Privacy Policy

Effective date: 17 May 2026 · Last updated: 17 May 2026

This Privacy Policy explains how The Trustee of Rubek Trust (ABN 88 620 073 413), trading as Callie, of Queensland, Australia ("Callie", "we", "us", "our") collects, uses, discloses and protects personal information when you use the Callie mobile app and any related websites and services (the "Service").

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, and — where applicable — the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

1. Who we are (data controller)

The Trustee of Rubek Trust (ABN 88 620 073 413)
Queensland, Australia
Contact: appcallie@gmail.com

2. What we collect

Category	Examples
Account information	Email address, Apple Sign-In identifier, display name, password hash (if applicable), account creation date.
Health and wellness inputs	Period start and end dates, weight entries, body measurements (e.g. height), age, food logs and meals, calorie/macronutrient data, cycle-phase preferences.
Camera-captured content	Photos of food or barcodes you choose to scan. Images are transmitted to our AI nutrition-analysis provider (Google, via the Gemini API) for the sole purpose of estimating calories, macronutrients and ingredients. Images are not used for advertising, are not retained by us for model training, and are processed in transit under encryption.
AI text inputs	Text you submit to AI features — for example, the ingredient and weight list you provide in "AI Text" food logging, your free-text answers in onboarding (e.g. what's stopping you from reaching your goals), and any meal descriptions. This text is sent to our AI provider (Google Gemini) to generate the response shown back to you.
Subscription and purchase data	Receipt identifiers, plan and status (active/cancelled/trial), purchase events — processed through Apple and RevenueCat. We do not see your full payment card details.
Device and technical data	Device model, operating system version, language, time zone, anonymous app installation ID, IP address (collected by our analytics provider and used to approximate country/region), crash logs, basic diagnostic information.
Product analytics	Events describing how you use the app — for example, which onboarding screen you viewed, which buttons you tapped, whether a purchase succeeded, and selections you made (such as your goal, activity level, age bucket, and selected pain points or motivations). These events are tied to a per-user analytics identifier (anonymous before sign-in, linked to your account identifier afterwards) and are used to understand drop-off, fix bugs, and improve the Service. Free-text answers and HealthKit data are not sent to our analytics provider.
Support communications	Anything you email us — content of your message, your email address, and metadata.

3. Apple HealthKit — special treatment

If you choose to connect Callie to Apple HealthKit, the following rules apply (we follow Apple's strict requirements):

HealthKit data is used only to provide the features you enable inside the app.
We will never use HealthKit data for advertising, marketing or similar services.
We will never sell HealthKit data, share it with third parties for marketing, or disclose it to third parties without your explicit consent.
HealthKit data is not transmitted to or stored on our servers unless this is essential to the feature you're using; where transmission is essential, data is encrypted in transit.

You can revoke Callie's access to HealthKit at any time in iOS Settings → Health → Data Access & Devices.

4. AI-powered features

Some features in Callie use third-party AI to give you a faster, more useful experience. These currently include:

AI Photo Scan — you take or upload a photo of food or a nutrition label and we estimate calories and macros.
AI Text Logging — you list ingredients and weights, and we estimate calories and macros.
Personalised onboarding — your stated goals, selections and any free-text answers may be used to generate a short personalised summary of how Callie can help.

For these features, the relevant input (image, ingredient list, or onboarding selections) is transmitted under TLS encryption to our AI provider, Google (Gemini API), processed solely to produce a response, and returned to you. We do not use your inputs to train our own models. Per Google's API terms, paid Gemini API requests are not used by Google to train their generally available models.

AI outputs are estimates and may be inaccurate. You can always edit values manually before saving them, and you can choose not to use AI features at all. HealthKit data is never sent to AI providers.

5. How we use your information

To provide the Service — calculate your phase-adapted calorie and macro targets, render trends, save your logs.
To manage your account and subscription — authenticate, process purchases through Apple/RevenueCat, send transactional emails (receipts, trial reminders).
To improve and secure the Service — diagnose crashes, prevent abuse, develop new features.
To support you — respond to your questions and feedback.
To comply with law — meet legal, tax and regulatory obligations.

