Privacy Policy

This Privacy Policy explains how Calorie ("Calorie," "we," "us," or "our"), operated by INCOGNITO INNOVATIONS LTD, a company registered in the United Kingdom with its registered office at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ, processes Personal Data when you use our nutrition tracking application, website, AI features, account features, and related services (collectively, the "Service").

Calorie is designed as a local-first product. Your meal logs, nutrition history, images, and related tracking data are stored locally on your device by default and are not collected, stored, or synced by us unless you choose to use a feature that expressly requires transmission, such as an AI action, account authentication, support request, or payment flow.

Your nutrition data remains local to your device. This includes meal entries, food descriptions, calorie and macro information, uploaded or captured meal images, preferences, and progress history ("Local Nutrition Data").

We do not operate a cloud database for Local Nutrition Data and do not collect, store, sell, rent, or otherwise monetize Local Nutrition Data. You are responsible for maintaining your own device backups if you want to preserve Local Nutrition Data.

An account is required to use AI features and to manage paid AI credits. When you create or use an account, we process your email address and related authentication records ("Account Data") for account creation, login, fraud prevention, security, customer support, and service administration.

We retain Account Data for as long as your account remains active and for any additional period reasonably necessary to comply with legal obligations, resolve disputes, prevent abuse, and enforce our agreements.

If you choose to use an AI feature, the content you submit for that AI action, such as meal images, food descriptions, nutrition context, and related prompts ("AI Input"), will be transmitted to a third-party AI service provider solely to generate the requested output.

Our third-party AI service provider is configured for zero data retention ("ZDR"). ZDR means the provider is contractually and technically configured not to retain AI Input or AI Output for model training or long-term storage after processing the request, subject to limited transient processing necessary to provide the AI response and any mandatory legal or security obligations.

We do not collect or store AI Input or AI Output on our servers. AI Input and AI Output may remain on your device as part of your local application data unless you delete it from the Service or your device.

Payments are processed by Paddle. Paddle may act as merchant of record, reseller, payment processor, or independent controller for certain transaction-related Personal Data, depending on your location and the payment flow.

When you purchase AI credits, Paddle may process billing details, payment method information, tax information, transaction identifiers, fraud-prevention signals, and purchase history. We receive limited payment-related records from Paddle, such as transaction status, product purchased, amount, currency, and customer email, so that we can provide credits, handle support, reconcile transactions, prevent abuse, and comply with accounting and legal obligations.

We do not receive or store your full payment card number.

If you contact us, we process the information you provide, such as your email address, message content, diagnostic details you choose to share, and related correspondence.

We use this information to respond to your request, troubleshoot issues, improve the Service, and maintain appropriate business records.

Where applicable law requires a legal basis, we process Personal Data to perform a contract with you, including account access, AI credit management, payment fulfilment, and support; to comply with legal obligations, including tax, accounting, sanctions, consumer protection, and lawful request obligations; based on our legitimate interests, including security, fraud prevention, service administration, and product reliability; and with your consent where required by law.

You may withdraw consent where processing is based on consent, without affecting processing that occurred before withdrawal.

We disclose Personal Data only as necessary to provide and protect the Service. This may include disclosures to authentication providers, infrastructure providers, AI service providers configured for ZDR, Paddle, customer support tools, professional advisers, and authorities where required by applicable law.

We do not sell Personal Data and do not share Local Nutrition Data for cross-context behavioral advertising.

We and our service providers may process Personal Data in countries other than where you live. Where required, we use appropriate safeguards for international transfers, such as standard contractual clauses, data processing agreements, and comparable lawful transfer mechanisms.

We use reasonable administrative, technical, and organizational measures designed to protect Personal Data against unauthorized access, loss, misuse, alteration, or disclosure.

Because Local Nutrition Data remains on your device by default, the security of your device, operating system, browser, backups, and access credentials is important. No method of transmission or storage is completely secure.

Local Nutrition Data is retained locally on your device until you delete it through the Service, remove the application data, or otherwise clear it from your device.

We retain Account Data, payment-related records received from Paddle, and support records only for as long as reasonably necessary for the purposes described in this Policy, including legal, tax, accounting, security, fraud-prevention, dispute-resolution, and enforcement purposes.

AI Input and AI Output are not stored by us on our servers.

Depending on your location, you may have rights to request access, correction, deletion, portability, restriction, or objection regarding Personal Data we process about you. You may also have the right to lodge a complaint with a data protection authority.

Because Local Nutrition Data is stored on your device and is not collected by us, requests involving Local Nutrition Data generally must be completed on your device. For Account Data, payment-related records we receive, or support records, contact us at privacy@hmr.sh.

Calorie is not directed to children under 13, and we do not knowingly collect Personal Data from children under 13. If you believe a child has provided us Personal Data, contact us at privacy@hmr.sh so we can take appropriate action.

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Service, by email, or by another method required by applicable law. The updated policy will be effective when posted unless a later effective date is stated.

For privacy questions or requests, contact INCOGNITO INNOVATIONS LTD at privacy@hmr.sh or by post at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.