Privacy Policy

This Privacy Policy explains how CaloPilot collects, protects, uses, discloses, stores, and deletes information when you access or use the CaloPilot app, website, onboarding flow, food logging tools, meal-planning features, coaching and AI-assisted features, and related services.

By accessing the service, registering an account, creating a profile, connecting third-party services, submitting information, or continuing to use CaloPilot, you consent to the practices described in this policy together with the CaloPilot Terms of Service.

If you do not agree with this Privacy Policy or our related terms, you should not continue to use the parts of the service that require personal information. Some features may not be available unless you provide certain data or permissions.

This policy applies to information we collect when you visit CaloPilot websites, use CaloPilot mobile applications, register for or use our services, communicate with us by email, phone, support tools, or other channels, interact with third-party services connected to CaloPilot, or otherwise use our products and features.

This policy also applies to information collected or generated in the course of providing meal plans, nutrition features, analytics, food-photo functionality, customer support, subscription management, and approved AI-assisted features.

For purposes of this policy, references to HIPAA, PHI, Business Associate, and Covered Entity use their ordinary U.S. health privacy meanings when those concepts apply to a CaloPilot service, customer, or integration. When health privacy laws apply to specific data or services, we will handle that data in accordance with the applicable requirements.

Personal Information means information that identifies, relates to, describes, references, can reasonably be associated with, or could reasonably be linked to a person, account, household, or device. Examples may include identifiers such as name, email address, username, device identifiers, payment and subscription details, height, weight, nutrition logs, meal plans, goals, food photos, activity data, health-related inputs, connections to professionals or apps, support messages, and similar data.

Non-Personal Information means information that does not directly identify you and cannot reasonably be used to contact you as an individual, such as certain public information, aggregated usage information, deidentified analytics, or anonymous reporting. In some circumstances, information that would otherwise be non-personal may still be subject to health privacy or other privacy laws if it remains linked to an identifiable individual.

We collect personal information when you give consent, when collection is reasonably necessary to provide the service you requested, when it is needed for our legitimate business operations, or when collection, use, or disclosure is authorized or required by law.

We aim to limit collection to information that is reasonably appropriate for account creation, food logging, planning, analytics, customer support, subscriptions, compliance, fraud prevention, and the other purposes described in this policy. If we materially change how we use sensitive data that is consent-based, we may provide additional notice and request further consent where required.

When you create an account or complete onboarding, we may collect profile and preference information such as name, email address, password, age range, sex, height, weight, target weight, activity level, diet preference, allergies, health-related preferences, planner selections, meal timing, and similar setup information.

We also collect information when you log foods, create meal plans, save templates, upload images, submit corrections, answer surveys, enter body or nutrition data, invite or connect to professionals, or contact us for support. If you participate in promotions, waitlists, or marketing forms, we may collect the contact and profile information needed for those experiences.

If you post content in public or shared areas, send messages, or otherwise share information through interactive features, we may collect the information you disclose there as well as the information needed to route or deliver that communication.

If you purchase a subscription or paid feature, payment processing may be handled by third-party payment processors, app stores, billing platforms, or gateway providers. Those providers may collect and store your payment card, bank, billing, or transaction information under their own terms and privacy policies.

CaloPilot generally does not store full payment card numbers. We may store limited billing metadata, subscription status, renewal state, invoices, and transaction references needed to manage your subscription, customer support, fraud prevention, and accounting obligations.

We may automatically collect technical and usage information from your device or browser, including device type, operating system, browser type, app version, language, locale, country or region, time zone, crash data, diagnostic data, session activity, app interactions, referral information, timestamps, feature usage, and other log information.

We use this information to operate the service, secure accounts, measure reliability, diagnose errors, understand how features are used, personalize certain experiences, and improve performance, content, and product decisions. This information may also be combined with other data you submit or with aggregated reporting about how users interact with CaloPilot.

