Fit Calo Privacy Policy

This Privacy Policy explains how we collect, use, share, and protect your information when you use Fit Calo (the “App”). If you do not agree with any part of this Privacy Policy, please stop using the App.

1. Information we collect

1.1 Information you provide

• Account information: When you sign in with Google or Sign in with Apple, we process identifiers and profile details you authorize, such as your user ID (UID), display name, avatar, and email address (if available and permitted by the provider).
• Content and inputs: Meal logs, notes, and other content you create in the App (if applicable).

1.2 Device permissions and media

• Camera: Used to capture meal photos (only after you grant permission).
• Photos/Media: Used to select images from your library (only after you grant permission).

We do not access your camera or photo library without your permission. You can revoke permissions at any time in your device settings, but some features may not function properly.

1.3 Information collected automatically

• Logs and diagnostics: Crash reports, error logs, and performance data to keep the App stable and improve reliability.
• Device and app information: Such as device model, OS version, app version, and language settings for compatibility, analytics, and fraud prevention.
• Product interaction data: In-app events (for example, sign-in, paywall views, subscription checkout starts, and meal logging) to understand how features are used and to measure marketing performance.

1.4 Advertising, attribution, and tracking

We use attribution and analytics tools (including AppsFlyer) to understand how users discover Fit Calo and whether our marketing campaigns are effective. What is collected and how you control it depends on your platform:

iOS

• IDFA (Identifier for Advertisers): If you grant permission through Apple’s App Tracking Transparency (ATT) prompt, we and our partners may access your device’s advertising identifier for cross-app advertising measurement. If you deny permission, IDFA is not available to us for that purpose.
• Other technical identifiers: Our attribution partner may also process identifiers such as an AppsFlyer ID and, where permitted, vendor/device identifiers (for example, IDFV) to attribute installs and in-app events.

Android

• Advertising ID (GAID): On Android, our attribution and analytics partners may process your Google advertising identifier to measure installs, in-app actions, and marketing performance. You can reset or opt out of personalized ads in your device settings (typically Settings → Google → Ads, or your device manufacturer’s equivalent privacy settings).
• Other technical identifiers: Our attribution partner may also process identifiers such as an AppsFlyer ID and other device or app-instance identifiers permitted on your device to attribute installs and in-app events.

All platforms

• Linked account ID: After you sign in, we may associate your Firebase user ID with attribution records so subscription and usage events can be analyzed consistently across sessions.
• In-app events: We may send product interaction events (for example, sign-in, paywall views, checkout starts, and meal logging) to our attribution partners for analytics and marketing measurement.

Your choice matters. On iOS, denying ATT permission does not block core App features such as sign-in, meal logging, or subscriptions; it mainly affects the accuracy of advertising attribution. On Android, changing or resetting your advertising ID affects measurement in a similar way, but core App features remain available.

1.5 Subscription and payment information

• Subscription status: We retrieve your subscription entitlement status via RevenueCat (e.g., whether an entitlement is active, trial status, and expiration time).
• Payment processing: In-app purchases are processed by the platform store where you installed the App:
  • Apple App Store (iOS): Subscriptions and payments are handled by Apple. We do not receive your full payment card details.
  • Google Play (Android): Subscriptions and payments are handled by Google. We do not receive your full payment card details.

2. How we use information

• Provide and maintain the service: Authentication, meal recognition/logging, syncing, and showing subscription access.
• Improve the App: Understand usage patterns, optimize performance, and fix bugs.
• Marketing measurement and attribution: Measure installs and in-app actions related to our advertising, evaluate campaign performance, and reduce wasted ad spend.
• Security and fraud prevention: Prevent abuse, unauthorized access, and attacks.
• Compliance: Meet legal, regulatory, and law enforcement requirements.

3. How we share information

We share information only in the following circumstances:

• With service providers: We use third-party services to provide core functionality, which may process necessary data:
  • Firebase Authentication (Google LLC): Sign-in and identity verification.
  • Google Sign-In (Google LLC): Google account authentication flow.
  • Sign in with Apple (Apple Inc.): Apple account authentication on iOS.
  • RevenueCat (RevenueCat, Inc.): Subscription management, entitlement checks, offerings/products configuration, and subscription analytics. RevenueCat may share device and subscription-related data with attribution partners where configured.
  • AppsFlyer (AppsFlyer Ltd.): Mobile attribution, advertising measurement, and in-app event analytics on iOS and Android (on iOS, subject to your App Tracking Transparency choice).
  • Apple App Store / App Store Server Notifications (Apple Inc.): In-app subscriptions and payment processing on iOS.
  • Google Play Billing (Google LLC): In-app subscriptions and payment processing on Android.
• With our backend services: To enable features like food recognition and syncing, we may send necessary data to our server APIs (e.g., meal photos or parameters required to process them).
• Legal requirements: To comply with applicable laws, court orders, or government requests.
• With your consent: When you explicitly authorize or consent to sharing.

We do not sell your personal information.

4. Data storage and retention

• Where we store data: Data may be stored on our servers or our service providers’ servers, depending on the features you use and the regions where services are hosted.
• How long we keep data: We retain information as long as necessary to provide the App and for the purposes described in this policy, unless a longer retention period is required or permitted by law. We will take reasonable steps to delete or anonymize data when no longer needed.

5. Your rights and choices

• Access and correction: You may view and update certain profile details in the App (some information comes from your sign-in provider).
• Permission controls: You can revoke Camera/Photos permissions via device settings.
• Tracking and advertising choices:
  • iOS: You can allow or deny App Tracking Transparency permission when prompted. You can also change this later in Settings → Privacy & Security → Tracking.
  • Android: You can reset your advertising ID or opt out of ads personalization in Settings → Google → Ads (wording may vary by device and Android version).
• Account and data deletion: You may contact us to request deletion of your account and associated data, subject to legal limitations.
• Manage subscriptions:
  • iOS: Settings → Apple ID → Subscriptions, or the App Store subscription management page.
  • Android: Google Play → Payments & subscriptions → Subscriptions.

6. Children’s privacy

The App is not intended for children under 13 (or the minimum age required by your jurisdiction). If we learn that we have collected personal information from a child, we will take steps to delete it as soon as reasonably possible.

7. Security

We use reasonable technical and organizational measures to protect your information. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security in all situations.

8. Third-party services

The App includes SDKs provided by third parties. Those third parties have their own privacy policies and terms. We encourage you to review their policies to understand how they handle data, including:

• AppsFlyer Privacy Policy
• RevenueCat Privacy Policy
• Google Privacy Policy (Firebase / Google Sign-In)
• Apple Privacy Policy (Sign in with Apple / App Store)

9. Changes to this policy

We may update this Privacy Policy from time to time. If changes materially affect your rights, we will provide notice within the App or by other means. The updated policy becomes effective when posted.

10. Contact us

If you have questions or requests about this Privacy Policy, please contact us at:
Email: support@huaitai-iot.com