Privacy Policy

1. Who we are

Calorie Buddy ("the app", "we", "us") is provided by GinnyPix, a business operating in Finland. We are the data controller for the personal data described in this policy under the EU General Data Protection Regulation (GDPR).

You can reach us at hello@ginnypix.com for any privacy question or request. If you need our postal address for formal correspondence, request it by email and we will provide it.

2. What we collect

Account data

When you first launch the app we create an anonymous account so your data has a home. If you sign in with Apple or Google, we additionally receive:

• A stable user identifier from the sign-in provider
• The email address associated with that account, if you share it
• The display name you choose to share

We do not receive your Apple or Google password.

Profile and goals

During onboarding (and any time you edit your profile) we collect:

• Gender, date of birth (we compute your age from it), height, weight
• Activity level, goal direction (lose / maintain / gain), target weight, weekly rate
• Diet preference, lifestyle goals you select, barriers you flag
• Whether you indicated you're currently pregnant or breastfeeding (used only to set your calorie target to maintenance — we do not push a deficit or surplus to users in this situation)
• Measurement system preference (metric / imperial)

Logged data

The food and weight entries you create live in your account, including:

• Food name, brand, serving size, calories, macros (protein, carbs, fat), and where supported, micronutrients (fiber, sugar, sodium, and others when sourced from a public food database)
• Meal category and timestamp
• Weight entries you log over time
• Water intake totals you log
• How you logged the entry (photo scan, search, barcode, manual)

Meal photos

When you scan a meal, the photo is uploaded so we can analyse it. See Meal photos and AI analysis below for the specifics.

Feedback signals

To improve the accuracy of our food estimates over time we record:

• Whether you accepted, edited, or deleted a scanned result
• Optional thumbs up / thumbs down you tap on a scan
• The model's original estimate versus what you actually logged

These are kept linked to your user identifier for up to 90 days, after which they're either deleted or fully anonymised for aggregate quality measurement.

Subscription state

If you subscribe to a paid plan, our subscription provider (RevenueCat) stores the entitlement state. Apple handles the actual payment — we never see your card or bank details.

Diagnostics

We do not currently collect crash reports, analytics events, or telemetry from the app. If we add a crash-reporting service in the future to help us diagnose bugs, we will update this policy before doing so and disclose the specific service we use.

3. Apple Health (HealthKit)

If you grant the app access to Apple Health, we read:

• Step count
• Active energy burned

These values are used on your device to adjust the calorie ring and burned-energy display. They are never transmitted to our servers and we never store them. They live in memory while the app is running and are recomputed on the next launch.

We also write the meals you log (calories, protein, carbs, fat) and any weight you record back into Apple Health, so they appear alongside your other health data. We only do this with your permission. This data is stored by Apple in your local HealthKit store and synced (end-to-end encrypted) to your other devices if you have iCloud Health enabled. We do not have access to it after writing.

You can revoke Apple Health permissions at any time from Settings → Privacy & Security → Health → Calorie Buddy.

4. Meal photos and AI analysis

When you take or pick a photo to log a meal, the image is uploaded to a third-party AI service for analysis. The provider returns an estimate of the foods present and their calories and macros. We then:

• Store the photo in our cloud storage, indexed to your account, so you can review it later in your food log
• Cache the AI's response for up to 30 days so we don't have to re-analyse the same photo if you (or someone else with the same photo bytes) scans it again

The AI provider may retain the image up to 30 days for abuse-monitoring purposes and does not use it to train models. You can delete a meal entry (and its photo) at any time from your food log; the photo is removed from our storage when you do so.

Barcode scanning and nutrition-label OCR happen on your device. The barcode value is sent to the Open Food Facts public database to look up the product; no other data leaves your device for these flows.

5. How we use your data

• To run the app's core features: log food, estimate calories and macros, show progress charts, surface recent meals, sync your meals to Apple Health
• To compute your daily calorie and macro estimates from peer-reviewed nutrition research (see Not medical advice)
• To improve our food database and the accuracy of future scans, using the feedback signals described above
• To process subscriptions and provide premium features
• To diagnose crashes and bugs and improve app stability
• To respond to your support requests and exercise of your privacy rights
• To meet legal obligations (tax records, fraud prevention, regulatory requests)

We do not sell your personal data, share it with advertisers, or use it for behavioural advertising.

6. Legal bases (EU / UK)

If you're in the European Economic Area or the United Kingdom, we rely on the following GDPR / UK GDPR legal bases:

• Contract (Art. 6(1)(b)) — to provide the service you signed up for: storing your food log, computing estimates, syncing to Apple Health on your request.
• Legitimate interest (Art. 6(1)(f)) — to improve our food estimates from feedback signals, prevent abuse, and operate the service securely. You can object to this processing at any time.
• Explicit consent (Art. 9(2)(a)) — for the health-related data you provide (gender, weight, pregnancy status, etc.). By completing onboarding you explicitly consent to our processing this data to compute your estimates. You can withdraw consent at any time by deleting your account.
• Legal obligation (Art. 6(1)(c)) — to meet record-keeping requirements where applicable.

