Privacy Policy
1. Preamble
This privacy policy (the “Policy”) describes how the KCalories application (the “App”) collects, uses, retains, shares and protects your personal data, in accordance with the General Data Protection Regulation (Regulation EU 2016/679, the “GDPR”) and applicable French data-protection law (Loi Informatique et Libertés n° 78-17, as amended).
The App is designed to help you track your nutrition, hydration, physical activity and weight goals. To deliver these services, the App processes health data within the meaning of Article 9 GDPR. Such data benefits from heightened protection and is processed solely on the basis of your explicit consent.
We are committed to processing your data lawfully, fairly, transparently, proportionately and securely, and to ensuring that you can exercise all the rights conferred upon you by the regulation.
2. Data controller
The data controller within the meaning of Article 4(7) GDPR is the publisher of the Application, acting in an individual capacity. The full legal identity and, where applicable, the registration number (e.g. SIREN) of the controller, together with the postal address, are available on request at the contact address below.
For any question regarding this Policy, the exercise of your rights, or to report a personal data breach:
- Privacy contact:
privacy@kcaloriesapp.com - General support:
support@kcaloriesapp.com
At this stage, the Application is not operated by an organisation required to appoint a Data Protection Officer (DPO) within the meaning of Article 37 GDPR ; the data controller can be reached directly at the addresses above. Any change to this obligation will be reflected in an updated version of this Policy.
3. Scope and purposes of processing
The App processes your personal data only for the purposes described below. No data is used for advertising profiling, resale to third parties, or automated decision-making producing legal effects within the meaning of Article 22 GDPR.
| # | Purpose | Data involved | GDPR legal basis |
|---|---|---|---|
| F1 | Anonymous authentication and stable cross-device identification | Firebase Anonymous user ID, AppCheck token | Art. 6(1)(b) — performance of the contract |
| F2 | Profile personalisation and computation of your nutritional goals (energy needs, macros) | Sex, age, height, weight, activity level, weight goal, dietary mode | Art. 6(1)(b) and Art. 9(2)(a) — explicit consent (health data) |
| F3 | Daily food tracking: meals, foods, calories, macronutrients, micronutrients, hydration, activity | Meal history, scanned foods, food photos (if you provide them), water entries, step count | Art. 6(1)(b) and Art. 9(2)(a) — explicit consent (health data) |
| F4 | Optional Apple HealthKit synchronisation | Steps, active calories, weight, activity (read/write per your authorisations) | Art. 6(1)(a) and Art. 9(2)(a) — explicit consent via the iOS authorisation system |
| F5 | Reminders, streak alerts, weekly summaries, contextual notifications | Notification preferences, FCM token, time zone, language | Art. 6(1)(a) — consent (iOS system authorisation) |
| F6 | Optional social features: friends, leaderboards, challenges, activity feed, shared grocery lists | Display name, friend code, friend identifiers, activity events, visibility settings | Art. 6(1)(a) — consent (each action is voluntary) |
| F7 | Optional contact-based friend discovery — phone numbers are never transmitted in plaintext: only a SHA-256 hash computed locally is sent for matching | SHA-256 hash of phone numbers, your own hash stored server-side | Art. 6(1)(a) — explicit consent |
| F8 | App security: fraud prevention, authenticity verification (AppCheck), rate limiting | AppCheck token, technical request headers, server logs | Art. 6(1)(f) — legitimate interest (security) |
| F9 | Crash reporting and stability improvement | Anonymised crash reports, technical breadcrumbs, app version, device model, iOS version | Art. 6(1)(f) — legitimate interest (product quality) |
| F10 | In-app analytics and feature-usage understanding | Anonymised or pseudonymised events (action, timestamp, screen) | Art. 6(1)(f) — legitimate interest (product improvement); opt-out available |
| F11 | User support: handling your requests through the in-app form | Free-text message, app version, hashed user identifier (never the raw UID) | Art. 6(1)(b) — performance of the contract |
| F12 | Food lookup by barcode (Open Food Facts) | Scanned barcode, User-Agent header | Art. 6(1)(f) — legitimate interest (open-database lookup) |
4. Categories of data processed in detail
4.1 Identification and profile data
- Firebase user identifier (anonymous by default).
- Display name and avatar, both optional.
- Unique friend code generated server-side, shareable.
- SHA-256 fingerprint of the user identifier, used solely for support purposes to allow lookup without exposing the raw ID.
4.2 Health data (Article 9 GDPR)
The App processes the following special categories of data, which benefit from heightened protection:
- Body measurements: current and historical weight, height, age, sex.
- Goals and derived metrics: daily calorie goal, macronutrient goals, estimated energy expenditure (TDEE), target weight.
- Food tracking: logged meals, quantities, food types, derived nutritional values (calories, protein, carbs, fat, micronutrients where available).
- Hydration: water volume consumed.
- Physical activity: step count, active calories (if you enable HealthKit synchronisation).
- Dietary mode: declared diet (omnivore, vegetarian, vegan, etc.).
- Meal photos: if you choose to add them.
Processing of this data is always based on your explicit consent (Article 9(2)(a) GDPR), evidenced by your acceptance of this Policy and by the granular choices you make in the App (whether to enable HealthKit, whether to submit a photo, etc.).
