Privacy Policy

This Privacy Policy explains how CalBye ("we", "us", or "our") collects, uses, stores, shares, and protects your personal information when you use our mobile application and related services (the "App"). We are committed to safeguarding your privacy and complying with applicable data protection laws.

Personal Data We Collect

Depending on the relevant circumstances and applicable local laws and requirements, we may collect some or all of the following information to enable us to provide our Services to you. To the extent applicable, such information may include:

1. Account Information: When you create an account, we collect your email address, username, phone number and login credentials.
2. Dietary Logging Data: This includes food names, portion sizes, and meal times recorded via photo upload, barcode scanning, text input, or database search. It also includes food records submitted through image uploads or manual entries, survey responses, and mood or behavior tracking data.
3. AI Analysis Data: When you upload food photos, the system processes the image to identify ingredients and estimate nutritional content. These images are not used to train third-party AI models.
4. Device and Usage Information: Including device model, OS version, IP address, browser type, usage frequency, and feature navigation paths, used to improve product experience.
5. Health-Related Metadata (non-personal health data): Such as age, gender, height, weight logs, water intake, and target calorie goals — all voluntarily provided by users and not including medical diagnoses or health histories.
6. Other Data you voluntarily provide to us.

How We Use Your Data

We only use your personal data when it is lawful, necessary, and consistent with this policy. Our primary purposes include:

1. Provide core features: Enable food logging, nutritional analysis, calorie tracking, water intake reminders, and achievement systems.
2. Improve AI capabilities: Use anonymized images and text data to enhance food recognition accuracy. All training data is de-identified.
3. Personalized recommendations: AI generates scores, dietary suggestions, and alternatives based on your eating patterns to support healthier choices.
4. Product optimization and analytics: Use measurement tools (e.g., cookies) to analyze user behavior, understand feature usage, and continuously improve performance.
5. Customer support: Respond to your inquiries and feedback, and resolve issues during use.
6. Legal bases include: performance of a contract with you, your consent, and our legitimate interests in improving the service.

How We Share Your Data

We do not sell your personal information. We only share your data under the following circumstances:

3.1 Service Providers

We may share any personal data with third-party service providers who assist us in delivering the Services or performing business functions on our behalf. These include:

• Hosting and technology vendors. For instance, we use Amazon Web Services to power the infrastructure for our Services.
• Support and customer service vendors. We may use Zendesk or other third-party providers to provide you with customer support services.
• Payment Processing: For premium subscriptions, we use Apple Pay or Google Pay. Please check their terms of service and privacy policy for information on their use and storage of your personal data, as applicable.

3.2 Affiliates and Business Partners

We may share data within our corporate group for operational efficiency and service consistency.

3.3 Legal Requirements

We may disclose personal information if required by law, court order, or a valid governmental request.

All third parties receiving your data are bound by data protection agreements that require appropriate security measures and restrict data use to specified purposes only.

Data Retention and Security

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy. After account deletion, we will anonymize or delete your personal data within 30 days, unless otherwise required by law.

We implement industry-standard security measures to protect your data, including: End-to-end encryption, Access controls, Regular audits and monitoring and Incident response procedures.

We have implemented appropriate technical and organizational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized processing, in accordance with applicable laws.

Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and personal data by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account. If you have any concerns that your account or personal data has been put at risk, for example if someone could have found out your password, please contact us.

While we use reasonable commercial efforts to protect the data, no technology, data transmission, or system can be guaranteed to be 100% secure. In the event of a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your data, we will notify you according to the applicable laws.

International Transfers of Personal Data

We use global cloud services to process and back up your personal data. Currently, our data centers are located in Singapore, the United States, and the European Union. Based on your location, we store your personal data in the nearest data center.

We also rely on service providers around the globe to support our operations. Consequently, your personal data may be accessed by our affiliates or transferred to third-party service providers and business partners in various locations, to fulfill the purposes set forth in this Policy.

When personal data is transferred internationally, and where required by law, we ensure an adequate level of protection through mechanisms such as Standard Contractual Clauses (SCCs), data transfer agreements compliant with applicable laws, or other lawful transfer mechanisms.

Your Rights

Under applicable data protection laws (e.g., GDPR), you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data under certain conditions (e.g., no longer necessary for original purpose).
• Right to Restriction of Processing: You may request restriction when:
  • You contest the accuracy of the data and we are verifying it;
  • Processing is unlawful, but you oppose erasure;
  • We no longer need the data, but you need it for legal claims;
  • You have objected, and we are assessing your objection.
• Right to Object: You may object to processing based on our legitimate interests, especially if it affects your particular situation.
• Right to Lodge a Complaint: If you believe our data processing violates applicable law, you may file a complaint with your local data protection authority.

You can exercise these rights via in-app settings or by emailing calbye.support@wondershare.com.

Children's Privacy

CalBye is not directed at children under 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from this age group. If discovered, we will delete it immediately.

If we become aware that personal data has been collected from a user under 16, we will promptly deactivate the account and take reasonable steps to delete the data from our records.

If you become aware of any personal data we may have collected from children under 16, please contact us.

Prohibited Data

To protect privacy, we do not process the following, unless otherwise specified:

• Personal health data (e.g., medical records, diagnoses);
• Government-issued ID numbers (e.g., national ID, Social Security Number);
• Personal financial account information;
• Personal data of children under 16;
• Biometric data (e.g., facial images for authentication).

Note: Food photos are used solely for nutritional identification, not identity verification, and do not extract biometric features.

Policy Updates

We may update this Privacy Policy from time to time. We will notify you of any material changes through in-app alerts or email. Your continued use of the Services after such notice constitutes acceptance of the updated terms.

Contact Us

For questions or concerns about this Privacy Policy, please contact us at:
Email: calbye.support@wondershare.com