Privacy Policy

Last updated: April 2026

CALIQ ("we", "our", "the app") is a personal calorie and energy tracking app. This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

• Account data: When you sign up, we store your email address and a hashed password through Supabase (our authentication provider). If you use Sign in with Apple, we receive only the anonymized identifier Apple provides. We use this solely to authenticate you on future launches.
• Camera and photos: When you scan a meal, we access your camera or photo library. The image is transmitted to our calorie-estimation service (see Section 4) and is not retained on CALIQ servers after the response is returned.
• User-entered data: Meals, workouts, weight, height, age, sex, activity level, and calorie goals you enter are stored locally on your device. This data is not transmitted to CALIQ servers in the current version.
• OAuth tokens: If you connect WHOOP or Fitbit, the short-lived access tokens returned by those services are stored securely on your device using the iOS Keychain (via expo-secure-store). Tokens are never transmitted to CALIQ.

2. Data We Do NOT Collect

• We do not collect your name, phone number, address, or payment information.
• We do not run third-party analytics, advertising SDKs, or behavioral tracking.
• We do not sell any data to third parties.

3. Apple Health (HealthKit)

If you grant permission, CALIQ reads the following HealthKit categories on-device only:

• Active Energy — the calories you have burned through movement today.
• Resting Energy — your basal metabolic burn for the day.

This data is used solely to calculate your net calorie position inside the app. CALIQ does not write to Apple Health, and HealthKit data never leaves your device. It is not sent to CALIQ servers, to our AI provider, or to any other third party.

4. AI Calorie Estimation

When you use the Scan Meal feature, your food photo and a short text prompt are sent from your device to a CALIQ-operated API endpoint hosted on Cloudflare Workers. The request is authenticated using your logged-in session.

Our endpoint forwards the image to OpenAI's GPT-4o vision API and returns the parsed calorie and macro estimate to your device. The photo is processed in memory and is not persisted on CALIQ's servers or logs. OpenAI's handling of the image is governed by its own policy:

• OpenAI Privacy Policy

5. Wearable Integrations

CALIQ can connect to the following services to replace estimated calorie burn with real sensor data. Each integration is optional and requires your explicit consent via the provider's own OAuth flow.

• WHOOP — we receive your daily calorie burn, strain, and recovery numbers through WHOOP's OAuth 2.0 API.
• Fitbit — we receive your daily active and basal calorie totals through Fitbit's OAuth 2.0 API.

For both providers, your credentials are handled entirely on the provider's authentication servers. CALIQ only receives the numeric summaries described above. You can disconnect either provider at any time from the Connections screen in Settings, which revokes the stored token.

Packaged-food nutrition data for barcode scans is provided by Open Food Facts under the Open Database License (ODbL). Generic-food nutrition data is sourced from the USDA FoodData Central public domain database.

6. Children

CALIQ is not directed at children under 13. We do not knowingly collect data from children.

7. Changes

We may update this policy. Continued use of CALIQ after changes constitutes acceptance of the new policy.

8. Contact

Questions? Email us at: support.calorie.iq@gmail.com