4.3 Technical data and persistent identifiers
- Firebase Cloud Messaging (FCM) token for push notification delivery (only if you grant permission).
- Device metadata: model, iOS version, local device identifier used to differentiate your installs without serving as an advertising identifier (IDFA is not collected).
- Time zone, language and theme preferences.
- Notification preferences (enabled categories, time slots).
4.4 Behavioural and technical data
- Anonymised or pseudonymised usage events (e.g. screen view, meal added, barcode scanned).
- Local barcode scan history (stored only on your device, except for server-side aggregate statistics).
- Free-text food search queries (used in aggregate to assess food-database quality).
- Technical error logs and crash reports sent to Firebase Crashlytics.
4.5 Social data (when you enable these features)
- Friend list: identifiers, relationship status, date added.
- Pending friend requests.
- SHA-256 fingerprint of phone numbers from your address book (computed locally, transmitted for matching, never stored in plaintext) — only if you enable contact-based discovery.
- Aggregated activity feed (visibility per your settings).
- Challenges (creation, participation, leaderboards).
- Shared grocery lists (recipients of the lists see their content by design).
- Visibility settings: who can see your diary, weight, statistics.
4.6 Photos
- Avatar: if you add one, the photo is stored in Firebase Storage and associated with your user ID.
- Meal photos: used locally on your device.
- Grocery photos: if you add any, they are stored locally and, if you share the corresponding list, in Firestore.
No biometric processing within the meaning of Article 9 GDPR is applied to these photos. No facial recognition or biometric identification is performed.
4.7 Data we do not collect
For transparency, please note that the App does not collect:
- precise or background geolocation data;
- any advertising identifier (IDFA) or fingerprint for advertising purposes;
- plaintext phone numbers (only their hash, and only if you enable contact-based discovery);
- genetic, biometric identification, political, philosophical, religious, trade-union, sexual life or sexual orientation data within the meaning of Article 9 GDPR.
5. Legal bases for processing
In accordance with Articles 6 and 9 GDPR, every processing operation carried out by the App is based on one of the following legal bases:
- Explicit consent (Art. 6(1)(a) and Art. 9(2)(a)): the principal basis for health data, HealthKit synchronisation, push notifications, social features and list sharing.
- Performance of a contract (Art. 6(1)(b)): for what is strictly necessary to provide the tracking service (technical account creation, local storage of tracking).
- Legitimate interest (Art. 6(1)(f)): for the technical security of the App (AppCheck, abuse prevention), stability (anonymised crash reports) and pseudonymised analytics. A balancing test is available upon request.
You may withdraw your consent at any time without affecting the lawfulness of prior processing (Article 7(3) GDPR). Withdrawal can be made through the App settings (notifications, HealthKit, social features) or by deleting your account.
6. Recipients and processors
Your data may be shared with the following recipients, strictly limited to the purposes described:
| Recipient | Role | Purposes | Storage country | Engagement link |
|---|---|---|---|---|
| Google LLC / Firebase | Processor | Authentication, database (Firestore), file storage (Storage), notifications (FCM), crash reporting (Crashlytics), authenticity verification (AppCheck) | United States (Google Cloud) | https://firebase.google.com/terms/data-processing-terms |
| Apple Inc. | Joint controller / processor depending on service | HealthKit (health data stays on device), Apple Push (APNs as relay for FCM) | United States | https://www.apple.com/legal/privacy/ |
| Open Food Facts | Public data source | Product lookup by barcode (open-database query) | France / European Union | https://world.openfoodfacts.org/ |
Key commitment: we do not sell or rent your data to any third party. No advertising partner, data broker or advertiser has access to your data.
Note: should any new processor become involved, this section will be updated before any such activation.
7. Transfers outside the European Union
Several processors are located in the United States (notably Google/Firebase and Apple), so your data may be transferred outside the European Economic Area.
These transfers are governed by:
- the Standard Contractual Clauses (SCC) adopted by the European Commission (Implementing Decision 2021/914);
- the EU–US Data Privacy Framework where the processor is certified;
- the technical and organisational supplementary measures implemented by the processors (encryption in transit, encryption at rest, strict access controls).
You may contact us at privacy@kcaloriesapp.com to obtain a copy of the safeguards applicable to a specific transfer of your data.
8. Retention periods
| Data category | Retention period |
|---|---|
| Profile data, food tracking, weight, hydration, activity | As long as your account is active. Full deletion upon account deletion request (see section 10). |
| Avatar photos, meal photos, grocery photos | Same — until you explicitly remove them or delete your account. |
| Food data cache (per barcode) | Thirty (30) days server-side, refreshed on a new request. |
| Local scan history | Stored locally on your device. You can clear it at any time from settings. |
| Data pending synchronisation (changes made offline : meals, water intake, weight, body measurements, activity, profile) | Stored locally on your device, encrypted by iOS. Automatically deleted once synchronisation succeeds, and wiped when you delete your account or sign out. |
| Deleted entries (meals, weight log, body measurements) | When you delete an entry, it is first marked as deleted server-side (not immediately purged) to keep your data consistent, retained for at most thirty (30) days, then permanently deleted. |
| Social data (friends, challenges, activity feed) | As long as the relationship is active; deleted on request or upon feature withdrawal. |
| Contact SHA-256 hashes | Not retained: used in flow for matching, then erased. Your own hash is retained as long as you keep the feature enabled. |
| Crash reports (Crashlytics) | Ninety (90) days by default. |
| Pseudonymised analytics events | Ninety (90) days for unit events; statistical aggregates retained without personal data. |
| Support requests | For the duration necessary to handle your request, plus the legal retention period for evidence (typically three years). |
At the end of these periods, data is either permanently deleted or irreversibly anonymised.
