logoCaloPal

Privacy Policy

Last Updated: February 1, 2025

Introduction

Welcome to CaloPal! This Privacy Policy is designed to inform you about how we collect, use, store, and protect your personal information, as well as your control over this information. By using CaloPal, you agree to the data practices described in this policy. Please read this policy carefully.

Information We Collect

We primarily collect the following types of information:

Personal Information

  • Account Information: Your name, email address, date of birth, gender, and password.
  • Health and Fitness Data: Height, weight, BMI, diet habits, food diary, exercise records, fitness goals, and other health-related information.
  • Contact Information: Your phone number, mailing address (where applicable for certain services).
  • Payment Information: Credit card details or other payment information (for subscription or purchases).

Device and Usage Data

  • Device Identifiers: IP address, device ID, ad ID.
  • Browsing Data: Pages you visit, the time of visit, and the duration of your usage.
  • Location Data: We may collect approximate location information based on your device settings.
  • Sensor Data: Data collected from your mobile device or wearable devices.
  • We use the Meta SDK for advertising and conversion tracking. Through this SDK, we only collect anonymous identifiers for ad attribution and performance measurement, and this data is completely isolated from your health and dietary data.

Cookies and Tracking Technologies

We use cookies and similar technologies to collect information to provide, maintain, and improve our services. These technologies may include:

  • Essential Cookies: Necessary cookies that support basic website functions.
  • Functional Cookies: Help us remember your preferences.
  • Analytics Cookies: Help us understand how users engage with our services.
  • Advertising Cookies: Used to show you relevant advertisements.

Data Sources

We collect information from the following sources:

  • Information you provide directly.
  • Information automatically collected through your use of our services.
  • Third-party services integrated with us (such as Apple HealthKit, Google Fit, etc.).
  • Publicly available sources.

How We Use Your Information

  • Providing and Improving Services: Creating and managing your account, offering personalized diet and fitness recommendations, tracking progress and goal achievements, developing new features, improving user experience, addressing technical issues, and providing customer support.
  • Communication: Sending service-related notifications, providing product updates and new features, sending marketing communications (if you agree), and responding to your inquiries or requests.
  • Analytics and Research: Understanding user behavior and preferences, conducting statistical analyses to improve services, developing and testing new product features, training AI and machine learning tools to enhance service quality.
  • Advertising and Marketing: Providing personalized ad experiences, measuring the effectiveness of marketing activities, and identifying potential user groups. When using the Meta advertising platform, we ensure that relevant data is used only for ad performance evaluation and optimization and will not be used for prohibited purposes such as discrimination, qualification decisions, surveillance, or creating unauthorized user profiles.

Special Protection for Health Data

We understand the sensitivity of health data, so we implement special protections:

  • Apple HealthKit Data: When you choose to link CaloPal with Apple HealthKit, we strictly follow Apple's HealthKit framework regulations, ensuring that data from HealthKit is not used for advertising or data mining, and is only used to improve your health experience or for health research purposes.
  • Google Fit Data: When you link CaloPal with Google Fit, we only read and write data within the scope authorized by you.

Information Sharing

We may share your information with the following parties:

  • Service Providers: Hosting and cloud service providers, payment processors, analytics service providers, customer support services, etc. Contracts with all service providers require them to process user data only according to our instructions and to implement data security measures equivalent to ours.
  • Business Partners: In some cases, we may share information with business partners to provide specific features or services, such as challenge or event partners, content providers, third-party integrated services, etc.
  • Legal Requirements: We may disclose your information in the following situations: to comply with legal obligations, respond to court orders or government requests, protect our or others' rights and safety, or investigate potential illegal activities.
  • Business Transactions: If CaloPal is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your personal data is transferred and subject to a different privacy policy.

Data Security

We take commercially reasonable security measures to protect your personal information, including:

  • Encryption of sensitive data during transmission and storage (using AES-256 encryption standard).
  • Implementation of access control mechanisms (including multi-factor authentication and the principle of least privilege).
  • Regular security audits and vulnerability assessments.
  • Staff training on data processing.

Although we strive to protect your personal information, please understand that no internet transmission or electronic storage method is 100% secure. We encourage you to take steps to protect your account, such as using strong passwords and changing them regularly.

Security Incident Notification

In the event of a security incident that affects your personal data, we will:

  • Notify affected users and relevant platforms (where applicable) as soon as possible.
  • Provide information about the nature of the event, potential impacts, and the remedial measures we are taking.
  • Immediately begin work to fix the issue and take reasonable steps to prevent similar events in the future.

Data Deletion and Retention

We will delete your data as soon as possible in the following cases:

  • When the retention of data no longer serves a legitimate business purpose.
  • When you delete your account or request data deletion.
  • When we stop providing the product or service you use.
  • When required by laws or regulations to delete data.
  • When requested by third-party platforms (e.g., Meta) to delete data to protect users.

Unless required by law, we will complete data deletion within 30 days after account deletion. For advertising-related data collected via the Meta SDK, we typically delete unnecessary data within 90 days after the advertising campaign ends, or immediately when Meta requests deletion to protect users.

Cross-Border Data Transfer

CaloPal's servers are located in the United States. If you use our services from outside the U.S., your information may be transferred, processed, and stored in the U.S., where data protection laws may differ from those in your country/region. We take appropriate technical safeguards (such as encryption, access control, and data minimization) to ensure your information is properly protected.

Your Privacy Rights

Depending on your location, you may have one or more of the following rights:

  • Access to your personal information.
  • Correct inaccurate data.
  • Update your profile.
  • Manage communication preferences.
  • Delete your account (in certain cases).
  • Users in the EU, UK, and similar jurisdictions: data portability rights, processing restrictions, objections to processing, right to be forgotten (in certain cases), right to withdraw consent, etc.
  • Users in California and other U.S. states: Know what personal information we collect, use, and share; request deletion of personal information; opt out of the "sale" or sharing of personal information; and not face discrimination for exercising privacy rights.

For advertising tracking data, you can control data collection through your device settings (e.g., iOS App Tracking Transparency). We respect your choices and will not attempt to bypass these privacy protections.

To exercise your privacy rights, please contact us via:

Children's Privacy

Our services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and discover that your child has provided us with personal information, please contact us, and we will take steps to delete such information.

Advertising and Personalization

We may use your information to provide personalized ads:

  • Interest-based Ads: We may use your browsing history, app usage data, and other information to provide ads relevant to your interests.

Policy Updates

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you in the following ways:

  • Displaying a notification within the app.
  • Sending an email notification.
  • Posting the updated version on our website.

Continuing to use our services means you accept the updated policy. We encourage you to review this policy periodically to stay informed of any changes.

Contact Us

If you have any questions, comments, or requests regarding our Privacy Policy, please contact us: