Privacy Policy

1. Data We Collect

Account Data

• Email address — used to create and identify your account via Firebase Authenticat>
• Password — stored securely by Firebase Auth; we never see or store it in plaintex>
• Google Sign-In — optional; we receive your name and email from Google if you choo>

Profile Data

• Name, age, height, weight, gender, activity level, dietary preferences
• Calorie and macro goals (calculated during onboarding and editable in your profile)
• Starting weight and target weight

Health & Fitness Data

• Food logs: meal names, calorie intake, macros (protein, carbs, fat), portion sizes
• Barcode scan results and AI food analysis data
• Water intake logs
• Exercise logs and workout history
• Weight log entries over time

Health Connect Data

• Step counts synced from Android Health Connect (if you grant permission)
• Weight readings synced from Android Health Connect (if you grant permission)
• Health Connect permissions are optional and can be revoked at any time in your device settings

Camera

• Barcode scanning — camera frames are processed on-device; no images are stored or transmitted
• AI food photo scan — images are sent to OpenAI’s API for food identification. Images are not retai>

Purchase Data

• In-app purchase status (Free, Trial, Early Adopter, Premium) via Google Play Billing
• We do not receive or store your payment card details; these are handled entirely by Google Play

Local & Cloud Storage

• On-device: food logs, water logs, exercise logs and weight logs are stored locall>
• Firebase Firestore: your premium/subscription status and profile data are synced >

2. How We Use Your Data

• To create and manage your account and authenticate you securely
• To calculate personalised calorie and macro targets based on your profile
• To display your daily nutrition, hydration, exercise and weight progress
• To generate reports and trend charts from your logged data
• To sync your premium subscription status across sign-outs and reinstalls
• To identify food items via barcode scanning and AI-assisted photo analysis
• To sync activity data from Android Health Connect when you grant permission

We do not use your data for advertising, profiling for commercial purposes, or any purpose not descri>

3. Third-Party Services

We share data with the following third-party services only to the extent necessary to operate the app>

Google — Firebase Authentication & Firestore

Firebase Auth processes your email and password to authenticate you. Firebase Firestore stores your
premium status and profile data in the cloud. Google’s privacy policy applies:
Google Policy

OpenAI

When you use the AI food scan feature, a photo or text description of food is sent to OpenAI’s API for
decomposition into nutritional data. OpenAI’s privacy policy applies:
openai.com/privacy

Android Health Connect

If you grant permission, the app reads step counts and weight data from Android Health Connect.
This data is stored locally and in your Firestore profile. Google’s Health Connect privacy policy appl>

Google Play Billing

In-app purchases are processed entirely by Google Play. We receive only a confirmation of your
purchase status; no payment details are shared with us.

We do not sell, rent, or trade your personal data to any third party.

4. Data Retention

• Local data (food logs, water logs, exercise logs) is stored on your device and is>
• Firestore data (profile and premium status) is retained until you request deletio>
• If you uninstall the app without signing out, local data may remain on your device until the app d>
• Backup files exported via “Download My Data” are saved to your device’s Downloads folder and remai>

5. Your Rights (UK GDPR)

Under UK GDPR you have the following rights regarding your personal data:

• Right of access — request a copy of the data we hold about you
• Right to rectification — correct inaccurate or incomplete data
• Right to erasure — request deletion of your account and all associated data
• Right to restriction — ask us to limit how we process your data
• Right to data portability — export your data using the in-app “Download My Data” >
• Right to object — object to processing based on legitimate interests

To exercise any of these rights, or to request account and data deletion, contact us at:
[email protected]

We will respond to all valid requests within 30 days.

6. Data Security

• All communication between the app and Firebase/OpenAI uses HTTPS encryption
• Passwords are hashed and managed entirely by Firebase Authentication — we have no access to them
• Local data is stored in standard Android app storage, protected by Android’s sandbox security mode>
• We regularly review our data handling practices and update security measures accordingly

7. Children’s Privacy

Calorie Pirates is not directed at children under the age of 13. We do not knowingly collect personal
data from children under 13. If you believe a child has provided us with personal data, please contact
us at [email protected] and we will delete
the information promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated”
date at the top of this page. For significant changes, we will notify users via the app or email.
Continued use of the app after changes are posted constitutes acceptance of the updated policy.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data,>

• Email: [email protected]>
• Developer location: Bedford, Bedfordshire, United Kingdom

If you are not satisfied with our response, you have the right to lodge a complaint with the
Information Commissioner’s Office (ICO) at
ico.org.uk.

To request account deletion, see our Delete Account page