9. Security
We implement appropriate technical and organisational measures to protect your data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access:
- Encryption in transit: all communications with our servers and processors use TLS 1.2 or higher.
- Encryption at rest: data stored in Firebase / Google Cloud benefits from default AES-256 encryption. Sensitive tokens on the device are stored in the iOS Keychain, itself encrypted by the operating system.
- App authenticity: Firebase AppCheck continuously verifies that requests originate from a legitimate App instance.
- Access partitioning: Firestore security rules restrict access to user data to its sole owner; backend Cloud Functions enforce server-side checks.
- No password authentication in the current version (anonymous authentication delegated to Firebase): therefore no password is stored.
- One-way hashing of phone numbers (SHA-256) when you use contact discovery.
- Incident monitoring: error tracking and automatic alerts on anomaly.
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we undertake to notify the CNIL within seventy-two (72) hours pursuant to Article 33 GDPR, and to inform you where Article 34 so requires.
10. Your rights
In accordance with Articles 15 to 22 GDPR, you have the following rights over your personal data:
- Right of access (Art. 15): obtain confirmation that data concerning you is processed and obtain a copy.
- Right to rectification (Art. 16): correct inaccurate or incomplete data.
- Right to erasure (Art. 17, “right to be forgotten”): obtain the erasure of your data under the conditions set out in the GDPR.
- Right to restriction (Art. 18): request the temporary suspension of processing.
- Right to data portability (Art. 20): retrieve your data in a structured, commonly used and machine-readable format.
- Right to object (Art. 21): object, on grounds relating to your particular situation, to processing based on legitimate interest.
- Right to withdraw your consent (Art. 7(3)): at any time, without affecting the lawfulness of prior processing.
- Right to set post-mortem directives on the fate of your data after your death, in accordance with Article 85 of the French data-protection law.
Exercising your rights:
- Built-in account deletion: from Settings → Delete account. This action triggers the irreversible deletion of all your personal data in our systems (subject to mandatory legal retention periods).
- Granular opt-outs: from settings, you can disable notifications, HealthKit synchronisation, social features and analytics at any time.
- Written request: for any other right, write to
privacy@kcaloriesapp.com. We will respond within one (1) month, extendable by two (2) months in case of complexity or multiple requests (Art. 12(3) GDPR).
Complaint to the CNIL: if you believe that the processing of your data does not comply with the regulation, you may lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL):
3 Place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07 https://www.cnil.fr
11. Minors
The App is not intended for persons under the age of sixteen (16). No registration is accepted for users below this age without the explicit consent of the holders of parental responsibility, in accordance with Article 8 GDPR.
If you are a parent or guardian and notice that a minor under your responsibility uses the App without your consent, please contact us at privacy@kcaloriesapp.com so we can delete the account.
12. Cookies and persistent identifiers
The App is a native mobile application and does not use cookies within the meaning of Directive 2002/58/EC (“ePrivacy”). It uses the following native iOS storage mechanisms:
- Keychain: for secure storage of the Firebase authentication token and the FCM token.
UserDefaults: for non-sensitive user preferences (theme, language, time zone, notification preferences, accepted version of this Policy).- Local app storage: for offline food tracking, including data pending synchronisation (see section 8 for retention).
- Image cache: for avatars, meal photos and product images.
None of these mechanisms is used for advertising tracking.
13. Automated decision-making and profiling
The App does not make any solely automated decisions producing legal effects or significantly affecting your situation within the meaning of Article 22 GDPR.
Nutritional calculations (energy needs, macronutrient goals) are provided for guidance and support only and do not substitute for medical advice in any way. The App does not provide medical advice and shall not replace consultation with a qualified healthcare professional.
14. Changes to this Policy
We may amend this Policy to reflect a regulatory development, the addition of a feature or processor, or the implementation of a CNIL recommendation.
In the event of a substantial change, you will be notified upon opening the App, and a fresh consent will be requested where the nature of the changes so requires. Previous versions remain available on request to privacy@kcaloriesapp.com.
The last updated date appears at the top of this Policy.
15. Download and local retention
At any time, you may download this Policy as a PDF from the screen displaying it in the App, in order to keep a copy. The generated PDF mirrors exactly the version displayed, with its update date and version number.
16. Contact
For any question, request to exercise your rights or prior complaint:
- Privacy email:
privacy@kcaloriesapp.com - Support email:
support@kcaloriesapp.com - Complaint to the CNIL: https://www.cnil.fr/en/plaintes
End of document.