Like most digital products, we and our service providers may use cookies, local storage, SDKs, tags, pixels, or similar technologies to keep you signed in, remember settings, save preferences, understand product usage, deliver essential features, measure performance, and support analytics, attribution, or marketing where permitted.

These technologies may include strictly necessary tools, preference tools, statistics tools, social-sharing tools, and marketing or advertising tools. If you disable certain cookies or tracking technologies, parts of the service may not function properly. Where required, we may provide settings or consent controls for those technologies.

If you upload food photos, meal images, comments, corrections, ingredient notes, or similar content, CaloPilot may use that information to provide nutrition estimates, improve food recognition, improve food search, review food data quality, train or refine internal models, and improve related product features.

Where we use third-party providers to support food-photo analysis, AI-assisted planning, or similar features, we may share the limited information needed for those providers to perform services for us, subject to contractual and operational controls. We may also use your corrections and feedback to improve future model or product behavior.

If you connect Apple Health, Health Connect, wearables, fitness trackers, professional accounts, or other third-party services, we may collect the categories of data that you choose to authorize, such as activity metrics, weight, health and nutrition data, goals, or similar information needed to enable the connected feature.

We use connected-app data only for the purposes described at the time of connection, to provide and improve the enabled feature, and in accordance with any applicable platform policies or permissions requirements. You can usually revoke those permissions through your device settings, the connected provider, or the CaloPilot connection settings.

We use personal information to create and manage accounts, provide food logging and planning tools, personalize recommendations, calculate targets, sync data across devices, power reminders and onboarding, respond to support requests, process subscriptions, communicate service-related messages, and maintain user settings.

We may also use information to improve food data quality, analyze product usage trends, prevent fraud and abuse, investigate security issues, comply with law, enforce our terms, improve product performance, and develop, test, or refine analytics and AI-assisted features. In some cases, we may use aggregated or deidentified reporting for business analysis, research, or product planning.

We may use your contact information to send newsletters, updates, service announcements, surveys, promotions, and messages about features or offers that may interest you, subject to your communication preferences and applicable law.

Even if you opt out of marketing communications, we may still send transactional or operational messages related to your account, subscription, security, billing, support, or service functionality.

CaloPilot is not intended for children under 13 years old. If local law requires parental or guardian consent for a minor user who is older than 13 but under the age of majority, that consent must be obtained before the service is used.

If we learn that we collected personal information from a child in a way that was not authorized by applicable law, we may take steps to delete that information. If you believe a child has submitted information without appropriate permission, please contact us through the support or privacy contact method listed in the app or on our website.

We recognize that nutrition, body, and health-related information can be sensitive. We do not treat food logs, body measurements, goals, photos, diary entries, or connected-health data casually, and we aim to protect that information with administrative, technical, and organizational safeguards that are appropriate for the service.

We do not sell PHI. If CaloPilot processes information that is subject to health privacy laws, contractual health-data restrictions, or regulated partner requirements, we will manage that information in accordance with the applicable obligations for that service or relationship.

In some cases, healthcare providers, coaches, employers, schools, or other organizations may use CaloPilot as part of their own services. In those situations, they may act as the primary party responsible for certain data they collect through CaloPilot, and their own privacy terms or notices may also apply.

We may share personal information with service providers and vendors that support hosting, infrastructure, analytics, crash reporting, subscriptions, billing, storage, security, customer support, marketing operations, communications, AI-assisted features, and other business operations. Those providers may access personal information only as needed to perform services for us and are expected to protect it appropriately.

We may disclose information to professionals, coaches, connected apps, shared accounts, or other third parties when you request or authorize that sharing. If a feature is designed to let you share data with another person or organization, that sharing is controlled by your use of that feature.

We may disclose information when required to comply with law, court order, subpoena, regulatory process, investigation, or other valid legal request; to enforce our agreements; to investigate fraud, security issues, or abuse; to protect our rights, property, users, or others; or in connection with an emergency involving danger of death or serious physical harm.

