who we are

CalorieCountglobal (the "app") is operated by Daler Soliev ("we", "us", "our"), a sole proprietor in [your jurisdiction]. You can reach us at:

For privacy-specific inquiries (GDPR Article 13 / 12 / CCPA Right-to-Know / Right-to-Delete), use the same email and put [Privacy] in the subject line.

2. The short version

We collect zero data types.

CalorieCountglobal is designed to run on-device. It does not require an account, does not phone home with usage data, does not include any analytics SDK, does not include any third-party crash reporter, does not include any advertising integration, and does not link a per-install identifier with any external service.

The rest of this policy is the long version of that statement, with the specifics of every component that touches a network or the operating system, in case you want to verify.

3. What stays on your device

The following data is created and stored exclusively on your iPhone, in storage that only the CalorieCountglobal app can access:

4. What touches a network

Calorie AI Tracker makes three kinds of outbound network calls, all initiated by something you do — never a silent "phone-home":

4.1 Meal-photo analysis (you initiate)

When you tap the shutter or pick a photo on the Scan screen and the analyzer runs:

  1. Your iPhone sends the meal photo (as a JPEG up to 4 MB) plus the opaque per-install token plus your subscription tier ("free" or "paid") to our backend at https://api.caloriecountglobal.app.
  2. Our backend forwards the photo to OpenAI's vision API for analysis.
  3. The backend returns the estimated macros to your iPhone.
  4. The backend does not store the photo, the analysis result, your token-to-result mapping, or any timestamp tied to your token. The only state retained is a counter (rate:YYYY-MM-DD:<token> → integer) so the rate limit works, with a 36-hour TTL.

OpenAI's API endpoint may log requests for abuse-prevention and model-improvement purposes per their terms. We do not control OpenAI's logging.

4.2 Describe-a-meal and Fix-with-AI (you initiate)

When you type a meal description or a correction and the AI runs, your iPhone sends that text (plus the same opaque per-install token and tier flag) to the same backend, which forwards it to the vision/language provider and returns the estimate. No text is stored server-side beyond the same rate-limit counter described above.

4.3 Food database lookups (you initiate)

When you scan a barcode or search for a food by name, your iPhone queries the free, public Open Food Facts database at world.openfoodfacts.org for the product's nutrition data. The request contains only the barcode or your search words and a generic app User-Agent — no token, no identifier, nothing tied to you. Open Food Facts is an independent non-profit; their privacy practices are their own.

4.4 Apple's StoreKit (you initiate)

When you tap a paywall button, your iPhone communicates directly with Apple's StoreKit servers to start the trial / process the purchase / restore prior purchases. We never see your payment information, Apple ID, or receipt contents. Apple's privacy practices for StoreKit are documented at <https://www.apple.com/legal/privacy/>.

Those are the only outbound network calls. The app does not check for updates, does not call any analytics endpoint, does not call any feature-flag service, does not load any remote configuration, does not load any remote font or image, and does not include any "phone-home on launch" pattern. Nothing is sent unless you take an action that needs it (analyze a meal, look up a food, or make a purchase).

5. What we do NOT do

The list of things this app does not do is unusually long because the absence of these is the privacy property:

6. Apple Health

The app requests access to Apple Health (HealthKit), and it is entirely optional — the app works without it.

What it reads: steps and active energy (to optionally raise your daily calorie budget by what you burn), body weight (so smart-scale weigh-ins appear in your weight chart), and blood glucose (only meaningful if you wear a CGM such as Stelo, Lingo, Dexcom, or FreeStyle Libre — powers the food-glucose correlation feature).

What it writes (only if you turn on "Save meals to Health" in Settings): the calories, protein, carbohydrates, and fat of meals you log, and weigh-ins you record in the app. Writing is off by default until you opt in during onboarding or in Settings, and you can turn it off at any time.

You can revoke any permission at any time in iOS Settings → Privacy & Security → Health → Calorie AI. Revoking is non-destructive — your existing meal entries remain in the app.

Apple Health data is read and written locally on your iPhone and never transmitted to our backend, OpenAI, or any other server.

7. Children

CalorieCountglobal is rated 4+ in the App Store, but it is not directed at children. We do not knowingly process data from any user under 13 in jurisdictions covered by COPPA, or under 16 in jurisdictions covered by GDPR Article 8 where the higher threshold applies. Because we do not collect personal data, the question is largely moot — but if you have reason to believe a child has provided you data via this app and you would like us to take action, email the address in §1.

8. Your rights

Because we do not store any personally identifiable data on our servers, most data-rights requests don't have anything we can act on. Specifically:

If you believe we hold data we shouldn't, or if you've heard from a third party that suggests we do, please email §1 and we will investigate within 30 days.

9. International transfers

The backend is hosted on Cloudflare Workers, which routes requests to the geographically-closest Cloudflare edge node. The OpenAI API call from the backend is made from whichever Cloudflare edge node served the request. This means a single meal-analysis request may transit multiple jurisdictions before returning to your iPhone. Cloudflare's GDPR posture is documented at <https://www.cloudflare.com/gdpr/>; OpenAI's at <https://openai.com/policies>.

10. Changes to this policy

If we materially change this policy, we will update the "Last updated" date at the top and (for material changes affecting privacy outcomes) prompt you in-app on next launch. Non-material changes (typo fixes, contact-address updates) are made silently with the date updated.

11. Jurisdiction

This policy is governed by the laws of [your jurisdiction]. Any dispute arising from this policy is subject to the exclusive jurisdiction of the courts of [your jurisdiction].

12. Contact

Email support@caloriecountglobal.app with subject [Privacy] for any privacy-specific inquiry.


This policy is intended to mirror the actual implementation of CalorieCountglobal v1.0.0. If a future version of the app changes the data-collection posture in any way, this policy must be updated before the version ships. The App Privacy survey in App Store Connect, the marketing description, and this document are kept consistent atomically — see docs/app-store/privacy-survey.md.