Privacy Policy

Effective date: April 10, 2026 · Last updated: April 10, 2026

Keto Cal AI ("the App") is operated by Joseph Bornstein ("we," "us," or "our"). This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Data We Collect

Account data. When you sign in with Apple, we receive your Apple user identifier and, if you choose to share it, your email address. We store a SHA-256 hash of your email for analytics attribution — we never store your raw email address.

Food photos. Photos you take in the App are sent to Google (Gemini) for food analysis. Photos are also stored in our database (Supabase) so you can view your meal history. We do not sell or share your photos with any third party beyond the analysis provider.

Usage data. We collect anonymous usage events (e.g., "photo scanned," "paywall shown") via PostHog to improve the App. These events do not contain personally identifiable information.

Subscription data. Your subscription status is managed by RevenueCat and Apple. We store your subscription status (active, expired, cancelled) but not your payment details — Apple handles all billing.

Device data. We collect your Expo push token if you opt into notifications. We collect basic device info (platform, OS version) for crash reporting via Sentry.

2. How We Use Your Data

• To analyze food photos and provide net carb estimates
• To track your daily carb intake and streak
• To send you one daily push notification (if you opted in)
• To manage your subscription and restore purchases
• To measure ad campaign effectiveness (hashed identifiers only)
• To fix crashes and improve the App

3. Third-Party Services

We use the following third-party services that process your data:

• Google (Gemini) — food photo analysis. Google Privacy Policy
• Supabase — database and authentication. Supabase Privacy Policy
• RevenueCat — subscription management. RevenueCat Privacy Policy
• PostHog — product analytics. PostHog Privacy Policy
• Sentry — crash reporting. Sentry Privacy Policy
• Tenjin — ad attribution. Tenjin Privacy Policy

4. AI-Powered Food Analysis

When you scan a food photo, it is sent to Google's Gemini API for analysis. Google processes the image to identify food items and estimate nutritional content. By using the App, you consent to this processing. You can revoke consent at any time in the App's AI consent settings — this will disable the photo scanning feature.

5. Data Retention

Your food logs and account data are retained as long as your account is active. If you delete your account, all associated data (logs, photos, daily summaries, subscription records) is permanently deleted within 30 days.

6. Your Rights

You have the right to:

• Access your data — view all your logs and account info in the App
• Delete your data — contact us to request full account deletion
• Opt out of push notifications — disable in iPhone Settings
• Revoke AI consent — toggle off in the App's settings
• Opt out of tracking — decline the App Tracking Transparency prompt

7. Children's Privacy

The App is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe we have collected data from a child, contact us immediately.

8. Security

We use Supabase Row Level Security to isolate user data, HTTPS for all data transmission, and secure token storage on your device. No system is 100% secure, but we take reasonable measures to protect your data.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the App or email. Continued use of the App after changes constitutes acceptance.

10. Contact

Questions about this Privacy Policy? Contact us at:

privacy@ketocal.ai