If CaloPilot offers a free or ad-supported experience, limited information may be shared with advertising, attribution, measurement, or network partners as permitted by law and platform rules. We do not provide personal health information or PHI to advertisers for targeted advertising.

We may use service providers to help us understand user behavior, measure marketing effectiveness, and improve the product. We may also create and use aggregated, anonymous, or deidentified information for analytics, research, quality review, modeling, operations, or other business purposes, to the extent permitted by law.

CaloPilot does not sell your personal information as a standalone data product. Where privacy law treats certain targeted advertising, analytics, or sharing arrangements as a sale or sharing, you may have rights to opt out depending on your jurisdiction.

We use commercially reasonable safeguards to protect personal information, which may include access controls, logging, encryption in transit where appropriate, secure hosting practices, internal procedures, vendor review, and staff training. We periodically review and improve our security measures as the product evolves.

No internet transmission, storage system, or software service can be guaranteed to be completely secure. You are also responsible for helping protect your account by using a strong password, safeguarding your devices, and signing out when appropriate.

If you post content in public, community, comment, or shared areas, that information may be visible to others and may be copied, collected, or used by other people. Please use care before sharing sensitive information in public spaces.

CaloPilot may link to third-party websites, stores, payment providers, or services. Their privacy practices are governed by their own policies, not this one. We encourage you to review their policies before providing them with information.

If you enable push notifications, we may use device tokens or similar identifiers to send reminders, alerts, and other notices. Unless we expressly state otherwise, CaloPilot may not respond to every browser-based Do Not Track signal or equivalent mechanism.

We retain personal information for as long as reasonably necessary to provide the service, maintain account features, support connected users or professionals, comply with law, prevent fraud, resolve disputes, enforce agreements, and maintain legitimate business records.

You may be able to edit or delete portions of your data from within the app. You may also request deletion of your account or personal information, subject to lawful retention requirements, backup cycles, fraud-prevention needs, unresolved disputes, and technical limitations. We may keep aggregated or deidentified information after deletion where it no longer reasonably identifies you.

Depending on where you live and how you use CaloPilot, you may be able to access, correct, delete, export, or restrict certain personal information, change communication preferences, disconnect third-party services, stop sharing with professionals or connected apps, or object to certain processing activities.

We may need to verify your identity before completing some privacy requests, and some requests may be limited by law, security, technical feasibility, the rights of other users, or our need to retain certain information for legitimate business or legal reasons.

If you would like to exercise a privacy right, raise a concern, or request support with your account data, contact us using the support or privacy contact method listed in the app or on our website.

Residents of certain U.S. states, including California, Colorado, Connecticut, Montana, Oregon, Texas, Virginia, and Utah, may have additional rights under applicable privacy laws. Those rights may include the right to know what categories of personal information we collect, access specific data, correct inaccuracies, delete data, receive a portable copy of data, opt out of certain sales, sharing, or targeted advertising activities, and avoid discrimination for exercising a privacy right.

If you submit a state privacy request, we may ask for information needed to verify your identity and authority to make the request. We may deny or limit requests when allowed by law, such as when a request cannot be verified, would adversely affect the rights of another person, or conflicts with legal retention or security obligations.

If you are in the European Union, United Kingdom, Canada, or another jurisdiction with similar privacy rights, you may have rights to access, correct, erase, restrict, object to certain processing, withdraw consent where processing relies on consent, and request portability of certain personal information, subject to applicable exceptions.

Depending on the service relationship, CaloPilot may act as a controller for data collected directly from you, or as a processor or service provider for another organization that uses CaloPilot. We may transfer information across borders to affiliated entities, service providers, or infrastructure providers in countries that may not have the same privacy laws as your home jurisdiction, and we will use appropriate safeguards where required.

We may update this Privacy Policy from time to time to reflect product changes, legal developments, operational needs, or clarifications. When we make material changes, we may post the updated version in the app, on our website, or provide another reasonable notice method.

If you have questions about this Privacy Policy, want to exercise a privacy request, or need help with your personal information, contact CaloPilot at support@calopilot.com.