Privacy

Last updated: 2026-05-16

Stance

Local-first. Cloud only when you ask. Encrypted in transit and at rest.

We are not a zero-knowledge / end-to-end encrypted service. We chose this deliberately so we can offer painless multi-device sync, help you when something breaks, and improve the product with aggregate metrics. What we promise instead is below.

What stays on your device

• Your meal log, body weight, and goal history.
• Your location timeline (the list of places you stopped at today).
• Original food photos, EXIF intact.
• Hand-calibration measurements.

What leaves your device

• Food photos you submit to AI — EXIF and GPS stripped, downscaled, sent to our AI Gateway. The image is processed and the response returned; the photo is not retained.
• Text/voice descriptions when you log a meal via the AI parse endpoint — sent as plain text to our AI Gateway.
• Rounded coordinates (to ~11 m) when we need to identify a restaurant chain near you. Never the raw timeline.
• Account-scoped meal + activity history when you turn on cloud sync. Stored on Cloudflare D1 / R2, encrypted at rest by the platform.

What we don't do

• We do not sell or share data with advertisers, brokers, or other third parties.
• We do not run ads in the app.
• We do not upload your background location timeline.
• We do not retain food photos after AI parsing.
• We do not use individual users' meal contents for marketing or to train models.

Subprocessors

We use the following vendors. Each is contractually bound to process data only on our instructions.

• Cloudflare — compute (Workers), database (D1), storage (R2), and AI Gateway routing.
• Google — Gemini Flash for parsing food photos and text, accessed via Cloudflare AI Gateway.
• OpenStreetMap (Overpass) — nearby-restaurant lookup when you opt in. We send rounded coordinates only.
• GlitchReplay — error reporting + session replays only when something crashes.

Your controls

• Export all your data as JSON + photos zip.
• Delete everything with one tap, including any cloud backups.
• Pause location tracking per day, or set private zones.
• Toggle individual permissions in your OS settings.

Contact

Security or privacy reports: security@calburndown.com