Privacy Policy

Last updated: May 24, 2026

The essentials:

  • We don't sell your data. Period. Not to advertisers, not to data brokers, not to anyone.
  • We don't train AI models on your data. Your meal logs, health info, and photos are yours alone.
  • You can delete or export everything. From inside the app, anytime, no questions asked.

Contents

1. Introduction

WatchMyCal ("we," "our," or "us") is an AI-powered calorie and macro tracking mobile application available on iOS and Android. This Privacy Policy explains how we collect, use, share, and protect your information when you use our Service.

By using WatchMyCal, you agree to the practices described in this policy. If you disagree with any part, please do not use the Service.

This policy complies with the Digital Personal Data Protection Act, 2023 (India), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), Washington's My Health My Data Act, and similar privacy laws worldwide.

2. Information We Collect

Account & Profile Information

When you sign up, we collect:

  • Email address (with one-time verification code sent for sign-in; we do not store passwords)
  • Full name and optional avatar (from Google Sign-In, if you choose that sign-in method)
  • Date of birth, biological sex, weight, height
  • Activity level, dietary preferences, cuisine preferences
  • Weight goal and goal type (lose, maintain, or gain)
  • Calculated BMR (Basal Metabolic Rate) and TDEE (Total Daily Energy Expenditure)

Meal & Nutrition Data

  • Meal photos (processed in real-time, not permanently stored on our servers)
  • Food item names, calories, macronutrients (protein, carbs, fats)
  • Meal type and timestamp
  • Source of meal entry (AI detection, manual entry, saved recipes)

Health & Activity Data

  • Weight logs over time
  • Workout logs (activity type, duration, estimated calories burned)
  • HealthKit data (iOS): steps, workouts, body mass, height (read and write)

AI & Communication Data

  • AI Coach messages (questions and responses)
  • AI-inferred memory (dietary preferences, dislikes, health notes, fitness goals)
  • Saved recipes and meal preferences

Usage & Device Data

  • Screens visited, features used, time spent (if analytics enabled)
  • Device type, OS version, app version, language, timezone
  • Crash reports and error diagnostics (if crash reporting enabled)
  • Subscription status, plan type, purchase and renewal dates

2.5 AI Coach Memory

To personalize the AI Nutrition Coach, we extract and save key preferences you mention in conversations — for example "I'm vegetarian," "I'm training for a 10k," or "I don't eat dairy." These preferences are saved to your profile and are visible under "What I know about you" in the chat screen of the app, where you can review and delete any of them at any time.

The AI Coach conversations themselves are not stored on our servers. Messages exist only on your device during your session and are cleared when you close the app. Only the extracted preferences (and, if you enable it, thumbs-up/thumbs-down reactions on AI responses) persist.

3. How We Use Your Information

  • Provide the Service: Create and manage your account, process meal photos, generate nutrition estimates, calculate personalized goals, track progress, and sync with health devices.
  • AI Coach: Process your messages and generate personalized nutrition and wellness guidance.
  • Subscriptions: Verify Pro status, manage free trials, and handle renewals and cancellations.
  • Communication: Send meal reminders (if enabled), respond to support requests, and notify you of policy or service changes.
  • Improve the Service: Analyze usage patterns, diagnose errors, improve AI accuracy, and develop new features.
  • Security & Fraud Prevention: Detect and prevent fraud, abuse, unauthorized access, and Terms of Service violations.
  • Legal Compliance: Respond to lawful requests, enforce our Terms, and protect legal rights.

We do not use your data for advertising or to build advertising profiles about you.

4. Sensitive & Health Data Notice

Much of the information we collect qualifies as sensitive personal information under CCPA/CPRA and consumer health dataunder Washington's My Health My Data Act. This includes:

  • Health data (weight, meal logs, workout logs, HealthKit data)
  • Biometric-adjacent information (height, body mass, activity level)
  • Sensitive dietary information (preferences, restrictions)
  • AI-inferred health goals and wellness notes

Our collection and processing of this data is based entirely on your explicit consent. You can withdraw consent at any time by modifying app permissions or contacting support. We will never use this data for purposes beyond providing the Service, and we will never sell or share it.

5. AI & Machine Learning

Meal Photo Analysis: When you use AI Meal Snap, your photo is sent to Google Gemini for real-time analysis. Google processes your image to generate a nutrition estimate and returns the results to you. Your meal photo is not permanently stored on our servers.

Google's Data Handling: According to Google's API terms, Google retains Gemini API inputs (including your meal photos) for up to 55 days to detect abuse and improve service reliability. After this period, Google deletes your photo. Google does not use API data to train Gemini or other Google models.

Our AI Model: WatchMyCal does not train its own machine learning models on your data. We do not build personalized prediction models, behavioral profiles, or advertising models using your meal logs, health data, or AI Coach conversations.

6. Third-Party Services (Subprocessors)

We share your information only with service providers that help us operate the Service. These providers are contractually required to protect your data and use it only as specified:

Supabase

Database storage, authentication, account management — US-East

RevenueCat

Subscription and purchase management — US

Sentry

Crash reporting and diagnostics — US

PostHog

Product analytics (anonymized events) — US or EU

Google Gemini API

Google Gemini API (operated by Google LLC) — to analyze meal photos and generate AI Coach responses. Requests are sent to Google for inference only. Per Google's API terms, Google does not use API inputs to train its models. Google may retain API inputs for up to 55 days for abuse monitoring before deletion.

