Privacy Policy

Останнє оновлення: June 8, 2026

1. Introduction

This Privacy Policy describes how Dima Labs Inc ("Operator", "we", "us") collects, uses, stores, and protects personal information when you use the Caloroo service (the "Service"). By using the Service you agree to the practices described here.

2. Data Controller

The Operator is Dima Labs Inc, a corporation incorporated in the Province of Ontario, Canada. We are committed to handling personal data in accordance with applicable Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA).

3. Information We Collect

  • Account data. Email address, password hash, and optional display name provided to register and sign in.
  • Food and nutrition logs. Entries you create, including items, portions, timestamps, photos, and notes.
  • Profile and health data. Optional goals, body metrics (such as weight and body measurements), dietary preferences, check-ins, and group membership you choose to enter.
  • Photos. Progress photos and avatars you upload, and nutrition-label photos you scan.
  • Payment data. If you buy a paid plan, payment is handled by our payment provider. We never receive or store your full card details.
  • Notification token. A push notification token, if you enable notifications.
  • Technical data. IP address, browser and device information, access logs, and error diagnostics collected through standard server logs.

4. How We Use Your Information

  • Provide and operate the Service and display your logs back to you.
  • Authenticate users and secure accounts.
  • Process payments for any paid features.
  • Send notifications related to your account or the Service.
  • Diagnose issues, prevent abuse, and analyze usage to improve the Service.
  • Comply with legal obligations.

We do not sell your personal data. We do not use your food logs for advertising. We do not use your personal health data to build advertising or marketing profiles, and we do not share it with advertisers.

5. Data Storage and Security

Personal data is primarily stored on servers located in data centers in Toronto, Canada. Photos and other content you upload are kept in S3-compatible object storage. We apply technical and organizational measures including encryption in transit, access controls, regular backups, monitoring, and malware protection. No system is perfectly secure, but we work to protect your data using industry-standard practices. Some of the providers described below may process limited data outside Canada; see International Data Transfers.

6. Data Retention

  • When you delete your account, your data is erased immediately and permanently. Residual copies in encrypted backups are purged within approximately 30 days.
  • Food logs and activity history are retained for the lifetime of your account, and erased when you delete it.
  • Server and access logs are retained for up to 12 months.
  • Third-party analytics data is retained according to the policies of the relevant providers.

7. Account Deletion

You can permanently delete your account and all associated data at any time from the app settings. Deleting your account erases your food logs, body metrics, goals, check-ins, photos, and profile. This action is immediate and cannot be undone.

8. Third-Party Services

Your personal health data, including your weight, body measurements, food and nutrition logs, goals, check-ins, and progress photos, is never sold and is never shared with third parties for their own purposes, for advertising, or for marketing.

We never share your data with other people unless you choose to. Sharing is entirely opt-in. You control exactly what, if anything, each group member or share link can see, and you can revoke access at any time.

To operate the Service we use a small set of providers that process data strictly on our behalf, under contract, and are not permitted to use it for their own purposes: infrastructure and object storage hosting (your photos and content), payment processing (Polar; we never receive your full card details), transactional email (Resend), error diagnostics (Sentry), product analytics (PostHog, which receives your account identifier and usage and technical events only, never your food logs or health data), and push notification delivery.

Nutrition-label scanning. When you scan a nutrition label, the label image (product packaging, not your personal health information) is sent to a vision provider (OpenAI or Google) solely to read the nutrition values. These providers are contractually barred from using the image to train their models or for any purpose other than returning the result to us. The food log created from the scan is stored only in our systems.

We do not track you across other companies' apps or websites. We may disclose data only where required by law.

9. Cookies and Tracking

Essential cookies enable authentication and core functionality of the Service. Analytics cookies, where used, help us understand aggregate usage. You can control cookies through your browser settings, though doing so may affect functionality.

10. Your Rights

Subject to applicable law, you have the right to access, correct, or delete your personal data, to object to or restrict certain processing, to withdraw consent, and to lodge a complaint with a supervisory authority. You can access, correct, and delete your personal data directly within the Service, including deleting your entire account. To request a full copy of your data, contact us.

11. International Data Transfers

Our third-party providers may process data outside Canada. By using the Service you acknowledge that your data may be transferred to and processed in countries other than your country of residence, subject to safeguards required by applicable law.

12. Children's Privacy

The Service is designed for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided us with personal data, contact us so we can remove it.

13. Changes to This Policy

We may update this Policy from time to time. Material changes will be reflected by updating the "Last updated" date above. Continued use of the Service after changes means you accept the revised Policy.

14. Contact Us

Questions or requests regarding this Policy? [email protected]