CalCat Privacy Policy

Effective: 2026-05-10

This Privacy Policy explains how Uyoung ("we") collects, uses, and protects information when you use the CalCat mobile application.

1. Information We Collect

Account & authentication

• Email, nickname, hashed password, or third-party identifier (Google, Apple)
• Sign-up timestamp, IP address, device/OS information, app version
• Advertising identifier (IDFA / AAID), only with your consent

Profile (user-provided)

• Gender, date of birth, exercise frequency, diet type, goal type (lose / maintain / gain)

Sensitive personal information — health data (collected only with separate consent)

Under Article 23 of the Korean Personal Information Protection Act (PIPA) and analogous regimes such as GDPR Article 9, the items below are treated as sensitive personal information and are collected only after you provide separate, explicit consent distinct from your consent to general personal information processing.

• Items: height, weight, target weight, weekly weight change goal, body composition (e.g. body-fat percentage, skeletal muscle mass), food photographs and their analysis output (estimated calories and macronutrients), meal and weight logs.
• Purposes: estimating daily energy needs (BMR/TDEE), providing nutrition analysis and feedback, computing challenges and ranking, recommending personalized goals, and producing de-identified service statistics.
• Retention: until account deletion or withdrawal of consent, except where retention is required by law.
• Right to refuse: you may refuse this consent. Because the data is essential for the Service's core features (photo analysis, challenges, ranking), refusal will materially limit your ability to use those features.
• Withdrawal: you may withdraw consent at any time from Profile → Terms & Consents in the app, or by emailing [email protected]. Upon withdrawal we delete the corresponding sensitive data without undue delay.

We do not collect any other categories of sensitive data (e.g. beliefs, political opinions, union membership, genetic data, criminal records).

Usage data

• Food photos and automatic analysis results (food names, estimated calories, macronutrients)
• Meal logs, challenge progress, ranking nickname

Payment data

• App Store / Google Play in-app purchase receipts, subscription status, transaction IDs
• We do not collect or store payment instruments (e.g. card numbers); these are handled by the respective stores.

2. How We Use Information

• To authenticate you and provide the core features of the Service
• To analyze food photos and produce nutrition statistics
• To deliver personalized goals, challenges, and ranking
• To verify subscription entitlements and process billing
• To respond to inquiries and send service notices
• To improve our analysis models and overall Service quality (de-identified)
• To comply with legal obligations and resolve disputes

3. Retention

We retain personal data while your account is active and delete it when you close your account, except where retention is required by law (e.g. e-commerce records for up to 5 years, dispute records for 3 years, access logs for 3 months under Korean law).

4. Sharing

We do not sell your personal data. We share information only:

• With your prior consent
• With service providers who process data on our behalf (see Section 5)
• When required by law or valid legal process

5. Service Providers

• Google LLC — Firebase Authentication and AdMob advertising
• Apple Inc. — Sign in with Apple and App Store in-app purchases
• Cloud infrastructure providers — server hosting and storage

6. International Transfers

Some service providers process data outside your country (e.g. in the United States). Where required, we rely on appropriate safeguards such as standard contractual clauses.

7. Your Rights

• Access, correct, delete or export your personal data
• Withdraw consent and delete your account from within the app or by contacting us
• On iOS 14.5+, change app tracking permission at any time in system settings
• Reset or disable your advertising identifier in your device settings

8. Security

We use HTTPS for transport, hash passwords at rest, restrict access on a need-to-know basis, and review our systems periodically for vulnerabilities.

9. Children

CalCat is not directed to children under the age of 14. If we learn we have collected information from such a child, we will delete it without undue delay.

10. Contact

[email protected]

11. Changes

We will post material changes to this Policy in the app or on this page at least 7 days before they take effect.