We collect the following personal data:
• Identity data: name and email address.
• Health data (special category, Art. 9 GDPR): food images you analyze, nutritional analysis history, dietary information.
• Technical data: IP address, device type, operating system, language preferences.
• Subscription data: payment information managed by Apple or Google (we do not store card details).
3. Purpose and Legal Basis
We process your data to:
• Provide the AI nutritional analysis service (legal basis: contract performance, Art. 6.1.b GDPR).
• Process health data with your explicit and informed consent (Art. 9.2.a GDPR).
• Send service communications (legal basis: legitimate interest, Art. 6.1.f GDPR).
• Comply with legal obligations (Art. 6.1.c GDPR).
We never use your health data for advertising or to train our own AI models.
4. Third-Party Providers and International Transfers
We share data with the following processors:
• Supabase Inc. (data storage, EU servers) — DPA signed.
• Vercel Inc. (hosting, USA) — EU Standard Contractual Clauses.
• Google LLC (image analysis via Gemini AI, USA) — EU Standard Contractual Clauses. Google does not use your data to train its models.
• Apple Inc. / Google LLC (in-app subscription management).
All transfers outside the EU have adequate safeguards under Art. 46 GDPR.
5. Data Retention
We retain your data while your account is active. After account deletion, data is erased within 30 days, unless legally required to retain it. Billing data is kept for 5 years for tax obligations.
6. Your Rights
You may exercise the following rights by writing to legal@calegg.com:
• Access your personal data.
• Rectification of inaccurate data.
• Erasure ("right to be forgotten").
• Restriction of processing.
• Data portability in machine-readable format.
• Objection to processing.
• Withdrawal of consent at any time.
You have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD): www.aepd.es
7. Account Deletion
You can permanently delete your account from the app: Settings → Account → Delete Account. All your personal data will be erased within 30 days.
8. Minors
Calegg is exclusively for users aged 18 and over. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us at legal@calegg.com for immediate removal.
9. Security
We apply technical and organisational measures to protect your data: TLS 1.3 encryption in transit, encryption at rest, role-based access control (Supabase RLS), and periodic security audits.
10. Cookies
Calegg only uses strictly necessary session cookies. We do not use tracking or advertising cookies.
11. Changes
We may update this policy. We will notify you by email at least 30 days before any material changes. The current version is always available at https://calegg.com/privacy-policy.