Back to CalybePrivacy Policy

Your data, your rules.

Effective date: 15 April 2026

Calybe ("we", "our", "the app") is built with privacy as a default. Most of your data lives on your device. When we do send data off-device, we tell you why in plain language below.

1. What we collect

1.1 Account data

Name, email, profile photo (if you sign in with Google), and the account ID issued by Firebase Authentication.

1.2 Health & fitness data

  • Meal logs, food photos, nutritional breakdowns (calories, protein, carbs, fat, fiber)
  • Workout logs — exercises, sets, reps, weights, calories burned
  • Body metrics you enter: weight, height, age, gender, BMI, body fat %, goal weight
  • Steps, heart rate, active calories, and workout data — only if you grant Google Health Connect permission

1.3 Photos

When you use the AI meal scanner, the photo you take is processed to identify the dish and estimate macros. See Section 3 for how this works.

1.4 Device & diagnostic data

Device model, OS version, unique device ID, app version, crash logs, performance traces, and anonymous usage analytics (screens viewed, features tapped).

2. How we use your data

  • Personalize insights — daily calorie balance, progress charts, goal tracking
  • AI meal analysis — identify your food and return macros
  • Sync across devices through your private Firebase account
  • Local reminders — delivered by your device, not our servers
  • Crash diagnostics & performance monitoring — so the app doesn't break on you
  • Improve the product — via anonymized, aggregated usage patterns

3. AI processing of meal photos

When you take a meal photo, Calybe sends the image to one of the following AI providers for food recognition:

  • Google (Gemini API) — primary
  • Groq and OpenAI — fallback providers if the primary is unavailable

These providers process your image according to their own privacy policies:

What you should know:

  • The image is transmitted over encrypted HTTPS.
  • Per their API terms, these providers do not use API-submitted images to train their public models.
  • Images may be retained briefly by these providers for abuse monitoring (typically 30 days).
  • We do not store your meal photos on our servers beyond what's needed to return the result — only the extracted nutrition values are saved.

If you're not comfortable with this, you can still use Calybe's manual meal entry, which never sends data to AI providers.

4. Google Health Connect

If you enable Health Connect, Calybe reads the following from your device:

  • Daily steps
  • Heart rate (session averages during workouts)
  • Active energy burned
  • Exercise sessions logged by other apps (e.g., Google Fit, Samsung Health)

This data is used to compute your daily "calories out" number. You can revoke this permission anytime in your Android Settings → Health Connect.

We do not write to Health Connect. Calybe only reads.

5. Permissions we request

PermissionWhy we need itRequired?
CameraTake photos of your mealsOptional
Photos / MediaPick an existing meal photo from your galleryOptional
Health Connect (read)Import steps, heart rate, and activity for the burn sideOptional
InternetSync your account, AI meal analysis, OTA updatesRequired
NotificationsLocal reminders (meal log, workout)Optional
Google Sign-InAccount authenticationOptional

Every optional permission can be declined without breaking the app.

6. Data storage & security

  • Local-first: your meal, workout, and body-metric history is stored on your device in an encrypted WatermelonDB database.
  • Cloud sync: data is backed up to your private Firebase (Firestore) account only. No one else can read it.
  • Transport: all data travels over TLS 1.2+.
  • At rest: encrypted by Firebase's default encryption.

7. Who we share data with

We do not sell your data. Data is shared only with:

  • Google Firebase — Authentication, Firestore (cloud sync), Analytics, Crashlytics, Performance Monitoring
  • AI providers — Google Gemini / Groq / OpenAI (meal photo analysis only, when you use that feature)
  • Legal requirements — if compelled by a valid law enforcement request

8. International data transfers

Firebase and our AI providers are US-based. By using Calybe, you consent to your data being processed in the United States and other countries where these providers operate.

9. Data retention

  • Account data: kept while your account is active. Deleted within 30 days of account deletion.
  • Meal photos: not retained on our servers (only the extracted values are saved).
  • Analytics: retained up to 14 months (Firebase Analytics default).
  • Crash logs: retained up to 90 days.

10. Your rights

You can:

  • Access your data — export from in-app Settings → Export My Data
  • Correct anything — edit in-app
  • Delete your account — in-app Settings → Delete Account, or email us
  • Revoke permissions — in your device OS settings
  • Opt out of analytics — Settings → Privacy → Disable Analytics
  • Contact us for any of the above

Users in the EU/UK (GDPR), California (CCPA), and India (DPDP Act 2023) have additional rights under their respective laws. Email us and we'll honor them.

11. Children's privacy

Calybe is not intended for users under 16. If we learn a child has created an account, we delete it.

12. Over-the-Air (OTA) updates

We push app improvements via OTA so you get fixes without a Play Store update. No personal data is sent with these update checks.

13. Changes to this policy

We'll notify you in-app when this policy changes materially. Your continued use after notification means you accept the new version.

14. Contact

contact@calybe.in