Google Sign-In

OAuth authentication for signup — US

Apple App Store & Google Play

Payment processing and subscription management — US

We do not sell your personal data. We do not share your data with advertisers, data brokers, or any third party not listed above.

7. Device Permissions

WatchMyCal requests the following permissions. All are optional — you can grant, revoke, or modify them anytime in your device settings:

  • Camera: To capture meal photos for AI analysis.
  • Photo Library: To select existing photos for meal scanning.
  • HealthKit (iOS): To read and write steps, workouts, body mass, and height. This data is used only within the app and is never used for advertising or shared with third parties.
  • Notifications: To send meal reminders, progress updates, and other in-app notifications.

8. Data Security

We use technical and organizational measures to protect your data:

  • All data in transit uses TLS/HTTPS encryption.
  • Data at rest in our database is encrypted.
  • User data in Supabase is isolated with per-user Row-Level Security (RLS) policies.
  • Authentication uses OAuth, hashed passwords, and secure session tokens.
  • Production systems are access-controlled and logged.
  • Our service providers maintain SOC 2, ISO 27001, and equivalent certifications.

No system is 100% secure. If we discover a breach affecting your data, we will notify you and relevant authorities as required by law.

9. Data Retention

Account & Profile Data

Retained while account is active. Deleted upon request within 30 days.

Meal, Weight & Workout Logs

Retained for your historical progress. Deleted upon account deletion.

Meal Photos

Processed in-memory and not permanently stored on our servers.

AI Coach Conversations

Not stored on our servers. Conversations exist only on your device during your session and are cleared when you close the app.

AI Coach Memory (Extracted Preferences)

Stored in your profile until you delete them individually in the app or delete your account.

Diagnostic & Analytics Data

Retained 90 days to 24 months depending on data type.

Purchase & Subscription Records

Retained as required by law (typically 7 years for tax/legal purposes).

10. Your Rights

You have the following rights regarding your personal data. These apply globally and are guaranteed under GDPR, CCPA, DPDP Act, and other regional laws:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Ask us to correct inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data ("right to be forgotten").
  • Portability: Receive your data in a machine-readable format (CSV or JSON).
  • Withdraw Consent: Withdraw any consent you've given at any time.
  • Restrict Processing: Ask us to limit how we process your data in certain situations.
  • Object to Processing: Object to processing based on legitimate interests.
  • File a Complaint: Lodge a complaint with your local data protection authority.

To Exercise Your Rights

The fastest way to exercise these rights is from within the app: Settings → Export My Data or Settings → Delete Account.

Alternatively, email privacy@watchmycal.com from the email address associated with your account. For deletion requests, include "DELETE MY ACCOUNT" in the subject line. We will respond within 30 days.

11. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: What categories of personal and sensitive personal information we collect, how we use them, and with whom we share them.
  • Right to Delete: Request deletion of your personal information (with limited exceptions for legal compliance).
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information as defined by CCPA/CPRA. This right does not apply, but you can still request one for clarity.
  • Right to Limit Use of Sensitive Personal Information: Restrict our use of sensitive health and dietary data. We use this data only to provide the Service, so limiting it may affect functionality.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a CCPA/CPRA request, contact privacy@watchmycal.com with your request. We will verify your identity and respond within 45 days.

12. Washington Residents

If you are a Washington resident, you have rights under Washington's My Health My Data Act regarding consumer health data (which includes meal logs, health goals, dietary information, and HealthKit data):

  • Right to Access & Correction: View and correct your health data.
  • Right to Delete: Request deletion of your health data.
  • Right to Opt-Out of Sharing: Opt out of sale or sharing of health data with third parties. We do not sell health data.
  • Right to Data Portability: Download your health data in a portable format.

We maintain a separate Consumer Health Data Privacy Policy with additional WA-specific details. For more information, contact us at privacy@watchmycal.com.

13. Children's Privacy

WatchMyCal is not intended for children under 13. We do not knowingly collect personal data from children under 13. If we discover that a child under 13 has created an account, we will delete it and all associated data promptly.

Users aged 13–17 (or the applicable age of digital consent in your region) can use the app with parental consent. Parents can request access to, correction of, or deletion of their child's data by contacting us.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by:

  • Posting the updated policy on our website with a new "Last updated" date.
  • Sending you an email notification at the email address associated with your account.
  • Displaying a prominent notice in the app before the changes take effect.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions about this Privacy Policy, want to exercise your rights, or need to report a data breach, please contact us:

WatchMyCal Privacy Team

support@watchmycal.com

We aim to respond to all privacy inquiries within 30 days. For EU/UK residents, you also have the right to lodge a complaint with your local data protection authority.

16. Grievance Officer (India)

In accordance with India's Digital Personal Data Protection Act, 2023, and the Information Technology Rules, 2011, you can contact our designated grievance officer for privacy-related concerns:

Harish Iyer

Grievance Officer, WatchMyCal

Email: legal@watchmycal.com

We will acknowledge your complaint within 48 hours and resolve it within 30 days.

17. Governing Law

This Privacy Policy is governed by the laws of India, without regard to conflicts of law principles. However, we acknowledge and respect the privacy rights guaranteed under laws in your jurisdiction, including GDPR (EU/UK), CCPA/CPRA (California), My Health My Data Act (Washington), and the Digital Personal Data Protection Act, 2023 (India). In case of any conflict, the most protective law will apply.

If you are a resident of the European Union or the United Kingdom and have an unresolved privacy complaint, you have the right to lodge a complaint with your local data protection authority.