← Back to CalDesk AI
Privacy Policy
Last updated: May 26, 2026 Effective date: May 26, 2026
CalDesk AI ("CalDesk AI", "we", "us", or "our") operates the CalDesk AI mobile application and related websites (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. By using the Service you agree to the practices described here.
If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Information you provide
- Account information: name, email, password (hashed), date of birth, sex, height, weight, and goal preferences supplied during onboarding.
- Health and fitness data: meals you log (including photos), water intake, body measurements, workouts, sleep, mood, and progress photos.
- Profile content: avatar, bio, friend lists, group memberships, posts, comments, and messages.
- Communications: emails or in-app messages you send to support, professional coaches, or other users.
- Payment information: billing-related identifiers (transaction IDs, subscription state) processed by Apple, Google, and RevenueCat. We do not store full card numbers.
- Professional accounts: verification documents, licenses, business details, and tax-relevant information provided by registered coaches.
1.2 Information collected automatically
- Device data: device model, OS version, language, timezone, locale, app version, anonymous device identifiers.
- Usage data: feature usage, navigation events, search queries within the app, and operational diagnostics.
- Approximate location: derived from IP address. We collect precise location only when you explicitly enable location-based features (e.g., gym check-in, find-a-coach).
1.3 Information from third parties
- Apple Health / Google Fit: with your explicit OS-level permission, we read steps, active calories, weight, sleep, workouts, heart rate, and related metrics, and may write workouts and weight you create in CalDesk AI back to Health/Fit.
- Wearables: Polar, Oura, and Fitbit integrations (when you connect them) provide activity and biometric data via their respective OAuth flows.
- AI providers: when you scan or photograph food, the image and contextual prompts are processed by third-party AI providers. We do not include your name, email, or contact details in those requests.
2. How We Use Your Information
We use your information to:
- Operate and personalize the Service (calorie/macro goals, meal recommendations, dashboards).
- Process AI food recognition, nutrition estimation, meal-plan generation, and health insights.
- Maintain your account, authenticate sessions, and recover access.
- Sync with Apple Health and Google Fit when you enable those integrations.
- Facilitate professional coaching: connect you with coaches, deliver coach-prescribed plans, schedule sessions, and process payouts.
- Enable social features (friends, groups, challenges, shared posts).
- Send transactional messages (password resets, receipts, coach-session reminders) and, with your consent, marketing or product updates.
- Detect, prevent, and respond to fraud, abuse, security incidents, and policy violations.
- Comply with legal obligations and enforce our Terms of Service.
- Improve the Service through aggregated analytics and product research.
3. Legal Bases (EEA/UK Users)
Where the GDPR or UK GDPR applies, we rely on the following legal bases:
- Performance of a contract — to provide features you request (account, subscription, coach sessions).
- Consent — for camera access, Health/Fit integrations, push notifications, marketing emails, and processing of sensitive health data. You may withdraw consent at any time via Settings or device permissions.
- Legitimate interests — for product analytics, fraud prevention, and service security, balanced against your rights.
- Legal obligation — to satisfy tax, accounting, and law-enforcement requirements.
4. How We Share Information
We do not sell your personal information. We share data only as described below:
- Service providers (processors): cloud hosting (Cloudflare R2, Supabase/PostgreSQL providers), email delivery (Resend), push notifications (Expo/Apple/Google), analytics, operational monitoring, and AI processing partners — each bound by contract to use the data only to provide their service to us.
- Payment processors: Apple App Store, Google Play, and RevenueCat for subscription state.
- Professional coaches: when you engage a coach, we share the profile data and logged metrics necessary for the coach to provide their services. Coaches are independently responsible for handling that data.
- Social features: information you choose to make public (profile, posts, comments, leaderboards, challenge participation) is visible to other users according to your privacy settings.
- Legal and safety: we may disclose information if required by law, valid legal process, or to protect the rights, safety, or property of CalDesk AI, our users, or the public.
- Business transfers: if we are involved in a merger, acquisition, or asset sale, your information may be transferred under equivalent privacy protections.
5. International Data Transfers
We process data in the United States and other countries where our service providers operate. Where required, we rely on Standard Contractual Clauses or other approved mechanisms to safeguard transfers from the EEA, UK, or Switzerland.
6. Data Retention
We keep personal information only as long as needed:
- Account data: retained while your account is active and for up to 30 days after deletion to allow account recovery, then permanently deleted or anonymized.
- Health logs and progress photos: retained while your account is active; deleted on account deletion.
- Billing records: retained as required by tax and accounting law (typically 7 years).
- Backups: rolling backups are purged within 90 days of deletion.
- Aggregated, de-identified data: may be retained indefinitely.
7. Your Rights and Choices
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your account and personal data.
- Export your data in a portable format.
- Object to or restrict certain processing.
- Withdraw consent at any time (without affecting prior processing).
- Lodge a complaint with your local data-protection authority.
You can exercise most rights directly inside the app under Settings → Privacy (Export Data, Delete Account, Manage Permissions). To make a written request, email [email protected]. We respond within 30 days.
Deleting your account
You can permanently delete your account at any time from within the app:
1. Open CalDesk AI. 2. Tap Settings → Privacy. 3. Tap Delete Account. 4. Confirm by typing your account email and tapping Delete my account.
Deletion is immediate: your profile, meals, workouts, photos, posts, friends, push tokens, and subscription state are removed. We keep an anonymous audit row (a one-way hash of your user ID, the deletion timestamp, and your optional reason) for security and compliance review. Active subscriptions billed through the App Store or Google Play must be cancelled separately in those stores' subscription settings.
If you cannot access the app, email [email protected] from the address on your account and we will process the deletion within 30 days.
California residents (CCPA/CPRA)
You have the rights listed above plus the right to know the categories of personal information collected and disclosed in the past 12 months, and the right to opt out of "sharing" for cross-context behavioral advertising. We do not sell personal information.
8. Children's Privacy
The Service is not directed to children under 13 (under 16 in the EEA/UK). We do not knowingly collect data from such children. If you believe a child has provided us data, contact [email protected] and we will delete it.
9. Health and Medical Disclaimer
CalDesk AI is a wellness and nutrition tool. It is not a medical device, does not provide medical advice, and is not a substitute for professional medical care. Always consult a qualified healthcare provider before changing your diet, exercise, or supplementation routine, especially if you have a medical condition, are pregnant, or are managing an eating disorder.
10. Security
We use industry-standard safeguards: TLS in transit, encryption at rest for sensitive fields, hashed passwords (bcrypt), least-privilege access controls, audit logging, and regular vulnerability reviews. No system is 100% secure; please use a strong, unique password and enable device-level protection.
11. Third-Party Links and Services
The Service may link to third-party content (recipes, articles, coach websites). Those sites have their own privacy practices, which we do not control. Review them before sharing personal information.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced in the app and, where required, by email at least 30 days before they take effect. The "Last updated" date at the top reflects the most recent revision.
13. Contact Us
- Email: [email protected]
- Mail: CalDesk AI Privacy Team, c/o CalDesk AI Inc., 2261 Market St #4567, San Francisco, CA 94114, USA
- EU/UK Representative: contact [email protected] to be put in touch with our appointed representative.
If you are not satisfied with our response, you may contact your local data-protection authority.