Privacy Policy

Last updated: 10/28/2025

1. Introduction

Welcome to SumCal ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our mobile application and website.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, gender, age, height, weight, goal weight, activity level
  • Food Photos: Images of meals you upload for calorie analysis
  • Meal Data: Logged foods, portions, calories, timestamps
  • Sneaker Data: Beverages, snacks, and condiments logged via Sneaker Catcher
  • Payment Information: Processed securely through RevenueCat and Stripe (we do not store your full credit card details)

2.2 Automatically Collected Information

  • Device Information: Device type, operating system, app version
  • Usage Data: Features used, session duration, interactions with the app
  • Location Data: Approximate location (city-level) for contextual AI analysis (optional, with your permission)
  • Analytics: Anonymized usage patterns to improve our services

3. How We Use Your Information

We use your data to:

  • Provide AI-powered food recognition and calorie estimation
  • Generate personalized Traditional Chinese Medicine (TCM) wisdom and health insights
  • Track your meals, sneakers, and daily calorie totals
  • Send push notifications (Sneaker Catcher reminders, updates)
  • Process subscription payments
  • Improve our AI models and app features
  • Provide customer support
  • Comply with legal obligations

4. Data Sharing and Disclosure

4.1 Third-Party Services

We share data with trusted third parties only as necessary:

  • Anthropic (Claude AI): Food photos are sent to Anthropic's API for AI analysis. Photos are not stored by Anthropic.
  • RevenueCat: Manages mobile app subscriptions (iOS/Android)
  • Stripe: Processes web subscription payments
  • Cloud Storage: AWS S3 or Cloudflare R2 for secure image storage
  • Analytics: Anonymized usage data (no personal identifiers)

4.2 We Never Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Ever.

4.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or government request.

5. Data Security

We implement industry-standard security measures:

  • Encryption: All data transmitted via HTTPS (TLS 1.3)
  • Password Protection: Passwords are hashed using bcrypt
  • Secure Storage: Database encryption at rest
  • Access Control: Strict internal access policies

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

  • Active Accounts: We retain your data as long as your account is active
  • Deleted Accounts: Data is permanently deleted within 30 days of account deletion
  • Food Photos: Stored for 30 days, then automatically deleted (unless you delete them sooner)
  • Meal History: Retained until you delete your account

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information in your profile
  • Deletion: Delete your account and all associated data (Account Settings → Delete Account)
  • Export: Download your meal history and data
  • Opt-Out: Disable push notifications or location services

To exercise these rights, contact us at privacy@sumcal.com.

8. Children's Privacy

SumCal is not intended for users under 13 years old. We do not knowingly collect data from children under 13. If you are a parent and believe your child has provided us with personal information, please contact us.

9. International Users

Our servers are located in the United States. If you access SumCal from outside the U.S., your data may be transferred to and stored in the U.S. By using our services, you consent to this transfer.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect
  • Right to delete personal information
  • Right to opt-out of data sales (note: we do not sell your data)
  • Right to non-discrimination for exercising your rights

Contact us at privacy@sumcal.com to exercise these rights.

11. European Users (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

  • Legal basis for processing: Consent and legitimate interest
  • Right to access, correct, delete, or port your data
  • Right to withdraw consent
  • Right to lodge a complaint with your data protection authority

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Continued use of SumCal after changes constitutes acceptance.

13. Contact Us

Questions about this Privacy Policy? Contact us: