Smart Calorie Tracker

Legal

Privacy Policy

Effective date: May 20, 2026Last updated: May 20, 2026Reading time: about 8 minutes

1. Introduction

Smart Calorie Tracker (“we”, “us”, or “our”) provides an AI-powered calorie and nutrition tracking app for iOS and Android, along with this marketing website. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, how long we keep it, and the rights you have over it.

Plain-language summary: we collect only what we need to run the app for you, we never sell your data, we never share it with advertisers, and you can delete your account and data at any time.

2. Data controller / fiduciary and contact

Smart Calorie Tracker is the data controller (and the “Data Fiduciary” under India's Digital Personal Data Protection Act, 2023) for the information described in this policy. For any privacy question, data request, grievance, or complaint, reach our Grievance Officer at privacy@smartcalorietracker.app. For general product questions, email support@smartcalorietracker.app.

3. What data we collect

3.1 Account data

  • Email address and display name.
  • Authentication provider identifier (Apple ID, Google ID, or email sign-in).

3.2 Profile data

  • Gender, date of birth or age, height, weight, activity level, and goal.
  • Meal, water, and weight reminder preferences.
  • Unit preferences (metric or imperial) and theme preference.

3.3 Health and fitness data

  • Weight history, BMI, and body measurements you log.
  • Meal entries, including food names, portions, and nutrition values.
  • Exercise entries, including type, duration, and intensity.
  • Water intake entries.
  • Daily steps, active calories, workouts, and weight synced from Apple Health, Google Health Connect, or Google Fit (only when you enable these integrations).

3.4 Media

  • Progress photos and food photos you upload, stored in Firebase Storage.

3.5 Device and diagnostic data

  • Device model, operating system version, and app version.
  • Crash logs collected by Firebase Crashlytics.
  • Firebase Cloud Messaging push token (used to deliver reminders).
  • Product analytics events (screen views, feature usage) logged through Firebase Analytics. These events are not used to identify you.

3.6 Support data

  • Contact form submissions, including name, email address, and the content of your message.

4. How we use your data

  • To provide and personalize the service, including calculating BMR, TDEE, calorie and macro targets, and generating weekly insights.
  • To send the opt-in notifications you have configured (meal, water, and weight reminders).
  • To improve the app through aggregate analytics and crash diagnostics.
  • To respond to your support requests and fix issues you report.
  • To comply with legal obligations, enforce our Terms of Service, and prevent abuse.

5. Legal bases (GDPR, UK GDPR, and India DPDP Act 2023)

  • Contract / Legitimate use. Processing necessary to provide the tracking service you signed up for. Under India's Digital Personal Data Protection Act, 2023, this is a legitimate use for which you have voluntarily provided your data.
  • Consent. Processing of health data, product analytics, push notifications, and any marketing communications. You may withdraw consent at any time, as provided under the DPDP Act and GDPR / UK GDPR.
  • Legitimate interests. Fraud prevention, service improvement, and keeping the app secure.

6. Third-party processors

We rely on the following sub-processors to run the app. Each provider processes data only under our instructions and under the agreements required by applicable data protection laws.

ServicePurposeDataProvider
Firebase AuthenticationAccount creation and sign-inEmail, auth tokensGoogle LLC
Cloud FirestoreApp databaseProfile, meals, exercises, water, weightGoogle LLC
Firebase StorageProgress and food photo storagePhotosGoogle LLC
Cloud FunctionsAI processing and food search proxyFood images, search queriesGoogle LLC
Firebase AnalyticsProduct analyticsAnonymized eventsGoogle LLC
Firebase CrashlyticsCrash reportingStack traces, device infoGoogle LLC
Firebase Cloud MessagingPush notificationsFCM tokenGoogle LLC
Firebase Remote ConfigFeature flagsNot applicableGoogle LLC
Google Sign-InAuthentication optionGoogle account ID, emailGoogle LLC
Google Health ConnectSync health data (Android)Steps, workouts, weight, caloriesGoogle LLC
Google FitSync fitness data (Android legacy)Steps, workoutsGoogle LLC
Sign in with AppleAuthentication option (iOS)Apple ID, emailApple Inc.
Apple HealthKitSync health data (iOS)Steps, workouts, weight, caloriesApple Inc.
Anthropic Claude APIAI food image analysis and weekly insights (hybrid)Food photos, nutrition data summariesAnthropic PBC
OpenAI APIAI food image analysis and weekly insights (hybrid)Food photos, nutrition data summariesOpenAI, L.L.C.
FatSecret Platform APIFood text search databaseSearch queriesFatSecret
OpenFoodFactsBarcode product lookupBarcode numbersOpen Food Facts association
RevenueCatSubscription state & receipt validationAnonymized user ID, Apple/Google receipt dataRevenueCat, Inc. (USA)

Hosting region: Cloud Firestore, Firebase Storage, and Cloud Functions for Smart Calorie Tracker are hosted in Google Cloud's Mumbai region (asia-south1), India. Your account data, profile, meal/exercise/water/weight logs, and uploaded photos are stored in India.

