CalorieCountglobal Privacy Policy
Last updated: 2026-05-04.
This is a draft. The operator hosts the rendered HTML at https://caloriecountglobal.app/privacy before clicking Submit in App Store Connect — App Review will reject the binary if the URL 404s or returns placeholder text.
Legal review by qualified counsel is recommended before publishing. This draft is written to mirror the actual on-device behavior of CalorieCountglobal v1.0.0 and to satisfy GDPR Article 13/14 + CCPA §1798.100 disclosure requirements at a baseline level.
1. Who we are
CalorieCountglobal (the "app") is operated by Daler Soliev ("we", "us", "our"), a sole proprietor in [your jurisdiction]. You can reach us at:
- Email: support@caloriecountglobal.app
- Mail: [your real mailing address]
For privacy-specific inquiries (GDPR Article 13 / 12 / CCPA Right-to-Know / Right-to-Delete), use the same email and put [Privacy] in the subject line.
2. The short version
We collect zero data types.
CalorieCountglobal is designed to run on-device. It does not require an account, does not phone home with usage data, does not include any analytics SDK, does not include any third-party crash reporter, does not include any advertising integration, and does not link a per-install identifier with any external service.
The rest of this policy is the long version of that statement, with the specifics of every component that touches a network or the operating system, in case you want to verify.
3. What stays on your device
The following data is created and stored exclusively on your iPhone, in storage that only the CalorieCountglobal app can access:
- Meal entries. The text label, macro estimates, glycemic-load estimate, photo, time, and your edits. Stored in SwiftData, which is itself stored in the app's sandboxed
Library/Application Support/directory. Deleting the app deletes all of this. - User preferences. The onboarding-completed flag, HealthKit-granted flag, daily-scan counter. Stored in
UserDefaults, also sandboxed and removed when you delete the app. - Water and weight entries. Your water-intake taps and weigh-ins, stored in the same sandboxed SwiftData store as meals.
- Apple Health data (cached). When you grant HealthKit access, the app reads steps, active energy, body weight, and (if you wear a CGM) blood-glucose samples, caching the most recent values locally so the Today tab is fast. The source of truth remains Apple Health. Health data is read locally and never transmitted anywhere.
- An opaque per-install token. A randomly-generated 32-byte value, stored in your iPhone's Keychain. The backend uses it solely to scope a per-day rate limit on AI analysis requests. It is not associated with your Apple ID, your name, your email, or any other personal identifier.
4. What touches a network
Calorie AI Tracker makes three kinds of outbound network calls, all initiated by something you do — never a silent "phone-home":
4.1 Meal-photo analysis (you initiate)
When you tap the shutter or pick a photo on the Scan screen and the analyzer runs:
- Your iPhone sends the meal photo (as a JPEG up to 4 MB) plus the opaque per-install token plus your subscription tier ("free" or "paid") to our backend at
https://api.caloriecountglobal.app. - Our backend forwards the photo to OpenAI's vision API for analysis.
- The backend returns the estimated macros to your iPhone.
- The backend does not store the photo, the analysis result, your token-to-result mapping, or any timestamp tied to your token. The only state retained is a counter (
rate:YYYY-MM-DD:<token>→ integer) so the rate limit works, with a 36-hour TTL.
OpenAI's API endpoint may log requests for abuse-prevention and model-improvement purposes per their terms. We do not control OpenAI's logging.
4.2 Describe-a-meal and Fix-with-AI (you initiate)
When you type a meal description or a correction and the AI runs, your iPhone sends that text (plus the same opaque per-install token and tier flag) to the same backend, which forwards it to the vision/language provider and returns the estimate. No text is stored server-side beyond the same rate-limit counter described above.
4.3 Food database lookups (you initiate)
When you scan a barcode or search for a food by name, your iPhone queries the free, public Open Food Facts database at world.openfoodfacts.org for the product's nutrition data. The request contains only the barcode or your search words and a generic app User-Agent — no token, no identifier, nothing tied to you. Open Food Facts is an independent non-profit; their privacy practices are their own.
4.4 Apple's StoreKit (you initiate)
When you tap a paywall button, your iPhone communicates directly with Apple's StoreKit servers to start the trial / process the purchase / restore prior purchases. We never see your payment information, Apple ID, or receipt contents. Apple's privacy practices for StoreKit are documented at <https://www.apple.com/legal/privacy/>.
Those are the only outbound network calls. The app does not check for updates, does not call any analytics endpoint, does not call any feature-flag service, does not load any remote configuration, does not load any remote font or image, and does not include any "phone-home on launch" pattern. Nothing is sent unless you take an action that needs it (analyze a meal, look up a food, or make a purchase).
