Squeeze page

1. Introduction

CRX Universal LLC ("CalScan AI," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and disclose your data when you use the CalScan AI mobile application (the "App").

By creating an account and using the App, you expressly accept our Terms of Service and this Privacy Policy, which govern our relationship and your use of the App, including mandatory data sharing practices for Free Tier users as described below.

Important: Your use of CalScan AI is governed by a contract between you and CRX Universal LLC. For Free Tier users, sharing anonymized meal photos with our AI partners is a fundamental and non-negotiable term of this contract, necessary to offset operational costs. If you do not agree to this data sharing, please use our paid subscription service or do not use the App.

2. Data Controller and Contact

CRX Universal LLC
817 S MacArthur Blvd, Suite 115-1025
Coppell, TX 75019
United States of America

Privacy Contact Email: legal@calscanai.com

Data Protection Officer (EU/UK users): dpo@calscanai.com

3. EU Representative (Article 27 GDPR)

For matters related to the processing of personal data under the EU General Data Protection Regulation (GDPR), our appointed representative in the European Union is:

FGND Core GmbH
Hauptstrasse 151
10827 Berlin
Germany

Email: crx-universal@core-privacy.eu

This contact point is available for GDPR-related privacy matters, requests from EU supervisory authorities, and inquiries from individuals in the European Union.

4. Age Restrictions and Children's Privacy

The App is intended for users aged 16 and older. We do not knowingly collect or retain personal information from children under 16 years of age.

If we learn that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take immediate steps to delete such information. Parents or guardians who believe their child has provided us with personal information should contact us immediately at legal@calscanai.com.

5. Information We Collect

5.1. Information You Provide Directly

Account Information: Email address, password, name (if provided through third-party authentication)
Profile and Health Information: Age, weight, height, dietary preferences (e.g., vegetarian, keto, paleo), allergies and dietary restrictions
User Content: Meal photos you upload for nutritional analysis, food diary entries, notes, and progress tracking data
Health App Integration Data (Future Feature): With your explicit consent, we may collect data from Apple Health, Google Fit, or similar platforms, including step count, calories burned, activity data, and sleep patterns
Subscription Information: Subscription status, billing history (processed through app stores)

5.2. Information Collected Automatically

Device Information: IP address, device type, operating system version, device identifiers, mobile network information
Usage Information: App features accessed, session duration, frequency of use, interaction patterns, crash reports, and diagnostic data
Analytics Data: Performance metrics, user behavior analytics, feature usage statistics
Advertising Identifiers: Device advertising IDs (IDFA for iOS, AAID for Android) for advertising and analytics purposes

5.3. Information from Third Parties

Authentication Services: Profile information from Apple, Google, or Facebook (name, email, profile picture)
App Store Information: Transaction data and subscription status from Apple App Store and Google Play Store

6. How We Use Your Information

We process your personal information for the following purposes:

Service Delivery: Provide nutritional analysis of meal photos, calculate macros and calories, track dietary goals, sync data across devices
Personalized Reports (Paid Subscribers): Generate weekly AI-powered nutrition reports with personalized insights, recommendations, and progress analysis
Account Management: Create and manage your account, process subscriptions, provide customer support
App Improvement: Analyze usage patterns, fix bugs, develop new features, conduct research and development
AI Model Training (Free Tier Only): Share anonymized meal photos with AI partners to train and improve AI models (see Section 8)
Marketing and Advertising: Deliver personalized advertisements, measure ad performance, send promotional communications
Security and Fraud Prevention: Detect and prevent fraud, unauthorized access, and illegal activities
Legal Compliance: Comply with applicable laws, regulations, legal processes, and enforceable governmental requests

7. Legal Basis for Processing (GDPR)

For users in the European Union, United Kingdom, and other GDPR-applicable jurisdictions, we process your personal data based on the following legal grounds:

Processing Activity	Legal Basis
Service delivery, account management, nutritional analysis, weekly reports (paid users)	Contract Performance - necessary to fulfill our Terms of Service
AI training data sharing (Free Tier only)	Contract Performance - essential term of the free service contract
Transient AI processing for weekly reports (Paid users only)	Contract Performance - necessary to deliver subscribed service features
App improvement, analytics, crash reporting	Legitimate Interest - improving service quality and user experience
Marketing communications, personalized ads	Consent - you may opt out at any time
Health app integrations (Apple Health, Google Fit)	Explicit Consent - requested separately in-app
Legal compliance, security, fraud prevention	Legal Obligation and Legitimate Interest

8. AI Training Data Sharing (Free Tier Users Only)

⚠️ IMPORTANT NOTICE FOR FREE TIER USERS

If you use our Free Tier service, sharing your anonymized meal photos with our AI partners is a mandatory, non-negotiable condition of use. You cannot opt out of this data sharing while using the Free Tier.

