CalorieCount
Privacy Policy
AI-Powered Nutrition Tracking
Effective Date: May 10, 2026 | Version 1.0
This Privacy Policy discloses in full how CalorieCount collects, processes, stores, and shares your personal data — including sensitive health and nutrition information — and how that data may be written to or read from Android Health Connect. Please read this document carefully before using the application.
1. Who We Are
CalorieCount ('the App', 'we', 'our') is an AI-powered nutrition tracking application developed for Android and web platforms. The App is operated by its developer ('Developer'). For privacy-related enquiries, contact: privacy@caloriecount.app.
2. Scope of This Policy
This policy applies to all versions of CalorieCount, including the Android application, the web-based preview interface, and any future platform releases. It governs:
-
Information you provide directly when logging food entries.
-
Health and nutrition data generated by your use of the App.
-
Data written to and read from Android Health Connect.
-
Photographs and images processed for AI food analysis.
-
Usage and diagnostic information collected automatically.
3. Information We Collect
3.1 Health and Nutrition Data
CalorieCount is a health application. The following categories of health data are collected, generated, and stored as part of normal App use:
-
Calories. Caloric intake (kcal) per food item and per day.
-
Macronutrients. Macronutrient values including protein, carbohydrates, and fat (in grams).
-
Micronutrients. Micronutrient values including dietary fibre, total sugar, and sodium.
-
Meal Type. Meal categorisation: Breakfast, Lunch, Dinner, or Snack.
-
Food Identity. Food names, brand names, serving sizes, and portion weights.
-
Timestamps. Time and date stamps for each food entry.
-
Goal Data. Your self-reported daily calorie goal.
-
Body Metrics (optional). Body metrics entered voluntarily into the TDEE calculator: biological sex, age, height, weight, and activity level. These are used solely to calculate your personalised calorie target and are not transmitted.
3.2 Photographs and Images
When you use the Camera or Gallery input methods, the App captures or receives a photograph of food. This image is:
-
Encoded as a Base64 string in-memory on your device.
-
Transmitted over an encrypted HTTPS connection to Anthropic's Claude API for AI analysis.
-
Not stored by the App on your device beyond the active session.
-
Not retained by the App on any server. Anthropic's data retention policies apply to API calls.
3.3 Barcode and Product Data
When you scan a product barcode, the App transmits the numeric barcode value to the Open Food Facts API (world.openfoodfacts.org) and/or to Anthropic's Claude API. No personally identifiable information is included in these requests.
3.4 Search Queries
Food name search queries are transmitted to Anthropic's Claude API, and optionally to the Open Food Facts text search API and FatSecret Platform API (if credentials are configured by the user). Search queries may include food descriptions you type.
3.5 Device and Usage Data
The following technical data may be collected automatically:
-
Android SDK version and device model (used for compatibility and Health Connect availability checks).
-
Application version number.
-
JavaScript console logs (debug builds only, not transmitted externally).
The App does not collect device identifiers (IMEI, advertising ID), location data, contact lists, or any data unrelated to food and nutrition.
4. Android Health Connect Integration
This section specifically addresses the App's access to and use of Android Health Connect, as required by Google Play's Health Connect policy and applicable data protection law.
4.1 What Is Android Health Connect
Android Health Connect is a platform built into Android (version 9+) that provides a centralised, permission-controlled repository for health and fitness data. CalorieCount may read from and write to Health Connect subject to explicit user permission.
4.2 Health Connect Permissions Requested
CalorieCount requests the following Health Connect permissions:
-
android.permission. health.WRITE_NUTRITION — to write NutritionRecord entries to Health Connect when the user initiates a sync.
-
android.permission. health.READ_NUTRITION — to verify previously synced records and avoid duplication.
These permissions are not granted automatically. Android presents a system permission dialog. You may grant or deny each permission individually. The App functions fully for food tracking without Health Connect permissions — sync is an optional feature.
4.3 Data Written to Health Connect
When you tap 'HC Sync' in the Log tab, CalorieCount writes the following fields for each food entry as a NutritionRecord object to Health Connect:
-
name — the food name string (e.g., 'Grilled Chicken').
-
energy — kilocalories as a Health Connect Energy value.
-
protein — grams as a Health Connect Mass value.
-
totalCarbohydrate — grams as a Health Connect Mass value.
-
totalFat — grams as a Health Connect Mass value.
-
dietaryFiber — grams as a Health Connect Mass value (when available).
-
sugar — grams as a Health Connect Mass value (when available).
-
sodium — milligrams converted to grams as a Health Connect Mass value (when available).
-
mealType — mapped to Health Connect constants: MEAL_TYPE_BREAKFAST, MEAL_TYPE_LUNCH, MEAL_TYPE_DINNER, MEAL_TYPE_SNACK, or MEAL_TYPE_UNKNOWN.
-
startTime / endTime — the log timestamp and a 15-minute window thereafter.
-
dataOrigin.packageName — 'com.calorie.count1', identifying CalorieCount as the data source.
No other data fields are written. Body metrics, photographs, search history, and device information are never written to Health Connect.
4.4 Data Read from Health Connect
CalorieCount reads NutritionRecord entries solely to verify existing records before writing, in order to prevent duplicate entries from repeated sync operations. Read records are processed transiently in memory and are not stored, transmitted, or used for any purpose other than deduplication.
