Privacy Policy
This Privacy Policy explains how Caleo (the "App") collects, uses, holds, discloses and protects your personal information. The App is operated by the developer of the App, an Australian business with ABN 74 753 906 469 ("we", "us", "our", "the developer"). We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs") set out in that Act.
By creating an account or using the App you agree to this Policy. If you do not agree, please do not use the App.
1. The kinds of personal information we collect and hold
1.1 Account information
- Your email address (via Sign in with Apple, which may be relayed by Apple as a private relay address)
- Your name (if you choose to provide it)
- A unique account identifier issued by our authentication provider
1.2 Health and wellness information (sensitive information under the Privacy Act)
- Self-reported weight, height, age, gender and goals
- Food log entries you create — including text descriptions, photos of meals you take or upload, and voice recordings you make through the in-app voice logger
- Physical activity entries you log
- Sleep, mood, journal entries, breathwork sessions, meditation sessions, water intake, hydration, and habit completions
- Menstrual cycle entries (for users who choose to use the cycle tracker)
- Body measurements and progress photos (where you choose to upload them)
- Information synced from Apple HealthKit, only if you grant the App permission and only for the categories you authorise
Health information is "sensitive information" under the Privacy Act and we only collect it with your consent (which you give by entering it into the App).
1.3 Subscription and purchase information
- An Apple-issued original transaction identifier and purchase history for any in-app subscription you make. We do not collect or store your credit card number or other payment instrument — Apple handles payment.
1.4 Technical information
- App version, device model, operating-system version
- Interaction telemetry (which features you use, error logs) for the purpose of fixing bugs and improving the App
- Approximate region (derived from your App Store account country)
1.5 Information we do NOT collect
- We do not collect precise location.
- We do not collect contacts, calendar, photo library beyond images you explicitly attach to a meal log, microphone audio beyond what you explicitly record in the voice logger, or messaging data.
- We do not embed third-party advertising SDKs and we do not collect data for advertising purposes.
2. How we collect personal information
We collect information directly from you when you:
- Create an account
- Enter or upload data into the App (food logs, weight, mood, etc.)
- Subscribe to Caleo Pro through Apple's in-app purchase
- Contact us by email
We collect technical information automatically when you use the App.
We do not buy lists of personal information and we do not collect personal information from third parties about you, except for the limited account-relay information that Apple provides through Sign in with Apple.
3. Why we collect, hold, use and disclose it
We use your personal information only for the following purposes:
| Purpose | Examples |
|---|---|
| Providing the features you ask for | Logging meals, computing macros, generating personalised wellness suggestions |
| Account administration | Sign-in, account recovery, subscription status |
| Sending you AI-generated personalised features | Processing the meal photo or voice clip you submitted to compute calorie estimates and generate personalised orbs and insights |
| Improving the App | Aggregated, de-identified analysis of feature usage and crash logs |
| Communicating with you | Replying to support emails you send us |
| Complying with legal obligations | Tax, financial-record retention, lawful requests from Australian regulators |
We do not use your personal information for any other purpose without your consent, and we never sell your personal information to third parties.
We do not use your personal information to train artificial-intelligence models. The AI processors we use (see Section 4) act on a single request at a time and do not retain or train on your inputs for their own benefit.
4. Disclosure to third parties (including overseas)
To run the App we use a small number of trusted service providers who act under written contractual obligations consistent with the Privacy Act:
| Category of provider | Information shared | Purpose |
|---|---|---|
| Cloud hosting and authentication | Account info, all entries you make in the App, in-app purchase identifiers | Storing your data and signing you in |
| AI processing | The meal photo, voice clip, or contextual prompt you submitted, only at the moment you use a feature that needs AI | Calorie estimation, voice-meal transcription, generating your personalised orbs and insights. The provider processes each request and does not retain it or train on it under our agreement. |
| In-app purchases | Subscription / purchase identifiers | Verifying purchases and handling renewals |
Some of the above providers are located outside Australia, including in the United States. By using the App you consent to your personal information being disclosed overseas for the purposes set out above. We take reasonable steps to ensure each provider handles your information in a manner consistent with the APPs, including by entering into contractual arrangements that bind them to confidentiality and security obligations. APP 8.2 means that, by using the App, you accept that we are not accountable under APP 8.1 for the acts or practices of overseas recipients in respect of disclosures to which you have given your consent.
We may also disclose personal information:
- To a person to whom we sell or transfer the App or our business (in which case the buyer must keep handling it under this Policy or a similar policy)
- Where the disclosure is required or authorised by Australian law (for example, in response to a warrant, court order, or lawful request from the Office of the Australian Information Commissioner)
- Where you have given your express consent
5. Storage and security
Your information is stored on managed cloud infrastructure, encrypted in transit using industry-standard TLS and at rest using server-side encryption. Access is restricted by authenticated, per-user access policies so your data is scoped to your account.
We take reasonable steps under APP 11.1 to protect your information from misuse, interference, loss, unauthorised access, modification or disclosure, including by:
- Using authenticated APIs with time-limited tokens
- Storing AI provider keys server-side only (so they are never present in the App binary)
- Using webhook signature verification to authenticate purchase notifications from Apple
- Applying least-privilege access controls inside our database
No system is completely secure and we cannot guarantee absolute security. If we become aware of a notifiable data breach involving your personal information, we will notify you and the Office of the Australian Information Commissioner in accordance with Part IIIC of the Privacy Act.
6. Retention
We hold your personal information only for as long as necessary for the purposes set out in this Policy or for as long as required by law. In practice:
- While your account is active, we keep all entries you choose to keep
- If you delete an entry, it is removed from our active database (replicas and backups may retain it for up to 30 days)
- If you delete your account, we delete your personal information from our active database within 30 days, with backup retention of up to 90 days, after which it is permanently destroyed
- We may retain anonymised, aggregated data indefinitely for analytics
- We are required by Australian taxation law to retain financial records relating to your subscription for at least seven years; this retention is limited to financial records and does not include your health data
7. Accessing, correcting, and deleting your information
Under APP 12 and APP 13, you have the right to:
- Request access to the personal information we hold about you
- Request correction of personal information that is inaccurate, out-of-date, incomplete, irrelevant or misleading
- Request deletion of your personal information
The App provides built-in tools to access your data (including a full JSON export available to Caleo Pro subscribers in Settings) and to delete individual entries or your entire account from within Settings.
If you would prefer that we handle the request, email us at the address in Section 11. We will respond within a reasonable time and at no cost to you (except for unusually large or repetitive requests, where we may charge a reasonable fee).
We may decline a request to access or correct information where we are permitted or required to do so under the Privacy Act (for example, where granting access would unreasonably impact another person's privacy).
8. Children's privacy
The App is not intended for use by children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us and we will delete it.
9. Cookies and tracking
The App does not use cookies (it is a native iOS app, not a website). We do not use cross-app tracking and we do not request the App Tracking Transparency permission.
10. Changes to this Policy
We may change this Policy from time to time. We will publish the updated Policy in the App and update the "Last updated" date at the top. Material changes will be notified to you in-app or by email at least 14 days before they take effect. Continuing to use the App after a change means you accept the updated Policy.
11. Contact us
For privacy enquiries, access requests, correction requests, deletion requests, or to report a concern:
The developer of Caleo (ABN 74 753 906 469)
Email: …
Subject line: "Privacy Enquiry — Caleo"
We will acknowledge your request within 5 business days.