8.1. What Data is Shared

For Free Tier users only, we share anonymized meal photos with our trusted AI partners, including but not limited to OpenAI, Google AI, and OpenRouter, for the purpose of training and improving general AI models. This data sharing allows us to offset significant operational costs and continue offering a free service.

8.2. Anonymization Process

Before sharing any meal photos, we implement irreversible anonymization measures:

Complete removal of all EXIF metadata (location, timestamp, device information)
Stripping of all user identifiers and account linkages
Removal of any embedded technical data
Images cannot be re-identified or linked back to individual users

Note: While we expect users to photograph food items, we cannot control what images you choose to upload. You are responsible for ensuring your uploaded photos do not contain personal, sensitive, or identifying information (faces, documents, locations, etc.). By uploading images, you confirm they contain only food items appropriate for analysis.

8.3. What is NOT Shared for Training

The following information is NEVER shared with AI partners for training purposes:

Your name, email, or account information
Personal health data (weight, height, goals, dietary restrictions)
Location information or device identifiers
Usage patterns or behavioral data
Any data from paid subscription users

8.4. Paid Subscription Users - Privacy Protection

✓ PAID SUBSCRIPTION USERS: Your meal photos are NEVER shared with AI partners for training purposes. Your data is never used to train third-party AI models.

Weekly Report Feature (Pro Users Only)

Paid subscribers receive personalized weekly nutrition reports generated by AI. For this feature only:

Transient Processing: Your personal data (name, goals, meal history, dietary preferences, progress data) is temporarily sent to our AI partners (OpenAI, Google AI, or OpenRouter) solely to generate your personalized weekly report
Not Stored: This data is NOT retained by our AI partners after report generation is complete
Not Used for Training: Your data is explicitly excluded from AI model training through our API agreements with these providers
Service Delivery Only: Data sharing occurs only for the purpose of delivering the contracted service (your personalized report)
Encrypted Transmission: All data is transmitted via secure, encrypted connections

This is different from Free Tier users: Your data is only processed to provide the service you requested (weekly report generation) and is never permanently shared, stored by third parties, or used to train AI models.

8.5. Data Retention and AI Models

Once anonymized meal photos from Free Tier users are incorporated into AI training datasets, they become part of the trained models and cannot be individually identified, extracted, or deleted. Deleting your CalScan AI account does not remove previously shared anonymized images from AI training models, though it will prevent any future sharing.

For paid subscription users, no data is ever incorporated into AI training models.

8.6. Free Tier vs. Paid Subscription Comparison

Feature	Free Tier	Paid Subscription
Nutritional Analysis	✓ Included	✓ Included
Goal Tracking	✓ Included	✓ Included
Weekly AI Report	✗ Not available	✓ Included (private processing)
AI Training Data Sharing	YES - Mandatory (Anonymized photos used for training)	NO - Never shared for training
AI Processing for Service Delivery	Yes (analysis only)	Yes (analysis + weekly reports) Transient, not stored, not trained
Data Retention by AI Partners	Permanent (incorporated in models)	Zero retention (transient processing only)

9. Data Sharing and Third Parties

WE DO NOT SELL YOUR PERSONAL INFORMATION.

We share your information only with the following categories of recipients:

9.1. Essential Service Providers

We engage trusted third-party service providers who process data on our behalf under strict confidentiality and data protection agreements:

Cloud Infrastructure: Amazon Web Services (AWS), Railway - data hosting and storage
Analytics: Google Analytics, Google Firebase - app performance and usage analytics
Authentication: Apple Sign-In, Google Sign-In, Facebook Login - secure account authentication
Subscription Management: RevenueCat, Apple App Store, Google Play Store - payment and subscription processing
Customer Support: Support ticketing and communication platforms

9.2. AI Partners

For Free Tier Users - AI Training (Permanent)

Anonymized meal photos from Free Tier users are shared with AI partners including OpenAI, Google AI, and OpenRouter for model training purposes. This data becomes part of trained AI models and cannot be removed. See Section 8 for complete details.

For Paid Subscription Users - Service Delivery Only (Transient)

For paid subscribers using the Weekly Report feature, personal data (name, goals, meal history, dietary preferences, progress data) is temporarily processed by our AI partners (OpenAI, Google AI, or OpenRouter) solely to generate personalized weekly nutrition reports. This processing is:

Transient: Data is not retained after report generation
Not used for training: Explicitly excluded from AI model training per API terms
Contractually protected: Governed by data processing agreements with AI partners that prohibit retention and training use
Service-essential: Necessary to deliver the personalized weekly report feature you've subscribed to

This is standard AI-as-a-service processing, similar to how customer support chatbots or personalized recommendations work - your data is used only to provide the immediate service you requested and is not retained afterwards.

9.3. Legal and Safety Disclosures

We may disclose your information when required by law or necessary to:

Comply with legal obligations, court orders, subpoenas, or government requests
Enforce our Terms of Service and protect our rights and property
Protect the safety, security, and rights of our users or the public
Prevent fraud, security breaches, or illegal activities

9.4. Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, user information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the App of any such change in ownership or control of your personal information.

10. Advertising and Analytics

We use advertising and analytics services to improve our App, measure performance, and deliver personalized experiences:

10.1. Analytics Services

Google Analytics: Usage patterns, feature popularity, user demographics
Google Firebase: Crash reporting, performance monitoring, app analytics

10.2. Advertising Services

Google Ads: Ad delivery, conversion tracking, remarketing
Facebook Ads (Meta): Ad delivery, audience targeting, conversion measurement

10.3. Tracking Technologies

These services may use cookies, pixels, SDKs, and device advertising identifiers (IDFA/AAID) to track your activity across apps and websites for analytics and advertising purposes. You can limit ad tracking through your device settings (see Section 15 for details).

11. International Data Transfers

Your personal information is primarily stored and processed on servers located in the United States. If you are located in the European Union, United Kingdom, or other regions with data protection laws, please note that your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate.

11.1. Safeguards for EU/UK Users

For users in the EU and UK, we ensure that international data transfers comply with GDPR requirements through:

Standard Contractual Clauses (SCCs): We use European Commission-approved SCCs with all processors handling EU/UK personal data
Adequacy Decisions: Where applicable, we rely on European Commission adequacy decisions
Additional Safeguards: Technical and organizational measures to protect data during transfer and processing

12. Data Retention and Deletion

We retain your personal information only as long as necessary for the purposes described in this Privacy Policy, to fulfill legal obligations, resolve disputes, and enforce our agreements.

12.1. Retention Periods

Data Category	Retention Period
Account information	Duration of account activity + 90 days after deletion
Meal photos and diary entries	Up to 2 years or until account deletion
Usage and analytics data	26 months
Support communications	3 years
Transaction records	7 years (legal requirement)
Anonymized AI training data (Free Tier)	Cannot be individually removed once incorporated into models

12.2. Account Deletion

You may request deletion of your account at any time by contacting legal@calscanai.com or using the in-app account deletion feature. Upon account deletion:

Most personal data will be permanently deleted within 90 days
Some information may be retained for legal, security, or fraud prevention purposes as permitted by law
Anonymized, aggregated data may be retained for analytics and research
Previously shared anonymized meal photos (Free Tier) cannot be removed from AI training models

13. Data Security

We implement comprehensive security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction:

13.1. Technical Safeguards

End-to-end encryption for data transmission (TLS/SSL)
AES-256 encryption for data at rest
Secure cloud infrastructure with redundant backups
Regular security audits and vulnerability assessments
Automated threat detection and monitoring

13.2. Organizational Safeguards

Strict employee access controls and authentication
Background checks for personnel with data access
Regular privacy and security training
Data minimization and privacy-by-design principles
Incident response and breach notification procedures

13.3. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant supervisory authorities in accordance with applicable law, typically within 72 hours of discovery.

14. Your Privacy Rights

Depending on your location, you have certain rights regarding your personal information:

14.1. Rights for All Users

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information (subject to legal exceptions)
Portability: Receive your personal data in a portable, machine-readable format

14.2. Additional Rights for EU/UK Users (GDPR)

Withdraw Consent: Withdraw consent for processing based on consent (does not affect lawfulness of processing before withdrawal)
Restrict Processing: Request limitation of processing in certain circumstances
Object to Processing: Object to processing based on legitimate interests
Lodge a Complaint: File a complaint with your local data protection authority

14.3. Limitations on Privacy Rights

Important Limitation for Free Tier Users: While you have the rights described above, you cannot opt out of AI training data sharing while using the Free Tier service. This data sharing is a fundamental, non-negotiable term of the contract that allows us to provide the service for free. If you wish to stop this data sharing, you must either upgrade to a paid subscription or cease using the App.

14.4. How to Exercise Your Rights

To exercise any of your privacy rights, please contact us at:

Email: legal@calscanai.com
In-App: Use the "Privacy Rights" section in Settings
EU Users: Contact our EU Representative at crx-universal@core-privacy.eu

We will respond to verified requests within 30 days (or 45 days for complex requests). Identity verification may be required for security purposes.

15. Cookies and Tracking Technologies

15.1. Types of Cookies and Tracking Technologies We Use

Essential Cookies (Always Active)

Required for the App to function properly. These cannot be disabled without affecting core functionality:

Authentication and session management
Security and fraud prevention
Load balancing and performance

Analytics Cookies

Help us understand how users interact with the App:

Google Analytics: Usage patterns, feature popularity, user demographics
Firebase Analytics: App performance, crash reporting, user engagement

Advertising Cookies

Used to deliver personalized advertisements and measure ad effectiveness:

Google Ads: Ad delivery, conversion tracking, remarketing
Facebook Pixel: Ad targeting, audience building, conversion measurement

15.2. Device Advertising Identifiers

We collect and use device advertising identifiers for analytics and advertising:

iOS: Identifier for Advertisers (IDFA)
Android: Android Advertising ID (AAID)

15.3. Managing Cookies and Tracking

Mobile Device Settings

iOS Users:

Settings → Privacy & Security → Tracking → Toggle off "Allow Apps to Request to Track"
Settings → Privacy & Security → Apple Advertising → Toggle on "Personalized Ads"

Android Users:

Settings → Google → Ads → Reset advertising ID or Opt out of Ads Personalization

Browser Settings (for web version)

Most web browsers allow you to control cookies through browser settings. Please note that disabling cookies may affect App functionality.

15.4. Do Not Track Signals

Our App does not currently respond to "Do Not Track" (DNT) browser signals. However, you can use the device-level controls described above to limit tracking.

16. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

16.1. California Consumer Rights

Right to Know: Request disclosure of personal information collected, used, shared, or sold
Right to Delete: Request deletion of personal information we have collected
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out: Opt out of "sale" or "sharing" of personal information
Right to Limit: Limit use and disclosure of sensitive personal information
Right to Non-Discrimination: Not be discriminated against for exercising your rights

16.2. Categories of Personal Information Collected

Category	Examples	Collected
Identifiers	Email, name, device ID, IP address	Yes
Personal information (Cal. Civ. Code § 1798.80)	Name, email, weight, height	Yes
Commercial information	Subscription status, purchase history	Yes
Internet/network activity	App usage, browsing history, interactions	Yes
Geolocation data	General location (city/region)	Limited
Sensitive personal information	Health data (weight, height, diet type)	Yes
Inferences	Dietary preferences, health insights	Yes

16.3. "Sale" or "Sharing" Under CCPA

We do not sell personal information for monetary consideration. However, under CCPA's broad definition, the following activities may be considered "sharing" for cross-context behavioral advertising:

Sharing advertising identifiers with Google Ads and Facebook Ads for targeted advertising
Using analytics cookies that may be used for advertising purposes

Free Tier AI Training Data Sharing: Sharing anonymized meal photos with AI partners (OpenAI, Google AI, OpenRouter) for AI model training is NOT considered a "sale" or "sharing" under CCPA because: (1) the data is irreversibly anonymized, (2) it is not used for cross-context behavioral advertising, and (3) it is a fundamental term of the service contract.

16.4. Exercising Your California Rights

California residents may exercise their rights by:

Email: legal@calscanai.com with subject "California Privacy Rights Request"
Phone: Contact us at the email above to request a toll-free number

We will verify your identity before processing requests and respond within 45 days.

16.5. Authorized Agents

California residents may designate an authorized agent to make requests on their behalf. The agent must provide proof of authorization, and we may require you to verify your identity directly.

17. Marketing Communications

We may send you marketing communications about new features, promotions, health tips, and other news about CalScan AI.

17.1. Types of Marketing Communications

Email Marketing: Product updates, promotional offers, health and nutrition tips
Push Notifications: In-app messages, goal reminders, feature announcements
In-App Messages: Personalized recommendations, upgrade prompts

17.2. Opting Out

You can opt out of marketing communications at any time:

Email: Click the "Unsubscribe" link at the bottom of any marketing email
Push Notifications: Disable in App Settings → Notifications or device settings
In-App Messages: Adjust preferences in App Settings → Marketing Preferences

Note: You cannot opt out of transactional or service-related communications (account notifications, security alerts, policy updates).

18. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

18.1. Notification of Material Changes

If we make material changes that significantly affect your rights or how we process your data, we will provide notice by:

Sending an email to your registered email address at least 30 days before the changes take effect
Displaying a prominent in-app notification
Updating the "Last Updated" date at the top of this policy

18.2. Continued Use

Your continued use of the App after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the App and may request deletion of your account.

19. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

19.1. Primary Contact (All Users)

CRX Universal LLC
817 S MacArthur Blvd, Suite 115-1025
Coppell, TX 75019
United States of America

Privacy Contact Email: legal@calscanai.com

Data Protection Officer: dpo@calscanai.com

19.2. EU Representative (EU/UK Users)

FGND Core GmbH
Hauptstrasse 151
10827 Berlin
Germany

Email: crx-universal@core-privacy.eu

19.3. Supervisory Authorities (EU/UK Users)

If you are located in the EU or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority. A list of EU data protection authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en