Ahmad Ahmad ("we", "us") operates VibeCal (the "App"). This policy explains what
personal data the App collects, why, how we use it, and your rights under the EU
General Data Protection Regulation (GDPR) and other applicable laws.
1. Data we collect
Account & auth
Email address (you provide this when you sign up, or it comes from Apple when you use Sign in with Apple).
Authentication tokens issued by our backend provider (Supabase).
Profile & goals
Age, biological sex, height, current weight, goal weight, selected pace, training days per week, dietary preference, meals per day, main focus, units preference.
These are required to compute a daily calorie & macro target. We store them in our Postgres database (Supabase), in your row only.
Food logs
Each meal you log: items, grams, calories, macros, optional micronutrients, source (scan or manual), timestamp.
For scans, the photo you take is uploaded to encrypted storage and sent once to a vision AI model for analysis. Photos are scoped to your user folder; only you (and our servers) can access them.
Weight logs
Each weight check-in (kg + timestamp).
Health data (optional, requires explicit consent via iOS HealthKit)
Average daily steps (last 14 days) and active energy burned, used only to refine your activity multiplier. HealthKit data never leaves the device unless you explicitly sync it; raw samples are not uploaded.
Subscription & purchase data
RevenueCat customer ID, current entitlement tier, expiry date, product identifier of the active purchase.
Marketing email (only if you opt in)
If you check the marketing opt-in box in Settings, we store the email address you provided, the opt-in flag, and the timestamp of your consent so we can prove it.
You can withdraw consent at any time from the same screen; we will stop sending marketing email and update your record.
Analytics & diagnostics
Standard, anonymous Apple App Store diagnostics. We do not run third-party analytics SDKs that track you across apps.
2. How we use your data
Compute and display your daily targets and progress.
Save and replay your food and weight logs.
Analyze the photos you submit, only for the purpose of identifying that one meal.
Enforce the free-scan limit and unlock premium features after a valid purchase.
Send the notifications you've opted into.
Send marketing email only if you explicitly opted in.
3. Legal bases (GDPR)
Performance of a contract: providing the app you signed up for.
Consent: HealthKit access, push notifications, marketing email. Each is opt-in and revocable from Settings or iOS Settings.
Legitimate interests: keeping the service running and secure, preventing abuse.
Anthropic — receives the single photo you submit during food scanning, analyzes it once, and returns a JSON breakdown. Not used to train Anthropic's models (per their API data policy for paid users).
RevenueCat — processes subscription state.
Apple — Sign in with Apple, App Store payments, HealthKit (on-device).
We do not sell your personal data to anyone.
5. International transfers
Our backend may be hosted in regions outside your country. Where data leaves the
EEA / UK, we rely on Standard Contractual Clauses or equivalent safeguards.
6. Retention
We keep your data until you delete your account. Deletion is immediate and irreversible
via Profile → Delete my account, which also removes your storage objects and auth row.
7. Your rights
Under GDPR you have the right to access, correct, delete, restrict, or object to the
processing of your personal data, and the right to data portability. You can:
Export your data: Profile → Your data → Export as JSON.
Delete your data: Profile → Danger zone → Delete my account.
VibeCal is not directed at children under 13. We will not knowingly create an account
for a child under 13 (we ask for your age during onboarding and reject ages below 13).
If you believe a child has signed up, contact
Ahmad.ahmad021117@gmail.com.
9. Security
Data in transit is encrypted with TLS. Data at rest is encrypted by our cloud provider.
Row-level security in Postgres restricts every table so users can only read or write
their own rows. Scan photos sit in storage policies scoped to your user folder.
10. Changes to this policy
We'll update this page (and the "Last updated" date above) when material changes occur,
and notify you in-app for significant changes.