FoodCal app iconFoodCal
← Back to FoodCal

Privacy Policy

Last updated: May 12, 2026

The short version: FoodCal stores your meal history, profile, weight, and photos only on your phone. There is no account, no login, and no server-side database of users. The only data that leaves your device are meal descriptions, voice transcripts, and food photos you actively submit to our AI service for analysis — and we don't store any of it.

1. Who we are

FoodCal (the "App") is developed and published by Akizi LLC ("Akizi", "we", "us", "our"), a limited liability company organized in the United States. This Privacy Policy explains what data the App processes, where it lives, what leaves your device, and the rights you have under applicable privacy laws.

For the purposes of the EU/UK GDPR, Akizi LLC is the data controller of the limited data processed through our AI service. For the purposes of the California Consumer Privacy Act (CCPA/CPRA), Akizi LLC is the "business" that determines the purposes and means of processing.

2. Our privacy-first architecture

FoodCal is designed so that almost no personal data ever needs to leave your device. We do not operate a backend database of users. We have no login, no password, no email collection, and no profile sync. This section is the line-by-line breakdown.

3. Data we store on your device

The following data is created and stored locally on your phone, in an encrypted SQLite database and the App's private file-system sandbox. None of it is uploaded to our servers.

  • Profile details you enter during onboarding (height, weight, age, sex, activity level, dietary style, goal)
  • Meal entries you log (name, calories, macros, optional notes, photos)
  • Weight history (only the values you enter or sync from Apple Health / Health Connect)
  • App settings and preferences
  • An anonymous device identifier (a random UUID generated on first launch — not tied to your Apple ID, Google account, advertising ID, or any other identifier)

4. Data sent to our AI service (and dropped right after)

To identify meals from photos, transcribe voice notes, and answer questions about your nutrition, the App sends the following to a Cloudflare Worker we operate, which forwards the request to Google's Gemini API:

  • The meal photo, voice transcript, or typed description you submit
  • Your anonymous device identifier (used only to enforce per-device rate limits — 10 photo calls and 40 text calls per day)
  • Minimal nutrition context (your daily calorie target, dietary style, goal) so the AI can give relevant feedback

Requests are HMAC-signed and travel over HTTPS. We do not log or persist request bodies, response bodies, or any meal content; the Worker discards request payloads after the response is returned. Our Cloudflare Worker keeps minimal operational telemetry (timestamp, HTTP status, latency, the anonymous device identifier) for up to 7 days for abuse prevention and reliability; this telemetry contains no meal content, no images, and no profile fields.

Google's Gemini API processes the request in transit; see Google's Gemini API Terms for their handling of data sent through their service.

5. Permissions and why we ask for them

  • Camera (android.permission.CAMERA, iOS NSCameraUsageDescription) — Only used when you tap the "Snap" button to photograph a meal or nutrition label.
  • Microphone (android.permission.RECORD_AUDIO, iOS NSMicrophoneUsageDescription) and Speech Recognition (iOS) — Only used while you actively hold the voice-input button. Transcription happens on-device on iOS and recent Android flagships; on other Android devices it uses Google's built-in speech recognizer.
  • Photo Library (iOS NSPhotoLibraryUsageDescription, Android READ/WRITE_EXTERNAL_STORAGE) — Only used when you choose "Pick from library" inside the camera screen.
  • Notifications (Android 13+ POST_NOTIFICATIONS) — Used for meal reminders, weekly digests, and the optional evening wrap-up nudge. All notifications are scheduled locally on your device.
  • Health data (NSHealthShareUsageDescription, Health Connect READ_*) — When you enable health sync, we read steps, active calories, exercise minutes, heart rate, flights climbed, distance, sleep, weight, and body fat from Apple Health or Health Connect. Read-only. The data stays on your device.

