Calsay← Back

Legal

Privacy Policy

Last updated: April 20, 2026

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use Calsay and tells You about Your privacy rights and how the law protects You.

We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Application refers to Calsay, the mobile application provided by the Company.
  • Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Atlántico, the operator of Calsay.
  • Country refers to: Spain.
  • Device means any device that can access the Service such as a mobile phone or a digital tablet.
  • Health Data refers to information You provide or that We derive about Your body, nutrition, physical activity and wellness, including meals logged, body weight, height, date of birth, biological sex, activity level, dietary preferences and goals.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the Application.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company. This includes third-party companies that help Us operate the Service (for example, transcription, language models and nutrition data providers).
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Name
  • Email address
  • Profile photo (avatar), if You choose to upload one
  • Authentication identifier from Apple Sign-In or Google Sign-In, if You choose to use them

Health and Wellness Data

Calsay is a voice-based nutrition and fitness tracking application. To provide the Service, We collect and process the following categories of Health Data that You provide to Us:

  • Biological sex, date of birth and age
  • Height, body weight and target body weight
  • Activity level, fitness goal and desired rate of weight change
  • Dietary preferences and restrictions
  • Voice recordings of You describing meals, body weight or physical activities (used transiently for transcription — see "Voice Input" below)
  • Transcribed text of what You said
  • Meals logged, including food items, quantities, meal type, timestamp and computed nutritional values (calories, protein, carbohydrates, fat)
  • Weight logs with timestamp
  • Physical activity logs (activity type, duration, intensity, estimated calories burned, timestamp)

Under the EU General Data Protection Regulation (GDPR) and similar laws, some of this information qualifies as a special category of personal data (data concerning health). We only process this data with Your explicit consent, which You provide during onboarding and can withdraw at any time.

Voice Input

When You use the voice logging feature, Your speech is recorded on Your Device and uploaded to Our servers for the sole purpose of transcription and nutritional analysis. Audio recordings are not stored on Our servers; they are used transiently and discarded once transcription is complete. Only the transcribed text and the structured result (meal, weight or activity entry) are retained in association with Your Account.

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), Device type, operating system, unique device identifiers and diagnostic data related to app performance and errors.

Apple HealthKit

If You choose to connect Calsay to Apple Health, Calsay writes the following data categories to Your Apple Health store on Your Device:

  • Dietary energy consumed, dietary protein, dietary carbohydrates and dietary fat (on meal save)
  • Body mass (on weight log)
  • Active energy burned (on activity log)

Calsay does not read any data from Apple Health. The Apple Health integration is write-only and is controlled by the iOS system permission dialog. You can revoke Calsay's write access at any time from the iOS Settings app under Privacy & Security → Health. Data written to Apple Health stays on Your Device and is governed by Apple's privacy practices, not Ours.

Subscription and Purchase Data

Subscriptions to Calsay Premium are processed by Apple through the App Store. We do not receive or store Your payment card details. We do receive, via our paywall provider Superwall, anonymized subscription events (purchase, renewal, cancellation, refund) associated with an internal identifier, which We use to grant or revoke premium features and to compute anonymous revenue analytics. If You entered a promotional code during onboarding, that code is stored on Your profile so We can attribute the subscription to the corresponding channel.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain the Service, including to transcribe Your voice input, look up nutritional information, compute estimated calories burned from physical activity and persist Your logs to Your Account.
  • To personalize the Service, including to compute personalized calorie and macronutrient targets based on Your biological sex, age, height, weight, goal and activity level.
  • To manage Your Account, including registration, authentication and profile management.
  • To contact You, via push notifications, local notifications or email, regarding meal reminders You configured, security updates, or informational communications related to the Service.
  • To process subscriptions, including granting premium features, handling renewals and cancellations, and attributing purchases to promotional codes.
  • To manage Your requests, including responding to support inquiries and exercising Your privacy rights.
  • For analytics and improvement, including identifying usage trends, diagnosing errors, evaluating the effectiveness of the Service and improving the accuracy of our voice recognition and nutrition estimation.
  • For legal compliance, including complying with legal obligations, resolving disputes and enforcing our agreements.

Legal Bases for Processing (GDPR)

If You are located in the European Economic Area, the United Kingdom or Switzerland, We rely on the following legal bases to process Your Personal Data:

  • Explicit consent (Art. 9(2)(a) GDPR) for the processing of Your Health Data and for transferring Your data outside Your country/region. You provide this consent during onboarding and may withdraw it at any time by deleting Your Account or contacting Us.
  • Performance of a contract (Art. 6(1)(b) GDPR) to provide the Service You requested, including voice transcription, nutrition lookup and log persistence.
  • Legitimate interests (Art. 6(1)(f) GDPR) for analytics, fraud prevention, security and improving the Service, where those interests are not overridden by Your fundamental rights.
  • Legal obligation (Art. 6(1)(c) GDPR) where We are required by law to process Your data.

Service Providers and Sub-processors

We share Personal Data with a limited set of Service Providers that help Us operate Calsay. Each provider only processes the data necessary for their function and is bound by contractual data protection obligations.

  • Supabase Inc. — hosting, database, authentication and storage for Your Account and logs.
  • Groq, Inc. — automatic speech-to-text transcription of Your voice recordings (Whisper model). Audio is processed transiently and not retained by Us.
  • Google LLC (Google AI Studio / Gemini API) — language-model-based parsing of Your transcribed text into structured meal, weight or activity entries.
  • Edamam Inc. — nutritional database lookup for food items. We send food descriptions (e.g. "100g chicken breast") and receive nutritional values. We do not send Your name, email or identifiers to Edamam.
  • Apple Inc. — App Store subscription processing, Apple Sign-In authentication and, if You enable it, Apple HealthKit integration.
  • Google LLC (Google Sign-In) — OAuth authentication, if You choose to sign in with Google.
  • Superwall Labs, Inc. — paywall display and subscription event reporting.

We do not sell Your Personal Data to third parties.

Transfer of Your Personal Data

The Company is established in Spain. Some of our Service Providers listed above are located in the United States or other jurisdictions outside the European Economic Area. This means that Your Personal Data, including Your Health Data, may be transferred to and processed in countries whose data protection laws may be less protective than those of Your country of residence.

Where We transfer Personal Data outside the EEA, We rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, adequacy decisions where applicable, or — in the case of Health Data collected during onboarding — Your explicit consent to the transfer.

Your consent to this Privacy Policy and Your explicit acceptance of the "Transfer Outside of Country/Region" consent during onboarding represent Your agreement to these transfers.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy:

  • Account data and Health Data — retained for as long as Your Account is active. Deleted within 30 days of Account deletion.
  • Voice recordings — not retained; discarded immediately after transcription.
  • Subscription events — retained for as long as required for accounting and tax obligations (typically up to 6 years in Spain).
  • Usage Data and diagnostic logs — retained for a shorter period, typically up to 12 months, unless required longer for security or legal reasons.

Your Rights

Depending on where You live, You may have the following rights regarding Your Personal Data:

  • Access — request a copy of the Personal Data We hold about You.
  • Rectification — ask Us to correct inaccurate or incomplete data. You can also edit most of Your profile data directly in the app (Profile → Personal Details / Nutrition Goals).
  • Erasure — ask Us to delete Your Personal Data. You can delete Your Account and all associated data at any time from Profile → Delete Account.
  • Restriction — ask Us to limit how We process Your data.
  • Portability — request a machine-readable copy of the data You provided to Us.
  • Objection — object to processing based on our legitimate interests.
  • Withdraw consent — withdraw any consent You previously gave, without affecting the lawfulness of processing carried out before the withdrawal.
  • Lodge a complaint — with Your local data protection authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD, aepd.es).

To exercise any of these rights, contact Us at the email address listed at the end of this policy.

Delete Your Personal Data

You can delete Your Account and all associated Personal Data at any time from within the app: Profile → Delete Account. This action permanently removes Your profile, meal logs, weight logs, activity logs and avatar from Our servers. It does not remove data that You previously wrote to Apple Health; You can manage that data directly in the iOS Health app.

Please note that We may need to retain certain information when We have a legal obligation or lawful basis to do so (for example, subscription records required for tax compliance).

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other Legal Requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us. We use encryption in transit (TLS) for all communication between the app and Our servers, and rely on row-level security in our database so that each User can only access their own data. However, remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Children's Privacy

Our Service does not address anyone under the age of 13, and is not directed at children. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us (for example, our Terms of Service, which are Apple's Standard EULA). If You click on a third-party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top.

For material changes, We will also notify You via email and/or a prominent notice in the Service prior to the change becoming effective.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If You have any questions about this Privacy Policy, or if You wish to exercise any of Your privacy rights, You can contact us:

By email: management@atlanticointelligencelabs.com