Yumlo ("we", "us", or "our") operates the Kalori mobile application (the "App"). This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights. By using Kalori, you agree to the practices described here.
1. Data We Collect
a) Account & Profile Data
- Name and email address
- Password (stored as a secure hash — never in plain text)
- Profile photo (optional)
- Preferred language and app settings
b) Health & Body Data
Kalori is a nutrition and fitness tracking app. To provide its core functionality, we collect and process the following health-related data that you enter directly or that is synced from Apple Health (iOS) or Google Health Connect (Android):
- Body metrics: weight, height, age, biological sex, body mass index (BMI)
- Nutrition data: food entries, calorie intake, macronutrients (protein, carbohydrates, fat, fiber, sugar, sodium), micronutrients (vitamins and minerals)
- Physical activity: steps taken, calories burned, exercise sessions (type, duration, intensity)
- Hydration: daily water intake logs
- Fasting: intermittent fasting start/end times and protocols
- Goals: target weight, daily calorie goal, macro targets
- Progress: weight history over time, trend data
c) Food & Meal Data
- Food items scanned via barcode or AI camera scan
- Custom foods and recipes created by you
- Meal plans generated by the AI
- Saved and recently logged foods
d) Usage & Device Data
- Device type, operating system version, and app version
- Push notification token (for sending reminders)
- App usage patterns (features used, session duration)
- Crash reports and error logs
e) Payment Data
- Subscription status (active, trial, expired)
- Payment provider transaction IDs (Stripe)
- We do not store full card numbers or CVV codes — all card processing is handled by Stripe
f) Social & Group Data
- Group memberships and posts you create in groups
- Accountability buddy connections (with your consent)
- Referral codes you generate or use
2. How We Use Your Health Data
Health data is sensitive. We use it exclusively to provide and improve the Kalori service — never for advertising, and never sold to third parties.
Specifically, we use health data to:
- Calculate your daily calorie and macro targets based on your body metrics and goals
- Display your nutrition dashboard, progress charts, and weekly reports
- Generate AI-powered meal plans and food suggestions personalized to your goals
- Sync with Apple Health and Google Health Connect so your fitness data stays consistent across apps
- Send you reminders and insights about your nutrition and activity patterns
- Provide your AI nutrition coach with context for personalized advice
We do not use your health data for advertising, sell it to third parties, or share it with insurers, employers, or any entity that could use it to make decisions about you.
3. Apple Health & Google Health Connect
On iOS, Kalori can read and write data to Apple Health (HealthKit) with your explicit permission. On Android, Kalori can read and write data to Google Health Connect with your explicit permission.
Data accessed from Apple Health / Google Health Connect includes:
- Steps and active energy burned
- Workouts and exercise sessions
- Body weight and BMI
- Nutrition data (calories, macros)
- Hydration (water intake)
This data is used solely to display your health metrics within Kalori and to write your logged nutrition and activity back to your health platform. It is never shared with third parties or used for advertising.
Revoking access on iOS: Settings → Privacy & Security → Health → Kalori
Revoking access on Android: Health Connect app → App permissions → Kalori
4. AI Features & Data Processing
Kalori uses AI to analyze food photos, generate meal plans, and power the nutrition coach chat. When you use these features:
- Food photos are sent to our AI processing server and are not stored permanently after analysis
- Chat messages with the AI coach are processed to generate responses and may be retained to improve the service
- Meal plan generation uses your profile data (goals, dietary preferences, food history) to personalize suggestions
5. Data Sharing & Third Parties
We share data with the following third-party services only as necessary to operate the app:
- Stripe — payment processing (card data never touches our servers)
- Apple Health / Google Health Connect — health data sync (with your permission)
- Apple APNs / Google FCM — push notification delivery
- Cloud hosting providers — secure data storage
We do not sell, rent, or trade your personal data or health data to any third party for marketing or advertising purposes.
6. Data Retention
We retain your data for as long as your account is active. If you delete your account, we will delete your personal data and health data within 30 days, except where required for legal or financial compliance (e.g., payment records).
You can request account deletion at any time from Settings → Delete Account within the app.
7. Data Security
- HTTPS/TLS encryption for all data in transit
- Encrypted storage for sensitive data at rest
- Passwords stored as bcrypt hashes — never in plain text
- Access controls limiting who on our team can access user data
If you believe your account has been compromised, contact us immediately at privacy@yumlo.ma.
8. Children's Privacy
Kalori is not directed at children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
9. Your Rights
Depending on your location, you may have the right to:
- Access — request a copy of the data we hold about you
- Correction — request correction of inaccurate data
- Deletion — request deletion of your account and associated data
- Portability — request your data in a machine-readable format
- Objection — object to certain types of data processing
To exercise any of these rights, contact us at privacy@yumlo.ma.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by displaying a notice in the app or sending an email. The "Last updated" date at the top reflects the most recent revision.
11. Contact Us
Yumlo
Email: privacy@yumlo.ma