Privacy Policy
Last updated: 1 May 2026
This Privacy Policy explains what data Caliana ("Caliana", "we", "us") collects when you use the Caliana mobile application, why we collect it, and the choices you have. By using Caliana you agree to the practices described below.
1. Who we are
Caliana is a mobile application that helps you log food, estimate calories, and chat with an AI nutrition coach. References to "the App" mean the Caliana mobile app on iOS and Android.
2. What we collect
a. Information you provide
- Voice recordings. When you speak to Caliana, audio is recorded on your device and sent to our backend, which forwards it to OpenAI Whisper for transcription. Audio files are deleted from your device immediately after upload and are not retained on our servers.
- Photos. When you snap a meal or your fridge, the image is uploaded to our backend and forwarded to OpenAI's vision model for food estimation. Images are processed in memory and not retained on our servers.
- Food logs and chat messages. Text you enter (meals, conversations with Caliana) is sent to our backend and to OpenAI to generate responses.
- Profile preferences. Diet, allergies, household size, and similar settings you configure in the App. Stored locally on your device unless you choose to sync.
b. Information collected automatically
- Anonymous usage events (Google Firebase Analytics). Caliana does not require you to sign in. To understand how the App is being used — which features are working, which are confusing, where people drop off — we use Google Firebase Analytics. On first launch, Firebase generates an anonymous installation identifier (an opaque GUID known as the app_instance_id). All events we record are attached to that identifier. We do not collect your name, email, phone number, contact list, or any other directly-identifying information. We do not link this identifier to your real-world identity, because we do not have one to link it to. The events we record include things like "app opened", "onboarding step viewed", "food logged", "paywall viewed", "subscription started" — plus your tone preference (Polite, Cheeky, or Savage) and goal type (lose, maintain, gain) so we can understand how each cohort uses the App. None of those values is sensitive. Firebase also collects standard device fields automatically (device model, operating system version, app version, country at city-level resolution — never precise GPS).
- Technical logs. Our backend records request metadata (timestamps, endpoint, response status) for debugging and abuse prevention. These logs are retained for up to 30 days.
c. Information we do not collect
- We do not collect precise GPS location.
- We do not collect contacts, calendar, or browsing history.
- We do not sell your data to advertisers.
- We do not link the anonymous Firebase analytics identifier to any real-world identity, because the App does not require sign-in.
d. Turning analytics off
You can disable the anonymous analytics described above at any time:
- iOS: The first time you open Caliana, iOS asks whether the App may track activity across other companies' apps and websites. Choosing "Ask App Not to Track" stops Firebase Analytics from working in this App. You can change your answer later under Settings → Privacy & Security → Tracking → Caliana.
- Android: Open Google Settings → Ads and turn on Opt out of Ads Personalisation, or reset the advertising identifier. Both have the effect of breaking the link between your Firebase events and any other Google product.
- Either platform: Reinstalling the App generates a fresh, unrelated app_instance_id, so your historical analytics record cannot be tied to the new install.
3. How we use your data
- To provide the App's core features (transcription, food estimation, chat, meal suggestions).
- To improve reliability, fix bugs, and prevent abuse.
- To respond to your support requests.
4. Third-party AI services and your consent
Caliana sends some of your information to third-party AI services so that the App can understand photos, transcribe your voice, generate Caliana's replies, and voice them. Before any of this data leaves your device, the App asks for your explicit permission. You can grant, revoke, or change this permission at any time from Settings → Privacy & data → AI data sharing. If you do not grant permission, the AI-powered features (chat, photo and fridge logging, voice synthesis) will fall back to local-only behaviour and no data will be sent to these providers.
The third-party AI services we use, and exactly what we send to each:
- OpenAI — receives the typed text of your messages, your meal and fridge photos, and your voice recordings (for Whisper transcription). Used to generate Caliana's chat replies, estimate calories and macros from photos, and turn voice into food logs.
- ElevenLabs — receives the text of Caliana's replies (only) so that her spoken voice can be synthesised. Your own voice is never sent to ElevenLabs.
We also use the following non-AI processors:
- Serper.dev — web search used to look up recipes (we send the meal name, e.g. "greek salad with feta").
- Google Firebase — anonymous analytics and crash reporting.
- Railway — hosting for our backend API.
Each of these processors operates under its own privacy policy. We send only the data needed to perform each task (for example, only an audio clip to OpenAI for transcription) and we do not share your data with these providers for advertising. We require all of our processors to provide a level of privacy and security protection that is equivalent to that set out in this Policy and to handle your data only on our documented instructions.
5. Data retention
- Voice clips and photos: not retained on our servers after processing.
- Chat and food log data: stored locally on your device. If account sync is enabled, it is stored on our backend until you delete your account.
- Analytics and backend logs: up to 30 days, then automatically purged.
6. Your rights
Depending on where you live (e.g. UK/EU under UK GDPR/GDPR, California under CCPA), you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your data (see Delete your account).
- Object to or restrict certain processing.
- Lodge a complaint with your local data protection authority.
7. Children
Caliana is not directed at children under 13 (or under 16 in the EU/UK). We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.
8. Security
Data in transit is encrypted using HTTPS/TLS. We use reputable cloud providers and apply standard access controls. No system is perfectly secure; we cannot guarantee absolute security.
9. International transfers
Our backend is hosted in the EU. Some of our processors (OpenAI, ElevenLabs, Firebase) operate from the United States. We rely on Standard Contractual Clauses or equivalent safeguards for these transfers.
10. Changes
We may update this Policy. The "Last updated" date at the top reflects the current version. Material changes will be communicated in the App.
11. Contact
Questions or requests: info@m2mb.co.uk