KCALM

Privacy Policy

Last updated: March 10, 2026

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
  • Application refers to KCALM, the software program provided by the Company.
  • Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to 14a0 Pty Ltd, Sydney, NSW, Australia.
  • Country refers to: New South Wales, Australia
  • Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the Application.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address
  • Usage Data
  • Health and nutrition information (calories consumed, macronutrients, micronutrients, dietary goals)
  • Food consumption data
  • Activity and exercise data (workouts, duration, type)

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Information Collected while Using the Application

While using Our Application, in order to provide features of Our Application, We may collect, with Your prior permission:

  • Pictures and other information from your Device's camera and photo library (specifically food photos for analysis)
  • Push notification tokens for sending analysis results
  • Apple Health (HealthKit) data, if you choose to enable this integration (see Apple Health section below)

We use this information to provide features of Our Service, specifically to:

  • Analyze food images using AI to identify food items and estimate nutritional content
  • Track your daily caloric and nutritional intake
  • Provide mental energy and wellness insights based on your meals, activities, and optional health data
  • Send you notifications when food analysis is complete
  • Improve and customize Our Service

The information may be uploaded to the Company's servers and/or a Service Provider's server or it may be simply stored on Your device.

You can enable or disable access to this information at any time, through Your Device settings.

Apple Health (HealthKit) Data

If you choose to enable the Apple Health integration in your KCALM settings, the Application may read the following data types from Apple HealthKit:

  • Sleep analysis (sleep stages, duration, and wake time)
  • Step count
  • Workout sessions (type, duration, and energy burned)
  • Heart rate variability (HRV)
  • Resting heart rate

How we use HealthKit data: This data is used exclusively to provide personalized mental energy and wellness insights within the Application. For example, your sleep quality and exercise data are used to calculate your daily mental bandwidth score.

On-device processing only: All HealthKit data is processed entirely on your device. It is never uploaded to our servers, sent to any third-party service, or stored in any external database. HealthKit data remains on your device at all times.

No advertising or data mining: In accordance with Apple's requirements, we do not use HealthKit data for advertising, marketing, or sale to data brokers or information resellers. HealthKit data is never used to serve advertisements or for any purpose other than providing health and wellness features directly to you within the Application.

No sharing with third parties: HealthKit data is never disclosed to or shared with any third party for any reason. It is not sent to our AI service providers, analytics services, or any other external service.

Your control: You can enable or disable the Apple Health integration at any time from the Settings screen within the Application. When disabled, no HealthKit data is accessed. You can also revoke KCALM's access to Apple Health at any time through your device's Settings > Privacy & Security > Health.

Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Performance of a contract (providing the nutrition tracking service)
  • Your consent (for camera access, push notifications, Apple Health integration, and messaging integrations)
  • Legitimate interests (service security, error monitoring, and improvement)

Third-Party Service Providers

We use the following types of third-party services to operate KCALM:

  • AI Service Providers: For AI-powered food image analysis and nutritional estimation. Your food photos are processed by these services to identify foods and estimate nutritional content. These providers process your data in real-time and do not retain your images or data for training purposes.
  • Cloud Database and Authentication Provider: For secure data storage, authentication, and serverless functions.
  • Push Notification Service: For delivering push notifications and app updates.
  • Subscription Management Service: For managing in-app subscriptions and purchases.
  • Analytics Services: For anonymous product analytics (feature usage, screen views). No personally identifiable information is collected by these services.
  • Error Monitoring Services: For crash reporting and diagnostics. Error reports may contain device information and anonymized diagnostic data to help us identify and fix issues.

These providers may process your data in accordance with their own privacy policies.

Important: None of our third-party service providers receive any Apple HealthKit data. HealthKit data is processed entirely on your device and is never transmitted externally.

Messaging Integrations

KCALM offers optional integrations with messaging platforms to allow you to log meals and interact with the service via chat:

  • Telegram Bot: If you choose to connect your KCALM account to our Telegram bot, messages and food photos you send to the bot are processed by our servers to provide food analysis. Your Telegram user ID is stored to associate your messages with your KCALM account.
  • WhatsApp: If you choose to interact with KCALM via WhatsApp, messages and food photos you send are processed by our servers for food analysis. Your phone number is used to associate your messages with your KCALM account.

Messages and photos sent through these integrations are subject to the same data handling practices described in this Privacy Policy. You can disconnect these integrations at any time from your KCALM settings.

Automated Decision-Making & AI Transparency

KCALM uses artificial intelligence to analyze food photos, estimate nutritional information, and analyze physical activities. Here's how it works:

How AI Processes Your Data

  • When you photograph food, the image is sent to our AI service providers
  • AI identifies the foods in the image and estimates portion sizes
  • Nutritional values (calories, macronutrients, and micronutrients) are calculated based on this analysis
  • When you log activities, AI estimates calories burned and exercise intensity
  • Results are returned to you within seconds

Important Notes

  • AI-generated nutritional estimates are approximations, not precise measurements
  • No fully automated decisions with legal or similarly significant effects are made
  • You can always manually adjust or override AI estimates
  • AI analysis is used solely to provide the calorie tracking service you requested

Your Rights Regarding AI Processing

  • You can request information about how AI decisions were made
  • You can contest AI-generated nutritional estimates
  • You can opt to manually enter food data instead of using photo analysis

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including to monitor the usage of our Service.
  • To manage Your Account: to manage Your registration as a user of the Service.
  • To provide food analysis services: We use your food photos and descriptions to analyze nutritional content and track your dietary intake.
  • For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
  • To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including security updates.
  • To send analysis results: We use push notifications to inform you when your food analysis is complete.
  • To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
  • To manage Your requests: To attend and manage Your requests to Us.
  • For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets.
  • For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, and to evaluate and improve our Service, products, services, marketing and your experience.

We may share Your personal information in the following situations:

  • With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
  • For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
  • With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy.
  • With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
  • With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
  • With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Data Retention

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Food photos and analysis results are retained for 90 days to allow you to review your dietary history, after which they are automatically deleted.

AI providers do not retain your food photos or data after processing.

International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including the United States and Australia, where our service providers operate their servers.

We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) with EU-approved terms
  • Data Processing Agreements with all third-party providers
  • Encryption of data in transit and at rest

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

Our Service may give You the ability to delete certain information about You from within the Service.

You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.

Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other Legal Requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability

Security

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

We implement the following security measures:

  • Encrypted data transmission (HTTPS)
  • Secure authentication
  • Row Level Security (RLS) policies to ensure users can only access their own data
  • Regular security audits
  • AI service providers maintain SOC 2 compliance
  • Data is encrypted before transmission to AI providers

Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Your Rights (GDPR - European Users)

If you are located in the European Economic Area (EEA), you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

Legal Basis for Processing

  • Contract: Processing necessary to provide the KCALM service
  • Consent: For optional features like push notifications
  • Legitimate Interest: For service improvement and security

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

Contact Us

If you have any questions about this Privacy Policy, You can contact us: