Privacy Policy — CalorIA Scan

At CalorIA Scan, we take your privacy very seriously. This policy explains what data we collect, how we use it, and how we protect it, in compliance with Mexico's Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP) and the policies of Google Play and the App Store.

1. Data Controller

Rumbo Tech Labs

Based in Mexico, responsible for the processing of personal data collected through CalorIA Scan ("the App").

To exercise your ARCO rights (Access, Rectification, Cancellation, or Opposition), contact us at: rumbotechlabs@gmail.com

2. Personal Data We Collect

Identity and Contact Data

Name and email address provided when signing in with Google or Apple.

Body Data (optional)

Weight, height, age, and sex that you voluntarily enter to calculate your personalized calorie goal.

Food Images

Photographs you take within the App for the sole purpose of analyzing nutritional content. Images are sent to an external AI service (OpenAI) and are not permanently stored on our servers.

Nutritional History

Records of scanned foods, calorie values, macronutrients, and daily goals.

Usage Data

Technical information about how you use the App (screens visited, errors) to improve the service. This does not include personally identifiable information.

3. Purposes of Data Processing

Primary Purposes (necessary)

Authenticate your identity and maintain your session.
Analyze food images using AI to estimate calories and macronutrients.
Store your nutritional history and personalized goals.
Sync your data across devices.
Process payments and manage your subscription.

Secondary Purposes (optional)

Send you notifications about your progress or reminders (only if you enable permissions).
Improve the accuracy of our AI models in an aggregated and anonymized manner.

4. Third Parties We Share Your Data With

Supabase

Database and authentication platform (servers in the U.S.). Your data is stored in encrypted form. See: supabase.com/privacy

OpenAI

Food photographs are sent to the OpenAI API for AI-powered nutritional analysis. OpenAI does not use API data to train its models by default. See: openai.com/policies/privacy-policy

Google (authentication)

We use Google Sign-In for authentication. See: policies.google.com/privacy

RevenueCat

Subscription and in-app purchase management platform. Processes purchase information from Google Play and the App Store. See: revenuecat.com/privacy

Apple (authentication — iOS only)

We use Sign in with Apple for iPhone/iPad users. See: apple.com/legal/privacy

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

5. International Transfers

Your data may be transferred to and stored on servers located outside Mexico (U.S.) by the providers mentioned in Section 4. These providers hold adequate security certifications (ISO 27001, SOC 2).

6. Data Retention

Your data is retained as long as your account is active. When you delete your account from the App (Profile → Delete my account), all your personal data is permanently erased within a maximum of 30 days.

Food images processed by AI are not stored after the analysis is complete.

7. Your ARCO Rights

Under the LFPDPPP, you have the right to:

Access

Know what personal data we hold about you.

Rectification

Request correction of inaccurate or incomplete data (you can also do this directly in Profile → My profile).

Cancellation

Request deletion of your data. You can do this directly from the App (Profile → Delete my account).

Opposition

Object to the processing of your data for secondary purposes.

To exercise these rights, send an email to rumbotechlabs@gmail.com with the subject line "ARCO Rights". We will respond within 20 business days.

8. Device Permissions

Camera

Required to scan food. Only activated when you open the scan screen.

Photo Gallery

Optional. Allows you to select images from your gallery for analysis.

Notifications

Optional. Requested only if you enable daily logging reminders.

You can revoke any permission at any time from Settings → Apps on your device.

9. Security

We implement technical and organizational measures to protect your data, including:

Encryption in transit (HTTPS/TLS 1.3).
Encryption at rest in our database.
Role-based access control in Supabase.
Secure credential storage on your device.

10. Minors

CalorIA Scan is intended for users aged 13 and older. We do not knowingly collect data from children under 13. If you become aware that a minor has created an account, please contact us at rumbotechlabs@gmail.com to have it deleted.

11. AI and Nutritional Accuracy Notice

The calorie and macronutrient values generated by CalorIA Scan are approximate estimates produced by artificial intelligence. They do not constitute medical or dietary advice. Consult a healthcare professional for important dietary decisions.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you within the App of any significant changes. The last updated date appears at the top of this document. Continued use of the App after changes constitutes your acceptance.

Contact

Have questions about this policy or want to exercise your ARCO rights? Write to us:

rumbotechlabs@gmail.com

By using CalorIA Scan, you confirm that you have read and accept this Privacy Policy.