Privacy Policy

Calori · Effective date: May 20, 2026 · Last updated: May 20, 2026

1. Who we are

Calori is a calorie-tracking application developed and operated by Alhamad Studios, a sole proprietorship registered in the State of Kuwait. When this policy says "we", "us", or "our", it refers to Alhamad Studios. When it says "Calori" or "the App", it refers to the Calori mobile application and any related services we provide.

Our parent web presence is alhamadgallery.com. You can reach us about anything in this policy at support@alhamadgallery.com.

2. What this policy covers

This policy explains what personal information Calori collects when you create an account and use the App, why we collect it, who we share it with, how long we keep it, and the rights you have over it. It applies to all Calori users worldwide.

It does not cover any third-party services you choose to connect to Calori (for example, Apple or Google when you sign in with their accounts), or websites you may navigate to from links inside the App. Those services have their own privacy policies, which we link to in Section 6.

3. Information we collect

We collect only what we need to make the App work and to keep your data syncing across your devices. We do not sell your data. We do not run advertising in the App. We do not share your data with brokers or marketers.

3.1 Account information

When you sign in with Apple or Google, we receive:

Your name (as you provided it to Apple or Google, or as you choose to share)
Your email address (or a relay email address if you used Sign in with Apple's "Hide My Email")
A unique identifier issued by the sign-in provider

3.2 Profile information you provide

Gender (male / female)
Date of birth (used to compute age)
Height (cm)
Weight (kg) and any weight changes you log over time
Activity level (sedentary through very active)
Goal (lose / maintain / gain weight) and target weight
Goal pace (kg per week)
Whether you have used a calorie-tracking app before

3.3 Meal entries

Each time you log a meal, we store:

The meal name and time
Calories and macronutrients (protein, carbohydrates, fat)
The meal type you chose (breakfast / lunch / dinner / snack), if any
The health score and short reason generated by our AI provider for that meal, if applicable
The photo you took of the meal, if any

3.4 AI processing of meal photos and text

When you take a photo of a meal or describe it in text, we send that photo or text to Google Gemini (Google's Generative Language API) to estimate the nutrition values and a health score. The image / text is processed in transit, used to generate the response, and not retained by Google for training purposes per our use of Google's paid API tier. We do not send any other personal data with this request.

3.5 Subscription information

If you subscribe to Calori Premium, we use RevenueCat to manage your subscription state. RevenueCat receives your Apple subscription receipt, an anonymous user identifier, and basic device information (model, OS version) to determine your entitlement. Your payment information (card, Apple ID password, etc.) is handled entirely by Apple and is never seen by us or by RevenueCat.

3.6 Device and usage information

Your selected language (English or Arabic)
Your time zone (used to schedule meal-reminder notifications correctly)
Notification permission state (whether you've granted permission to receive reminders)
App version and OS version (used for debugging and compatibility checks)

3.7 Product analytics

We use PostHog to record a small fixed set of anonymous product-usage events — for example: a paywall was shown, a scan was attempted, a meal was logged. The data attached to each event is your Supabase user ID (a random UUID), the event name from our published catalog, your app version, your OS version, and your selected language. We never send your email, name, weight, calorie totals, food names, or photos to PostHog. The purpose is to understand which features users rely on so we can prioritize improvements.

3.8 Crash reports

We use Sentry to capture uncaught errors and crashes so we can fix bugs. A crash report contains a stack trace, your app version, your OS version, and the Supabase user ID that was signed in at the time of the crash. We never send your meals, weight, photos, or any food-related content to Sentry.

4. How we use your information

To provide the App's core features: compute your daily calorie target, show your meal history, draw your weight trend, etc.
To analyze the meals you log via AI: estimate nutrition, generate health scores and reasons in your selected language.
To deliver reminder notifications at the times you've configured.
To manage your Calori Premium subscription (if you subscribe).
To respond to your support requests when you email us.
To debug crashes and fix bugs (using OS-version and app-version info).

