CalorieBot Privacy Policy

Last Updated: April 1, 2025

1. Introduction

CalorieBot ("we," "us," or "our") is committed to protecting your privacy. This policy explains how we collect, use, and protect your data when you use our Discord-based nutrition and fitness tracking service.

2. Information We Collect and How We Use It

2.1 Essential Service Data

  • Discord User ID and username: To link your activity and data to your account
  • Server membership information: To manage server-based access and permissions
  • Profile settings and preferences: To customize your experience

2.2 Nutrition and Fitness Data

We collect:

  • Food photos and descriptions
  • Meal logs and nutritional information
  • Workout records and personal records (PRs)
  • Weight, steps, and other fitness metrics
  • Challenge participation data

This data is used to:

  • Provide real-time nutrition tracking
  • Generate workout recommendations
  • Enable challenge participation
  • Create progress reports and insights
  • Improve our AI recognition systems

2.3 Third-Party Integration Data

When you connect services like Fitbit or Garmin, we:

  • Only collect data necessary for requested features
  • Sync only the metrics you explicitly authorize
  • Update data at intervals you specify
  • Never sell or share this data with other third parties

2.4 AI and Photo Processing

For food photos:

  • Photos are temporarily stored for immediate analysis only
  • Deleted from our servers within 24 hours
  • Used anonymously to improve our AI model
  • Never shared with external parties
  • Never used for marketing purposes

3. How We Protect Your Data

We implement industry-standard security measures including:

  • End-to-end encryption for data transmission
  • Regular security audits
  • Access controls and authentication
  • Secure cloud storage with [Provider Name]
  • Regular backup procedures

4. Data Sharing and Usage

We will:

  • Share your challenge progress with server members when you opt-in
  • Display your username on leaderboards when participating in challenges
  • Use anonymized data for service improvement
  • Share basic metrics with connected third-party services you authorize

We will never:

  • Sell your personal data to third parties
  • Share your health data with advertisers
  • Use your photos for marketing without explicit consent
  • Expose your private logs to other users without permission

5. Your Rights and Controls

You can:

  • Access all your data through our /export command
  • Delete your account and data using /delete_account
  • Modify privacy settings via /privacy
  • Opt-out of AI training usage
  • Control what information is visible to other users
  • Revoke third-party access at any time

6. Data Retention

  • Active accounts: Data retained until account deletion
  • Deleted accounts: Data permanently removed within 30 days
  • Backup retention: Maximum 90 days
  • Anonymous usage data: Retained indefinitely for service improvement

7. Children's Privacy

  • Users must be 13 or older
  • We do not knowingly collect data from users under 13
  • Parents can request data deletion for users under 13
  • Age verification required for certain features

8. International Data Transfers

  • Data stored on servers in [Location]
  • GDPR-compliant data transfer mechanisms in place
  • Standard contractual clauses with service providers
  • Regular compliance audits

9. Changes to This Policy

  • We'll notify users of material changes via Discord
  • 30-day notice before significant changes
  • Continued use constitutes acceptance
  • Previous versions available upon request

10. Contact Us

For privacy-related matters:

  • Email: privacy@caloriebot.app
  • Response time: Within 48 hours
  • Data requests handled within 30 days

11. Specific Feature Guidelines

11.1 Photo Upload Guidelines

  • Accepted formats: JPG, PNG
  • Maximum file size: 10MB
  • No inappropriate content
  • Personal information should not be visible

11.2 AI Interaction Rules

  • Conversations logged for training
  • Personal information automatically redacted
  • Training data anonymized

11.3 Challenge Participation

  • Performance metrics visible to participants
  • Opt-out available at any time
  • Historical data retained unless deleted
  • Privacy controls for individual metrics

12. Compliance Frameworks

GDPR Compliance:

  • Data processing agreements in place
  • Right to be forgotten honored
  • Data portability supported
  • Processing records maintained

CCPA Compliance:

  • California privacy rights honored
  • Do Not Sell My Info supported
  • Annual privacy notice provided
  • Verification procedures in place

13. Dispute Resolution

  • Initial resolution through support channels
  • Escalation process available
  • Independent mediation option
  • Binding arbitration as last resort