Privacy Policy
Last updated: July 12, 2026. This draft should be reviewed and adapted by qualified privacy counsel for the jurisdictions where Kcal Day is operated.
What this covers
This policy describes how Kcal Day processes information when you use the private nutrition journal at kcal.day and its related domains.
Information you provide
Kcal Day may store your account email, authentication details, meals, recipes, ingredients, supplements and intake records, dietary preferences, goals, weight entries, activities, heart-rate fields, product scans, photos, captions, and AI conversation messages. This may reveal health or lifestyle information and is treated as sensitive personal data.
How information is used
- To provide authentication, account emails, storage, meal and activity tracking, recipe snapshots, supplement logs, dashboards, and conversation history.
- To calculate transparent general nutrition targets and activity estimates when you provide enough information.
- To perform a user-requested AI analysis, extraction, or chat response.
- To protect, troubleshoot, maintain, and improve the service. Logs should contain operational identifiers and errors, not meal photos, credentials, tokens, or full AI payloads.
AI and external services
Meal analysis, activity screenshot extraction, supplement label extraction, and chat questions are sent to OpenAI only after you explicitly request them. Context is limited by feature, but you should crop account names, route maps, exact GPS/location, and unrelated health information before uploading screenshots.
AI output may be incomplete or wrong. It is not medical advice, diagnosis, laboratory evidence, contaminant testing, or proof of safety. Photos cannot establish the presence or absence of heavy metals, microplastics, pathogens, allergens, drug interactions, or supplement efficacy.
ZeptoMail EU is used for transactional account and sign-in emails. Google and Apple may process information when you choose social login. Open Food Facts provides community-maintained packaged-food data and has its own terms and licenses. Review the applicable third-party policies before using those features.
Photos and uploads
Meal, supplement, and activity screenshots are stored privately with generated filenames and served only after ownership checks. A user-triggered AI request may transmit the relevant uploaded photos to OpenAI. Do not upload information about another person without an appropriate legal basis or consent.
Retention and deletion
Records are retained while your account is active or as needed to provide the service. You should be provided a way to request account and data deletion before public launch. Deletion may not immediately remove backups or records retained where legally required. Contact the service operator at the address published for your deployment to request access, correction, export, or deletion.
Security
We use authentication, ownership-scoped queries, private file handlers, HTTPS in production, protected configuration, and structured operational logging. No online service can guarantee absolute security. Keep your password, email links, and devices secure and report suspected unauthorized access.
Children and sensitive circumstances
Automatic energy estimates are intended for adults. Kcal Day is not designed to replace professional care for children, pregnancy, eating disorders, kidney or liver disease, medication interactions, or other medical circumstances.
Changes and contact
This policy may change as the service changes. The deployed application should publish a current operator name, contact address, legal basis, controller identity, and jurisdiction-specific rights before public launch.