Privacy Policy

Last updated: 2026-02-25

1. Introduction

This Privacy Policy explains how Sunbranch AS ("we", "us", or "our") collects, uses, and protects your personal data when you use the Kalori application ("the App").

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

Sunbranch AS is the data controller responsible for your personal data.

Contact:

Email: support@kaloriapp.no

3. Data We Collect

Account Data:

  • Email address
  • Authentication credentials (password hash or OAuth tokens)
  • Account creation date

Profile Data:

  • Birth date (for calorie calculations)
  • Gender (for calorie calculations)
  • Height and weight
  • Activity level
  • Health and fitness goals

Health and Dietary Data:

  • Meals and food entries you log
  • Portion sizes
  • Calorie and macronutrient data
  • Weight history entries
  • Custom foods you create

Photos (Optional):

  • Meal photos uploaded for AI food recognition
  • Photos are processed transiently for food identification and are not permanently stored on our servers

Technical Data:

  • Device type and operating system
  • App version
  • Crash reports and error logs (if enabled)
  • Usage analytics (anonymized)

4. How We Use Your Data

We process your data for the following purposes:

To Provide the Service (Legal basis: Contract performance)

  • Calculate your personalized calorie and macro targets
  • Track your meals and nutritional intake
  • Display your progress and history
  • Process food photos for AI-based food recognition

To Improve the App (Legal basis: Legitimate interest)

  • Analyze anonymized usage patterns to improve features
  • Fix bugs and technical issues
  • Develop new features based on aggregated insights

To Communicate With You (Legal basis: Contract performance / Consent)

  • Send account-related notifications
  • Respond to support requests
  • Send marketing communications (only with your consent)

AI and Photo Processing

When you use our food photo scanning feature:

  • Your photos are sent to AI services to identify food items and estimate nutritional content
  • Photos are processed in real-time and are not stored permanently by us or our AI providers
  • We do not use your photos to train AI models
  • Your personal health data, progress photos, and identifiable information are never used for AI training

Anonymized Data

We may create anonymized, aggregated data from your usage that cannot be traced back to you. This data may be used for:

  • Statistical analysis and research
  • Improving nutritional database accuracy
  • Understanding general usage patterns
  • Business analytics and reporting

Anonymized data is not considered personal data under GDPR and may be retained indefinitely.

5. Data Storage and Security

Your data is stored securely using Supabase, a cloud database platform with:

  • Encryption at rest and in transit (TLS/SSL)
  • Row-level security ensuring you can only access your own data
  • Regular security audits and compliance certifications
  • Data centers located in the European Union

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

6. Third-Party Services

We use the following third-party services that may process your data:

Supabase

Database and authentication services. Privacy Policy: https://supabase.com/privacy

Open Food Facts

Food database for nutritional information. Privacy Policy: https://world.openfoodfacts.org/privacy

Matvaretabellen

Norwegian food database for nutritional information. Operated by the Norwegian Food Safety Authority.

Apple / Google

Sign-in services and payment processing for subscriptions, subject to their respective privacy policies.

AI Services

Food image recognition processing. Photos are processed transiently (in real-time) and are not stored or used for training by the AI provider.

Analytics

We may use anonymized analytics to understand app usage. No personal data or tracking across apps/websites is involved.

7. Your Rights (GDPR Articles 15-22)

Under GDPR, you have the following rights:

Right of Access (Article 15)

You can request a copy of all personal data we hold about you. We will provide this within 30 days.

Right to Rectification (Article 16)

You can correct inaccurate personal data through the App's settings or by contacting us.

Right to Erasure (Article 17)

You can delete your account and all associated personal data through the App's settings. We will complete deletion within 30 days.

Right to Data Portability (Article 20)

You can request your data in a structured, machine-readable format (JSON or CSV).

Right to Object (Article 21)

You can object to processing based on legitimate interests. We will stop processing unless we have compelling grounds.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

Right to Restriction (Article 18)

You can request that we limit how we use your data while we address your concerns.

To exercise any of these rights, use the in-app settings or contact us at support@kaloriapp.no. We will respond within 30 days. There is no fee for exercising your rights.

8. Data Retention

We retain your data for as long as your account is active. After account deletion:

  • Personal data is deleted within 30 days
  • Meal photos are deleted immediately (they are not stored long-term)
  • Backup copies are deleted according to our backup rotation schedule (maximum 90 days)
  • Anonymized, aggregated data may be retained indefinitely as it cannot identify you

We may retain certain data longer if required by law, to resolve disputes, or to protect our legal rights.

If your account is inactive for more than 24 months, we may send you a reminder email. If you don't respond, we may delete your account in accordance with this policy.

9. Children's Privacy

Users between 13 and 17 years old must have permission from a parent or legal guardian to use the App.

Parents/guardians are responsible for supervising their child's use of the App and ensuring the accuracy of any information provided.

We do not knowingly collect personal data from children under 13. If you believe we have collected data from a child under 13, please contact us immediately and we will delete it.

The App is available to users aged 13 and older.

Parents or guardians may exercise data rights on behalf of their children by contacting us at support@kaloriapp.no.

10. International Data Transfers

Your data is primarily stored in the European Union. If data is transferred outside the EU/EEA (for example, to AI processing services), we ensure appropriate safeguards are in place, such as:

  • EU Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Data processing agreements with appropriate security measures

AI processing of food photos may occur outside the EU, but photos are processed transiently and not stored.

11. Cookies and Tracking

The App does not use cookies or tracking technologies. We do not track you across other apps or websites. Any analytics data we collect is anonymized and cannot identify you personally.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or by email at least 30 days before they take effect. The "Last updated" date at the top indicates when the policy was last revised. Continued use of the App after changes take effect constitutes acceptance of the revised policy.

13. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

  • The Norwegian Data Protection Authority (Datatilsynet): https://www.datatilsynet.no
  • The supervisory authority in your country of residence

We encourage you to contact us first at support@kaloriapp.no so we can try to resolve your concerns directly.

14. Contact

For any questions about this Privacy Policy or your personal data, please contact us:

Email: support@kaloriapp.no

We aim to respond to all inquiries within 48 hours during business days.