Legal bases (GDPR/UK GDPR)

Where GDPR applies, we rely on: (a) performance of a contract (delivering the Service you signed up for); (b) our legitimate interests (improving and securing the Service, preventing fraud); (c) your consent (e.g. HealthKit connection); and (d) legal obligation.

6. How we share information

We do not sell your personal information. We share data only with the limited service providers needed to run Callie, under contracts that require appropriate confidentiality and security:

Provider	Purpose	Region
Apple Inc.	App distribution, Sign in with Apple, App Store payments, HealthKit, push notifications.	USA
Google LLC — Firebase	Account authentication, crash reporting, push delivery, server-side functions.	USA
Google LLC — Sign in with Google	Optional account sign-in.	USA
Google LLC — Gemini API	AI processing of food images, ingredient text and onboarding inputs for AI Scan, AI Text and personalised summaries.	USA
RevenueCat	Subscription state management.	USA
PostHog	Product analytics — events tied to your anonymous device ID, and to your account identifier after sign-in. Used to understand feature usage and onboarding drop-off.	USA
Vercel	Hosting of our backend API endpoints (e.g. AI proxy, personalisation).	USA
Expo (EAS)	App build and over-the-air update delivery.	USA

We may also disclose information when required by law, to enforce our Terms, to protect rights or safety, or in connection with a merger, acquisition or sale of assets (in which case we will notify users).

7. International transfers

Your information may be processed in countries outside Australia, including the United States and the European Union. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) and ensure the recipient is bound to comparable protections.

8. How long we keep your information

We retain personal information for as long as your account is active and for a reasonable period afterwards to comply with our legal obligations, resolve disputes and enforce agreements. Following account deletion, we delete or anonymise your personal data within 30 days, except where retention is required by law (for example, tax records of purchases).

9. Security

We use industry-standard technical and organisational measures — including TLS encryption in transit, encrypted database storage, restricted access controls and audit logging — to protect your information. No system is completely secure, however, and we cannot guarantee absolute security.

10. Your rights

Subject to applicable law, you have the right to:

Access the personal information we hold about you.
Correct inaccurate or outdated information.
Delete your account and associated data ("right to be forgotten").
Export your data in a portable format.
Object to or restrict certain processing.
Withdraw consent (e.g. disconnect HealthKit) at any time, without affecting the lawfulness of prior processing.
For California residents: opt out of any "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CCPA/CPRA.

To exercise these rights, email us at appcallie@gmail.com. We will respond within the time required by applicable law (generally 30 days). We may need to verify your identity before acting on a request.

11. Children

The Service is not directed at, and we do not knowingly collect personal information from, children under 16. If you believe a child has provided us with information, contact us and we will delete it.

12. Cookies, in-app analytics and the Callie website

Our marketing website may use a small number of strictly necessary cookies. Inside the app, we use PostHog for product analytics (see the table in section 6) — events are tied to your anonymous device ID, and to your account identifier once you sign in. We do not use this data to build advertising profiles of you, and we do not share it with advertisers. If we add additional tracking technologies in the future, we will update this Policy and, where required, request your consent.

13. Third-party links

The Service may link to third-party sites or services. Their privacy practices are governed by their own policies, which we encourage you to read.

14. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you in the app or by email and update the "Last updated" date above. Your continued use of the Service after the effective date constitutes acceptance.

15. Complaints

If you have a concern about how we have handled your personal information, please contact us first at appcallie@gmail.com. We will try to resolve it promptly.

If you are not satisfied with our response, you may lodge a complaint with:

The Office of the Australian Information Commissioner (OAIC) — oaic.gov.au.
Your local data protection authority (EU/UK residents).

16. Contact us

The Trustee of Rubek Trust (ABN 88 620 073 413)
Queensland, Australia
appcallie@gmail.com