We use PostHog to understand which features get used (see section 3.7) and Sentry to know when the app crashes (see section 3.8). Neither receives your email, name, food data, weight, or photos — only a random user ID and event/crash metadata. We do not use your information for advertising, marketing-list building, or behavioral profiling. We do not run any ad-tracking SDKs (no Facebook SDK, no AppsFlyer, no Adjust).

5. Service providers we use

We use the following third-party services to operate Calori. Each one acts as a "data processor" on our behalf — they handle data only as instructed by us and have agreed to data-protection terms.

Service	What it does for us	What data it sees	Their privacy policy
Supabase, Inc.	Stores your account, profile, meals, weight logs, and meal photos in a managed Postgres database with file storage.	Everything in sections 3.1–3.3, 3.6.	supabase.com/privacy
Google LLC (Generative Language API / Gemini)	Analyzes the meal photos and text descriptions you submit, returns nutrition estimates and health scores.	The photo or text you submit for that scan only.	ai.google.dev/gemini-api/terms
Apple, Inc. (Sign in with Apple, App Store, push notifications)	Authenticates you, processes subscription payments, delivers notifications.	Sign-in details (3.1), payment information (3.5), device push token.	apple.com/legal/privacy
Google LLC (Sign in with Google)	Authenticates you when you choose Google sign-in.	Sign-in details (3.1).	policies.google.com/privacy
RevenueCat, Inc.	Manages your subscription entitlement and provides subscription analytics to us.	Subscription receipt, anonymous user ID, device model and OS.	revenuecat.com/privacy
PostHog, Inc.	Records anonymous product-usage events so we can see which features get used.	Supabase user ID (UUID), event name, app version, OS version, language. No PII.	posthog.com/privacy
Functional Software, Inc. (Sentry)	Captures app crashes and uncaught errors so we can fix bugs.	Stack trace, app version, OS version, Supabase user ID (UUID) at crash time.	sentry.io/privacy

6. International data transfers

Calori operates from the State of Kuwait. The service providers listed above are primarily based in the United States and operate data centers in multiple regions (United States, European Union, and others). When you use Calori, your data may be transferred to and processed in any of these regions. We rely on the providers' own data-transfer safeguards (Standard Contractual Clauses, EU adequacy decisions where applicable, and equivalent mechanisms) for this.

7. How long we keep your data

Account, profile, meals, weight logs, photos: retained for as long as your account is active. If you delete your account (see Section 8), we permanently delete them within 30 days.
Meal photos sent to Google Gemini: not retained by Google after the response is returned to us, per our use of the paid API tier.
Subscription receipts at RevenueCat: retained per RevenueCat's policies for accounting and refund purposes.
Support email correspondence: retained as long as needed to resolve your issue, then deleted within a reasonable time.

8. Your rights

Regardless of where you live, you can:

Access the personal data we hold about you
Correct any inaccurate data (most fields are user-editable directly in the App)
Delete your account and all associated data from inside the App (Account → Delete account)
Export a copy of your data — write to us and we will provide it in a machine-readable format within 30 days
Object to specific processing or withdraw consent at any time

If you are in the European Economic Area, the United Kingdom, or California, you have additional rights under the GDPR, UK GDPR, or CCPA respectively (including the right to lodge a complaint with your local data-protection authority). All of the above rights are exercised the same way: contact us at support@alhamadgallery.com or use the in-App controls.

9. Children

Calori is not intended for children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has created an account, please contact us at support@alhamadgallery.com and we will delete the account.

10. Security

All data in transit between the App and our service providers is encrypted using TLS. Data at rest in our Supabase database is encrypted by the provider. Access to your data is restricted by per-user row-level security policies — you can only see your own data. We do not store payment information; that is handled entirely by Apple.

No system is perfectly secure. If we ever become aware of a breach affecting your data, we will notify you and the relevant authorities as required by law.

11. Changes to this policy

We may update this policy when we add new features or change a service provider. The "Last updated" date at the top will reflect the most recent change. For material changes we will surface a notice in the App so you can review the new version before continuing.

12. Contact us

Questions, concerns, or requests about this policy or your data:
Email: support@alhamadgallery.com
Operator: Alhamad Studios, State of Kuwait