5. What we do NOT do
The list of things this app does not do is unusually long because the absence of these is the privacy property:
- No user accounts. No sign-in, no email collection, no password.
- No advertising. No ads displayed, no advertising SDK linked.
- No tracking. No App Tracking Transparency prompt because there's nothing to track.
NSUserTrackingUsageDescriptionis intentionally absent fromInfo.plist. - No analytics. No Firebase, no Mixpanel, no Amplitude, no Segment, no Heap, no Adjust, no Branch, no AppsFlyer, no proprietary in-house analytics.
- No third-party crash reporters. Not Crashlytics, not Sentry, not Bugsnag, not Instabug. We rely on the optional Apple-managed "Share with Developers" toggle in iOS Settings, which is fully under your control and reaches us as anonymized aggregates only.
- No fingerprinting. No collection of device model strings, system version, locale, time zone, or carrier information for identification purposes.
- No machine learning on your data. Your meal photos are not used to train any model that we control. (OpenAI's policy on photos sent to their API is theirs; check their current policy if this matters to you.)
- No social features. No friends, no leaderboards, no shareable links that include your data.
6. Apple Health
The app requests access to Apple Health (HealthKit), and it is entirely optional — the app works without it.
What it reads: steps and active energy (to optionally raise your daily calorie budget by what you burn), body weight (so smart-scale weigh-ins appear in your weight chart), and blood glucose (only meaningful if you wear a CGM such as Stelo, Lingo, Dexcom, or FreeStyle Libre — powers the food-glucose correlation feature).
What it writes (only if you turn on "Save meals to Health" in Settings): the calories, protein, carbohydrates, and fat of meals you log, and weigh-ins you record in the app. Writing is off by default until you opt in during onboarding or in Settings, and you can turn it off at any time.
You can revoke any permission at any time in iOS Settings → Privacy & Security → Health → Calorie AI. Revoking is non-destructive — your existing meal entries remain in the app.
Apple Health data is read and written locally on your iPhone and never transmitted to our backend, OpenAI, or any other server.
7. Children
CalorieCountglobal is rated 4+ in the App Store, but it is not directed at children. We do not knowingly process data from any user under 13 in jurisdictions covered by COPPA, or under 16 in jurisdictions covered by GDPR Article 8 where the higher threshold applies. Because we do not collect personal data, the question is largely moot — but if you have reason to believe a child has provided you data via this app and you would like us to take action, email the address in §1.
8. Your rights
Because we do not store any personally identifiable data on our servers, most data-rights requests don't have anything we can act on. Specifically:
- Right to access (GDPR Article 15 / CCPA). All data the app holds about you is on your iPhone and is accessible via the app's own UI. We have nothing additional.
- Right to delete (GDPR Article 17 / CCPA Right-to-Delete). Delete the app from your iPhone. All app-held data is removed at the OS level.
- Right to portability (GDPR Article 20). A future "Export your meals" feature is on our roadmap. Today, the data lives in SwiftData and can be exported via Apple's encrypted-backup mechanism.
- Right to object / restrict / rectify. Open the app, find the meal you want to change, and edit or delete it.
- Right to opt out of the sale or sharing of personal information (CCPA). We do not sell or share personal information for any purpose, ever.
If you believe we hold data we shouldn't, or if you've heard from a third party that suggests we do, please email §1 and we will investigate within 30 days.
9. International transfers
The backend is hosted on Cloudflare Workers, which routes requests to the geographically-closest Cloudflare edge node. The OpenAI API call from the backend is made from whichever Cloudflare edge node served the request. This means a single meal-analysis request may transit multiple jurisdictions before returning to your iPhone. Cloudflare's GDPR posture is documented at <https://www.cloudflare.com/gdpr/>; OpenAI's at <https://openai.com/policies>.
10. Changes to this policy
If we materially change this policy, we will update the "Last updated" date at the top and (for material changes affecting privacy outcomes) prompt you in-app on next launch. Non-material changes (typo fixes, contact-address updates) are made silently with the date updated.
11. Jurisdiction
This policy is governed by the laws of [your jurisdiction]. Any dispute arising from this policy is subject to the exclusive jurisdiction of the courts of [your jurisdiction].
12. Contact
Email support@caloriecountglobal.app with subject [Privacy] for any privacy-specific inquiry.
This policy is intended to mirror the actual implementation of CalorieCountglobal v1.0.0. If a future version of the app changes the data-collection posture in any way, this policy must be updated before the version ships. The App Privacy survey in App Store Connect, the marketing description, and this document are kept consistent atomically — see docs/app-store/privacy-survey.md.