6. Analytics

We use PostHog for anonymous product analytics so we can fix bugs and understand which features are useful. Analytics events are tied to your anonymous device identifier — not to your name, email, or any personal information — and we deliberately exclude the following from every event:

  • Meal names and descriptions
  • Diet notes and other free-text fields
  • Voice transcripts
  • AI responses (coaching, suggestions)
  • Photos and OCR text
  • Exact body stats — we send bucketed enums (e.g. activity level), never raw weight or height

7. Subscriptions

Premium features are sold as auto-renewing subscriptions through Apple's App Store or Google Play. We use RevenueCat as a thin cross-platform layer for receipt validation and entitlement state; RevenueCat is identified by the same anonymous device identifier and does not receive your name, email, or any personal data. We never see your payment information — it is handled entirely by Apple or Google.

8. Legal bases for processing (GDPR / UK GDPR)

Where the EU/UK GDPR applies, we rely on the following legal bases:

  • Performance of a contract — running the AI features you requested (Article 6(1)(b))
  • Legitimate interests — rate-limiting, abuse prevention, and basic anonymous product analytics (Article 6(1)(f))
  • Consent — for permissions you explicitly grant in the OS prompt (camera, microphone, health, notifications) (Article 6(1)(a))

9. Your privacy rights

Because the vast majority of your data never leaves your phone, most rights are exercised directly inside the App:

  • Access & portability: all your meal and profile data lives in a local SQLite database. We can provide guidance on exporting it on request.
  • Deletion / erasure: tap Settings → Reset App at any time to wipe every local row, every photo, and every scheduled notification.
  • Rectification: every meal entry and profile field is editable in-app.
  • Objection / restriction: disable health sync and analytics in Settings; deny camera, microphone, or notification permissions in your OS.
  • Withdrawal of consent: revoke any OS-level permission at any time. Existing health data already read into the App stays on your device until you Reset App.

If you are in the EU, UK, or another jurisdiction with a supervisory authority, you have the right to lodge a complaint with that authority. For any rights request, email support@akizitech.com. We will respond within 30 days.

10. California residents (CCPA / CPRA)

We do not "sell" or "share" personal information for cross-context behavioral advertising as those terms are defined under the CCPA. We have not sold or shared personal information in the preceding 12 months, and we do not knowingly sell or share the personal information of consumers under 16. California residents have the rights to know, delete, correct, and limit the use of sensitive personal information; because we do not collect a user database, most categories of personal information are simply not held by us. To exercise any CCPA right, email support@akizitech.com.

11. International transfers

Our AI requests are routed through Cloudflare's global network and Google's Gemini API. Where data is transferred from the EU/UK to the United States or other third countries, we rely on appropriate safeguards — including Standard Contractual Clauses where applicable — provided by Cloudflare and Google in their respective data processing terms.

12. Security

On-device storage is protected by your operating system's standard app sandbox and disk encryption. AI requests are HMAC-signed and transmitted over TLS 1.2+. We rotate signing keys periodically. We do not store request bodies; what little operational telemetry we keep is kept on Cloudflare's managed infrastructure with access restricted to authorized engineers at Akizi LLC.

13. Data retention

  • On-device data: retained until you delete it, Reset the App, or uninstall.
  • AI request bodies (photos, transcripts, text): not stored.
  • Operational telemetry: up to 7 days, then deleted.
  • Anonymous analytics events (PostHog): retained per PostHog's standard retention; tied to a random device UUID, not to you personally.

14. Third-party services we use

  • Google Gemini API — meal photo, voice, and text analysis. Sent in transit; not stored by us. See Google's terms linked in §4.
  • Cloudflare Workers — request routing, HMAC verification, rate limiting.
  • RevenueCat — subscription entitlement state. Receives only the anonymous device identifier.
  • PostHog — anonymous product analytics (opt-out in Settings).
  • Apple App Store / Google Play — billing and distribution. We never receive your payment information.

15. Children

FoodCal is not directed at children under 13 (or under 16 in the EU/UK and other jurisdictions with a higher digital-consent age). We do not knowingly collect data from children. If you believe a child has used the App, please email support@akizitech.com and we will assist.

16. Changes to this policy

If we change this policy materially, we'll update the "Last updated" date above and (where appropriate) surface a notice in the App on next launch. Continued use of the App after material changes constitutes acceptance of the updated policy.

17. Contact

Privacy questions and rights requests: support@akizitech.com. General inquiries: info@akizitech.com. Mailing address available on request.