4.5 When Sync Occurs
Health Connect sync is strictly manual and user-initiated. The App does not sync automatically in the background, on app launch, or on any schedule. Sync occurs only when you explicitly tap the 'HC Sync' button visible in the Log tab while viewing today's entries on an Android device.
4.6 Data Visibility to Other Apps
Once data is written to Health Connect, it becomes accessible to any other app on your device that holds the android.permission.health.READ_NUTRITION permission and to which you have granted access. This includes apps such as Google Fit, Samsung Health, Garmin Connect, Fitbit, and others. CalorieCount has no control over how third-party apps handle data once it has been written to Health Connect.
4.7 Revoking Health Connect Access
You may revoke Health Connect permissions at any time via:
-
Android Settings > Privacy > Health Connect > App permissions > CalorieCount.
-
The Health Connect app itself under Data sources and privacy.
Revoking permissions prevents future writes and reads. Data already written to Health Connect is not automatically deleted. To delete synced records, use the Health Connect app and navigate to Browse > Nutrition > CalorieCount, then delete the entries there.
5. Third-Party Services and Data Processors
5.1 Anthropic (Claude AI)
Food photographs, food name queries, and barcode lookups are transmitted to Anthropic, Inc. via its API. Anthropic processes these requests on its servers. Anthropic's privacy policy is available at anthropic.com/privacy. The App transmits no user account data or personally identifiable information to Anthropic beyond the content of the query itself.
5.2 Open Food Facts
Barcode and text search queries may be transmitted to the Open Food Facts API (world.openfoodfacts.org). Open Food Facts is a free, open-source food database licensed under CC BY-SA 4.0. No personal data is included in these requests. Open Food Facts' privacy policy is available at world.openfoodfacts.org/privacy.
5.3 FatSecret Platform API
Configuration of FatSecret credentials, food search queries will also be sent to the FatSecret Platform API. FatSecret credentials (Consumer Key and Consumer Secret) are stored only in your browser's sessionStorage and are never transmitted to any server operated by the App Developer. FatSecret's privacy policy is available at platform.fatsecret.com/api/Default.aspx?screen=PrivacyPolicy.
5.4 CDN (Cloudflare / cdnjs)
The App loads the React and Babel JavaScript libraries from cdnjs.cloudflare.com. Standard access logs may be recorded by Cloudflare in accordance with their privacy policy (cloudflare.com/privacypolicy). No user health data is transmitted to Cloudflare.
6. Local Data Storage
All food log data, history, and goal settings are stored locally on your device using the Web Storage API (localStorage). This data:
-
Remains on your device and is not transmitted to any external server by the App.
-
Is accessible only to the CalorieCount application context in your browser or WebView.
-
May be cleared at any time by clearing the App's data via Android Settings > Apps > CalorieCount > Storage > Clear Data.
-
Is not backed up to cloud services by the App. System-level backups (Android Auto Backup) may include this data subject to your device's backup configuration.
7. Data Retention
CalorieCount does not operate a database or backend server. All nutritional data is retained locally on your device for as long as you use the App or until you clear the application data. There is no time limit imposed by the App on how long local data is kept.
API call data (food images, queries) sent to Anthropic and Open Food Facts is subject to those services' own retention policies. The App Developer has no control over data retained by third-party API providers.
8. Data Security
CalorieCount implements the following security measures:
-
All API communications use HTTPS/TLS encryption.
-
The Android network security configuration restricts cleartext (HTTP) traffic.
-
API keys are not embedded in the App binary. The Anthropic API key must be provided by the user at setup.
-
FatSecret credentials are stored only in sessionStorage (cleared when the session ends) and are never logged or transmitted to the App Developer.
-
The Android WebView has USB debugging enabled only in debug builds.
No system is completely secure. While we implement reasonable technical measures, we cannot guarantee the absolute security of information transmitted over the internet or stored on a device.
9. Children's Privacy
CalorieCount is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided health data through the App, please contact us so that we may take appropriate steps.
10. Your Rights and Controls
10.1 Access and Deletion — Local Data
Because all data is stored locally on your device, you have direct control. You may view, edit, or delete individual food entries within the App at any time. You may delete all App data via Android Settings > Apps > CalorieCount > Storage > Clear Data.
10.2 Camera and Media Permissions
Camera access and media library access are requested at runtime and may be revoked at any time via Android Settings > Apps > CalorieCount > Permissions.
10.3 Health Connect Permissions
As described in Section 4.7, Health Connect permissions may be revoked at any time independently of other App permissions.
10.4 Opt-out of Third-Party Databases
FatSecret integration is entirely optional and requires manual credential entry. Open Food Facts queries are made only when you actively perform a barcode scan or food search. If you prefer not to use these services, you may use only the AI estimation (Anthropic) or the Manual Label entry method.
10.5 GDPR / UK GDPR Rights (where applicable)
If you are located in the European Economic Area or the United Kingdom, you may have additional rights including: the right to access your data, the right to rectification, the right to erasure, the right to restrict processing, and the right to data portability. To exercise these rights, contact: privacy@caloriecount.app.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will revise the 'Effective Date' at the top of this document and increment the version number. Material changes will be communicated via an in-app notification. Continued use of CalorieCount after the effective date of a revised policy constitutes your acceptance of the changes.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact:
-
Email: arknosh@gmail.com
-
Privacy policy URL: arklabs.llc/privacy-policy
-
Health Connect data enquiries: areebahmed@arklabs.llc
Annex A — Health Data Summary Table
The table below summarises the health data fields collected, their purpose, and where they are processed or stored.