Smart Calorie Tracker uses a hybrid AI setup. Food images and weekly insight requests may be processed by Anthropic Claude, OpenAI, or both, depending on availability and model fit for the request.

7. International transfers

Your primary application data (profile, meals, exercises, water, weight, and photos) is stored in India in Google Cloud's Mumbai region (asia-south1). Some of our sub-processors — specifically the AI providers (Anthropic, OpenAI), the subscription processor (RevenueCat), and the food databases (FatSecret, OpenFoodFacts) — operate from the United States or other regions. When information necessary to run these features is transferred outside India, the EU, the UK, or your country of residence, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards approved by applicable data protection authorities, including the safeguards required under India's Digital Personal Data Protection Act, 2023.

8. Data retention

  • Account and profile data are retained while your account is active.
  • After account deletion, your data is deleted from our production systems within 30 days. Encrypted backups are purged within 90 days.
  • Anonymized aggregate analytics may be retained for up to 26 months.
  • Support tickets are retained for up to 2 years for quality and legal purposes.

9. Your rights

You have the right to:

  • Access the personal information we hold about you.
  • Correct information that is inaccurate or incomplete.
  • Request deletion of your data (see Account Deletion).
  • Restrict or object to certain kinds of processing.
  • Request a copy of your data in a portable format.
  • Withdraw consent you have previously given.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@smartcalorietracker.app or use the in-app Delete Account flow. We respond within 30 days.

10. Children's privacy

Smart Calorie Tracker is not intended for users under 13 years of age, or under 16 in the European Economic Area where local law requires a higher age of consent. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, email privacy@smartcalorietracker.app and we will delete the account.

11. Apple Health (HealthKit) clause

  • We do not use HealthKit data for advertising or other data-mining purposes other than improving health, medical, or fitness management.
  • We do not disclose HealthKit data to third parties for advertising or data-mining purposes.
  • HealthKit data is only shared with third parties for the purpose of providing health, medical, or fitness services, and only with your explicit consent.

12. Google Health Connect and Fit clause

Data read from Google Health Connect or Google Fit is used only to provide features you have enabled (syncing steps, active calories, workouts, and weight). We do not sell this data, share it with advertisers, or use it for purposes unrelated to the app.

13. India (Digital Personal Data Protection Act, 2023) rights

If you are a Data Principal in India, the Digital Personal Data Protection Act, 2023 (the “DPDP Act”) gives you the following rights with respect to personal data we process about you:

  • Right to access. Obtain a summary of the personal data we process and the processing activities undertaken.
  • Right to correction and erasure. Request correction of inaccurate or incomplete data, and request deletion of personal data that is no longer required for the purpose it was collected.
  • Right to grievance redressal. Lodge a complaint with our Grievance Officer regarding any act or omission relating to your personal data.
  • Right to nominate. Nominate another individual to exercise your rights in the event of death or incapacity.
  • Right to withdraw consent. Withdraw your consent at any time, where processing is based on consent.

To exercise any of these rights, email privacy@smartcalorietracker.app. We act on verified requests within the timelines required by the DPDP Act and may ask for information needed to confirm your identity. If you are not satisfied with our response, you may approach the Data Protection Board of India.

Smart Calorie Tracker stores account, profile, and health data of Indian users in Google Cloud's Mumbai region (asia-south1).

14. California (CCPA and CPRA) rights

If you are a California resident, you have the right to know what personal information we collect, to request deletion, to request correction, to opt out of “sale” or “sharing” of personal information (we do not sell personal information), and to limit the use of sensitive personal information. To exercise these rights, email privacy@smartcalorietracker.app.

15. Website analytics and cookies

This marketing website uses Firebase Analytics to measure anonymous events such as page views. It does not set third-party advertising cookies. Your theme preference (light or dark mode) is stored locally in your browser.

16. Security

  • All traffic is encrypted in transit using TLS 1.2 or higher.
  • Data at rest is encrypted by our cloud providers.
  • Authentication tokens are short-lived and scoped.
  • Employee access to production data is limited and logged.

17. Changes to this policy

When we make material changes to this policy, we will notify you in-app and, where we have your email on file, by email, at least 30 days before the change takes effect.

18. Contact

Privacy questions / Grievance Officer (India, DPDP Act 2023): privacy@smartcalorietracker.app
General support: support@smartcalorietracker.app