Privacy Policy

Information You Give Us Directly

• Account Info: When you create an account, we collect your email address and a secure password.
• Your Food Photos & Data: To count calories, we collect the images you take or upload, along with the food and nutrition details you log.
• Purchase History: If you choose to subscribe, we receive details about your transaction to manage your premium access.
• Communications: When you contact our support team, we keep a record of your messages to help solve your issues.

Information Collected Automatically

When you use CalPulse, we automatically collect some technical data to ensure the app runs smoothly and to help us fix bugs. This includes:

• Device Data: Such as your IP address, device model, operating system, and mobile carrier.
• Usage Data: We use tools to understand how you interact with our service to improve it.

Information From Third Parties

• Social Logins: If you sign in with a service like Facebook or Google, we receive your basic profile information to create your account.
• Service Providers: We work with trusted third-party partners who help us store your data and run our app. Specifically:
  • We use Supabase as our cloud database to store your account information and food logs securely.
  • We use partners like Google Firebase for app analytics and performance monitoring.
  • Our use of data from Google APIs complies with Google's API Services User Data Policy.

Our Security Measures

We use industry-standard practices to protect your data from unauthorized access, alteration, or destruction. Our security controls include:

• Encryption: We encrypt your data both while it's being transmitted (in transit) and while it's stored on our servers (at rest).
• Secure Infrastructure: We host our data with reputable partners (like Supabase) in secure, state-of-the-art data centers.
• Access Controls: We enforce strict internal policies to ensure that only authorized personnel have access to user data, and they are bound by strict confidentiality obligations.
• Authentication: We offer and encourage the use of strong password policies and two-factor authentication (2FA) for an added layer of account security.

Incident Response & Notification

Despite our best efforts, no method of electronic transmission or storage is 100% secure. However, we have procedures in place to deal with any potential data incidents.

If a data incident occurs that affects your security, we will promptly notify you and the relevant supervisory authorities as required by law. Our notification will describe the nature of the incident, the potential impact, the steps we are taking to address it, and how you can protect yourself.

Our Commitment & Your Contact

We have a dedicated Data Protection Officer (DPO) who oversees our data security strategy and compliance. If you have any questions about the security of your data, you can contact our DPO directly at contact@tanoit.com.

Secure, Global Storage

We use trusted cloud hosting providers to store your data securely on our servers. To provide our service to you, your data may be processed in countries outside of your own. Wherever your data is, we protect it according to this policy and applicable laws.

Our Storage Partner: Supabase

We partner with Supabase to store your data. They provide a secure, state-of-the-art hosting platform. We have chosen them for their strong commitment to security and compliance. All data is protected by technical and organizational measures to prevent unauthorized access, loss, or damage.

For an extra layer of security, we encrypt your data whenever possible before it is sent to our storage providers.

Data Retention: We Don't Keep It Forever

We keep your personal data only for as long as necessary to provide CalPulse to you, fulfill the purposes described in this policy, or as required by law. Once we no longer need it, we will securely delete or anonymize your information so it can no longer be identified with you.

For iOS Users: Apple Health

• Write Data: You can choose to send data from your CalPulse diary to Apple Health. This can include your total calories, macronutrients (fat, protein, carbs), and other nutrients you log.
• Read Data: You can allow CalPulse to read specific activity data from Apple Health. This data (like calories burned and exercise details) will automatically appear in your CalPulse diary to give you a comprehensive view of your day.

For Android Users: Google Fit

Read Data: You can allow CalPulse to read activity data from Google Fit, such as your steps, active minutes, calories burned, and distance traveled. This data will automatically sync to your CalPulse diary.

How We Use This Data

Any activity data read from Apple Health or Google Fit is stored securely in your CalPulse account for your personal use only. This data is not shared with any third parties and is used solely to power your personal dashboard and insights within our app.

Categories of Personal Information We Collect

In the past 12 months, we have collected the following categories of personal information:

• Identifiers: Such as your email address when you create an account.
• Commercial Information: Records of products or services purchased (e.g., subscription transaction history).
• Internet/Network Information: Information on your interaction with our application (e.g., usage data, device information).
• Inferences: Derived information used to create a profile about your health and wellness preferences and goals.

We collect this information for the business purposes described in the "How We Use Your Data" section of this policy.

We Do Not Sell or Share Your Personal Information

We do not and will not sell your personal information to third parties. We also do not "share" your personal information for cross-context behavioral advertising as defined under the CCPA.

We may disclose the categories of information listed above to our service providers (data processors) who assist us in business operations (e.g., data hosting, payment processing, customer support), strictly under our instructions and for the purposes outlined in this policy.

Your California Privacy Rights

If you are a California resident, you have the right to:

• Know & Access: Request, up to twice in a 12-month period, the categories and specific pieces of personal information we have collected about you in the last 12 months.
• Delete: Request the deletion of the personal information we have collected about you, subject to certain legal exceptions (e.g., where we need to retain information to complete a transaction, detect security incidents, or comply with a legal obligation).
• Correct: Request correction of inaccurate personal information we maintain about you.
• Opt-Out of Selling/Sharing: Opt-out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising. As stated above, we do not engage in these activities.
• Non-Discrimination: Not receive discriminatory treatment for exercising any of your CCPA rights.

How to Exercise Your Rights

To submit a verifiable request to know, access, delete, or correct your data, please contact us at:

Email: contact@tanoit.com

Only you, or an authorized agent registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request. We will need to collect certain information from you to verify your identity before processing your request. We will respond to verifiable requests within 45 days.

Limiting the Use of Sensitive Personal Information

We do not use or disclose your sensitive personal information (as defined under the CPRA) for purposes beyond those permitted by law.

Account Inactivity

If your account remains inactive (i.e., you do not log in or use our services) for a continuous period of three (3) years, we will automatically delete your account and all associated personal data from our systems.

Each time you actively use your CalPulse account, this three-year retention period will reset.

Consequences of Deletion

Please be aware that the deletion of your account and data is a permanent action. If you wish to use CalPulse after your account has been deleted, you will need to create a new account. Your previous data cannot be recovered or restored.