7. Service providers

We use a small number of third-party services to operate the app. We have data-processing agreements in place with each that meet GDPR requirements.

Current specific providers are listed at /subprocessors. We may change providers from time to time without amending this policy — the sub-processors list is the source of truth.

8. How long we keep data

• Account & profile data: for as long as your account exists. Deleted within 30 days of you deleting your account.
• Food log, weight entries, water log: same as account data.
• Meal photos: until you delete the meal entry, or until you delete your account. Then removed from storage within 30 days.
• AI analysis cache: 30 days.
• Food search cache: 30 days.
• Feedback events: 90 days linked to your account, then anonymised or deleted.
• Crash reports: as set by the diagnostics provider's defaults (currently 90 days).

Some records (transactions, tax-relevant data) may be retained for longer where required by Finnish or EU law.

9. Your rights

You have the following rights over the personal data we hold about you. Most of these apply globally; some are specific to certain jurisdictions.

Everywhere

• Access — request a copy of the data we hold about you.
• Correct — fix inaccurate or incomplete data (you can edit most of it directly in the app).
• Delete — delete your account and the data associated with it.

European Economic Area & United Kingdom

• Portability — receive your data in a structured, machine-readable format.
• Restriction — ask us to limit how we process your data.
• Object — object to processing based on our legitimate interests.
• Withdraw consent — withdraw the consent you gave at onboarding (this deletes your account, since we can't operate the app without that data).
• Lodge a complaint — with your local data protection authority. In Finland that's the Office of the Data Protection Ombudsman (Tietosuojavaltuutettu).

California

• Right to know — request the categories and specific pieces of personal information we collect.
• Right to delete — request deletion of your personal information.
• Right to opt out of sale or sharing — we don't sell or share your personal information for cross-context behavioural advertising, so there's nothing to opt out of, but you can confirm in writing.
• Right to non-discrimination — we will not penalise you for exercising any of these rights.

How to exercise your rights

Email hello@ginnypix.com from the address tied to your account, or with proof of account ownership. We will respond within 30 days. There's no fee unless the request is manifestly unfounded or excessive.

10. Age requirement

Calorie Buddy is intended for users 18 years of age or older. Calorie targets and weight-management estimates are not appropriate for minors, and we don't want the responsibility of generating them. The app gates onboarding on age and will not produce a plan for users under 18.

If we learn we have inadvertently collected data from someone under 18, we will delete it.

11. International transfers

We are based in Finland (EU). Some of our service providers are based in the United States, which means some of your personal data may be transferred outside the European Economic Area for processing. When we do this, we rely on:

• The EU-U.S. Data Privacy Framework, where the receiving provider is certified, or
• Standard Contractual Clauses approved by the European Commission, along with supplementary technical measures where necessary.

You can request a copy of these safeguards by emailing us.

12. Security

We use industry-standard measures to protect your data, including TLS encryption in transit, encryption at rest on our cloud database and storage, and access controls limiting who can read user data on our side. No system is perfectly secure — if we ever experience a breach affecting your personal data, we will notify you and the relevant data protection authority within 72 hours where required by law.

13. AI and feedback signals

To make calorie and macro estimates more accurate over time, we collect implicit feedback about your scans (whether you accepted, edited, or deleted the result; thumbs up / thumbs down on scanned items). These signals are aggregated into a shared food catalog that we use to improve future estimates for everyone.

We do not use your meal photos to train any AI model. The third-party AI provider we use processes images and discards them after the retention window described in section 4.

If you'd prefer your feedback signals not be used in this way, email us at hello@ginnypix.com and we'll exclude your account from feedback aggregation.

14. Not medical advice

Calorie Buddy is a food tracker. The calorie and macro estimates we show are produced by applying the peer-reviewed Mifflin–St Jeor formula and standard macronutrient distributions to the inputs you give us. They are not medical advice, dietary advice from a licensed clinician, or a prescription. They are a starting point.

You should talk to a doctor or registered dietitian for guidance tailored to your health, especially if you are pregnant, breastfeeding, recovering from an eating disorder, managing a chronic condition (diabetes, kidney disease, heart disease, etc.), or taking medications that affect your metabolism.

15. Changes to this policy

We may update this policy from time to time. Material changes will be notified to you in-app or by email before they take effect. The "Last updated" date at the top of this page always reflects the most recent change. Past versions are available on request.

16. Contact

For any privacy question, request, or complaint, email hello@ginnypix.com. We respond within 30 days. If you need a postal address for formal correspondence, ask in your email and we'll provide it.

If you're in the EU or UK and you're not satisfied with our response, you can lodge a complaint with the Finnish Data Protection Ombudsman at tietosuoja.fi or your local supervisory authority.