KCALM

Privacy Policy

Last updated: February 5, 2026

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Application refers to KCALM, the software program provided by the Company.
  • Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to 14a0 Pty Ltd, Sydney, NSW, Australia.
  • Country refers to: New South Wales, Australia
  • Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the Application.
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address
  • Usage Data
  • Health and nutrition information (calories consumed, dietary goals)
  • Food consumption data

Information Collected while Using the Application

While using Our Application, in order to provide features of Our Application, We may collect, with Your prior permission:

  • Pictures and other information from your Device's camera and photo library (specifically food photos for analysis)
  • Push notification tokens for sending analysis results

You can enable or disable access to this information at any time, through Your Device settings.

Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Performance of a contract (providing the calorie tracking service)
  • Your consent (for camera access and push notifications)
  • Legitimate interests (service security and improvement)

Third-Party Service Providers

We use the following third-party services to operate KCALM:

  • AI Service Providers (including Google Gemini, Anthropic Claude, and OpenAI): For AI-powered food image analysis and nutritional estimation. Your food photos are processed by these services to identify foods and estimate nutritional content. These providers process your data in real-time and do not retain your images or data for training purposes.
  • Supabase: For secure data storage and authentication
  • Expo: For push notification services
  • RevenueCat: For subscription management

Automated Decision-Making & AI Transparency

KCALM uses artificial intelligence to analyze food photos and estimate nutritional information. Here's how it works:

How AI Processes Your Data

  • When you photograph food, the image is sent to our AI service providers
  • AI identifies the foods in the image and estimates portion sizes
  • Nutritional values (calories, macros) are calculated based on this analysis
  • Results are returned to you within seconds

Important Notes

  • AI-generated nutritional estimates are approximations, not precise measurements
  • No fully automated decisions with legal or similarly significant effects are made
  • You can always manually adjust or override AI estimates
  • AI analysis is used solely to provide the calorie tracking service you requested

Your Rights Regarding AI Processing

  • You can request information about how AI decisions were made
  • You can contest AI-generated nutritional estimates
  • You can opt to manually enter food data instead of using photo analysis

Data Retention

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.

Food photos and analysis results are retained for 90 days to allow you to review your dietary history, after which they are automatically deleted.

AI providers do not retain your food photos or data after processing.

International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including:

  • United States: Where our AI service providers (OpenAI, Anthropic, Google) operate their servers
  • Australia: Where Supabase hosts our primary database

We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) with EU-approved terms
  • Data Processing Agreements with all third-party providers
  • Encryption of data in transit and at rest

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

You may update, amend, or delete Your information at any time by signing in to Your Account and visiting the account settings section. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.

Security

We implement the following security measures:

  • Encrypted data transmission (HTTPS)
  • Secure authentication through Supabase
  • Row Level Security (RLS) policies to ensure users can only access their own data
  • Regular security audits
  • AI service providers maintain SOC 2 compliance
  • Data is encrypted before transmission to AI providers

Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13.

Your Rights (GDPR - European Users)

If you are located in the European Economic Area (EEA), you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

Legal Basis for Processing

  • Contract: Processing necessary to provide the KCALM service
  • Consent: For optional features like push notifications
  • Legitimate Interest: For service improvement and security

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

Contact Us

If you have any questions about this Privacy Policy, You can contact us: