📄 Privacy Policy

The service provider establishes this Privacy Policy (hereinafter referred to as "this Policy") regarding the handling of personal information and usage information of users in the diet support app calomee (hereinafter referred to as "this Service").

---

Article 1: Scope of Application

This Policy applies to all personal information and related information collected and used by the service provider in this Service.

---

Article 2: Information Collected

The service provider may collect the following information in providing this Service:

1. Information entered by users during registration (email address, password, etc.)

2. Information entered or submitted by users to this Service (gender, date of birth, height, weight, body fat percentage, meal records, food image data, exercise records, goal settings, inquiry content, etc.)

3. Device information (device ID, OS, model, browser type, etc.)

4. Log information (IP address, access date and time, usage history, operation history, etc.)

5. Information collected for advertising delivery (advertising ID, cookies, identifiers, etc.)

---

Article 3: Purpose of Use

The service provider uses the collected information for the following purposes:

1. Provision and operation of this Service

2. To provide users with personalized advice and information

3. Improvement of this Service's features and development of new features

4. User support and inquiry response

5. Advertising delivery, effectiveness measurement, marketing research

6. Investigation and response to violations of the Terms of Service

7. Response based on laws and regulations

8. The above information processing is carried out based on the following legal grounds:

   • Contract performance (provision of this Service)

   • Legitimate interests (service improvement, fraud prevention)

   • Legal obligations (tax records, dispute resolution)

   • User consent (advertising delivery, etc.)

---

Article 4: Use of AI Services

1. This Service may use external AI (artificial intelligence) services to provide personalized advice to users.

2. When using AI services, information entered by users (weight, meal records, goal settings, etc.) and uploaded food image data may be transmitted to external service providers for AI processing.

3. Food images are used for automatic analysis by AI for the purpose of estimating nutritional value and analyzing meal content.

4. Uploaded image data is promptly deleted after the completion of analysis processing. It will not be used for machine learning or model training purposes by AI service providers.

5. Some AI services may be routed through servers outside of Japan.

6. The service provider enters into appropriate data protection agreements with AI service providers to ensure the security of user information.

7. This Service performs automated advice generation by AI (profiling), but this is for the purpose of supporting users' health and does not have legal effects on users. Users can stop using AI features at any time.

---

Article 5: Third-Party Provision / Use of External Services

1. The service provider will not provide personal information to third parties without user consent, except in the following cases:

   • When required by laws and regulations

   • When necessary for the protection of human life, body, or property, and when it is difficult to obtain the consent of the person

   • When outsourcing within the scope necessary for the provision of this Service

2. This Service uses the following external services:

   • Cloud servers (Amazon Web Services, Sakura VPS, Cloudflare, Supabase): Data storage, email sending

   • Advertising delivery services (Google AdMob): Advertising display (only when using the free plan)

   • AI services (OpenAI, Anthropic, Google, etc.): Advice generation for users, automatic analysis of food images

3. Through the use of these external services, user information may be stored on servers outside of Japan.

4. Personal information transferred abroad is mainly stored on servers in the United States. The service provider ensures the same level of protection abroad as in Japan through Standard Contractual Clauses (SCC) or other appropriate safeguards.

---

Article 6: Handling of Image Data

1. Food image data uploaded by users is used for automatic analysis by AI for the purpose of estimating nutritional value and analyzing meal content.

2. Image data is promptly deleted after the completion of analysis processing. However, images saved by users within this Service are retained until account deletion.

3. Uploaded image data will not be used for machine learning or model training purposes by AI service providers.

4. Copyright of the images belongs to users, but users grant permission to use them within the scope necessary for the provision of this Service (AI analysis, display, storage, etc.).

5. Uploading images that infringe on the rights of others, images that are contrary to public order and morals, or images that do not align with the purpose of this Service is prohibited.

---

Article 7: Cookies / Advertising ID

1. This Service uses technologies such as cookies and advertising IDs to improve the convenience of the service and deliver advertisements.

2. For advertising delivery, we use the advertising delivery service provided by Google AdMob, which may collect user information based on its own privacy policy.

3. Users can limit personalized advertising by resetting the advertising ID from their device settings.

4. Upon first use, users will be notified about the use of cookies and advertising IDs and their consent will be obtained. Except for essential cookies (those essential for service provision), users can manage cookie usage from settings.

---

Article 8: Information Management / Security

1. The service provider strives to keep user information accurate and up-to-date, and implements appropriate security management measures to prevent unauthorized access, leakage, alteration, loss, etc.

2. Specifically, we implement the following security measures:

   • Communication encryption (SSL/TLS)

   • Access permission management

   • Encrypted password storage

   • Regular security audits

3. The service provider promptly deletes or anonymizes information that is no longer needed.

---

Article 9: Response to Data Breaches

1. If a situation such as leakage, loss, or damage of personal information occurs, the service provider will promptly investigate the facts and, if necessary, report to the supervisory authority and notify affected users.

2. The notification in the preceding paragraph will be made by email or in-app notification.

3. The service provider will take appropriate measures to prevent recurrence.

---

Article 10: Information Retention Period

1. User personal information is retained for the period necessary to achieve the purpose of use (in principle, 2 years from the last login).

2. After account deletion, except for information required to be retained by laws and regulations, it will be deleted in principle within 30 days.

3. Log information is retained for a maximum of 1 year for security management and service improvement purposes. However, if there is a legal obligation such as investigating unauthorized access, it may be retained for the necessary period.

---

Article 11: Subscription Payment Information

1. Payment for the paid plan of this Service is made through the App Store (Apple Inc.).

2. The service provider does not directly obtain or hold payment information such as credit card numbers.

---

Article 12: User Rights

1. Users can make the following requests to the service provider regarding their personal information:

   • Request for disclosure

   • Request for correction, addition, or deletion

   • Request for suspension of use or deletion

   • Request for suspension of third-party provision

   • Request for data portability (provision of data in machine-readable format)

2. To make the above requests, please contact the inquiry desk listed at the end of this Policy.

3. When making a request, please contact us from your registered email address for identity verification.

4. The service provider will respond within 30 days from the date of receiving the request.

---

Article 13: Age Restrictions

1. Use of this Service is limited to users aged 9 years and older.

2. If registration of personal information by a user under 9 years of age is discovered, the service provider will promptly delete such information.

3. When users under 16 years of age use this Service, they must do so with the consent of their guardian. The service provider may confirm parental consent during registration.

4. For personal information of minors, the service provider will respond to requests for disclosure, correction, and deletion from guardians.

---

Article 14: Changes to This Policy

1. The service provider may change this Policy as necessary.

2. When making significant changes, the service provider will notify users of the changes on this Service or notify them by email.

3. If users use this Service after the changes, they will be deemed to have agreed to the revised Policy.

---

Article 15: Inquiry Desk

For inquiries about this Policy or requests for disclosure, correction, deletion, etc. of personal information, please contact the following desk:

• Service name: calomee
• Operator: Yohei Kono
• Contact: support@calomee.com

---

Article 16: Governing Law / Jurisdiction

1. This Policy is governed by Japanese law.

2. In the event of a dispute regarding this Service, the Tokyo District Court shall be the exclusive agreed jurisdiction.

---

Established: December 1, 2025 Last updated: December 1, 2025