Privacy Policy

Last updated: March 18, 2026

Kaelo AI by Klyftig ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Kaelo AI mobile application and related services.

1. Information We Collect

Account Information

• Email address and display name (when you register)
• Encrypted password (stored as a salted PBKDF2 hash)

Profile & Health Data

• Weight, height, age, gender, activity level, and dietary preferences
• Goal type and target weight
• Food logs, water intake logs, and weight logs
• Apple HealthKit data (only if you grant access — read/write for steps, active energy, weight, and dietary energy)

Food Photos

• Photos you take for AI food scanning are uploaded and stored in Cloudflare R2 object storage
• Photos are sent to OpenAI GPT-4 Vision for nutritional analysis

Usage Data

• AI usage logs (feature used, token counts, estimated cost — no content stored)
• Subscription and payment data managed through RevenueCat and Apple

Device Information

• Push notification tokens (for reminders)
• Camera EXIF metadata (focal length, device model — used for portion size estimation)

2. How We Use Your Information

• To provide and improve the Kaelo AI nutrition tracking service
• To analyze food photos using AI and provide nutritional estimates
• To calculate personalized calorie and macro targets
• To generate meal plans and recipe suggestions
• To process subscriptions and manage your account
• To send push notifications (with your permission)

3. Third-Party Services

We share data with the following third-party services as necessary to operate Kaelo AI:

• OpenAI — Food photos and text prompts are sent to OpenAI's GPT-4 Vision API for food recognition and nutritional analysis
• RevenueCat — Manages in-app subscriptions and purchase verification
• Apple HealthKit — Syncs health data if you enable the integration
• USDA FoodData Central — We query the USDA database for verified nutritional information
• Cloudflare — Hosts our backend (Workers), database (D1), file storage (R2), and website (Pages)

4. Data Storage & Security

• All data is stored on Cloudflare's infrastructure (D1 database, R2 object storage, KV cache)
• All data in transit is encrypted via TLS/HTTPS
• Passwords are hashed using PBKDF2 with 100,000 iterations and a unique salt
• Authentication uses signed JWT tokens

5. Your Rights

You have the right to:

• Access your data — view all your logs, profile, and account information in the app
• Export your data — download your food, water, and weight logs as CSV or PDF from the app
• Correct your data — edit your profile, logs, and custom foods at any time
• Delete your data — permanently delete your account and all associated data via the account deletion page

6. Children's Privacy

Kaelo AI is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us immediately.

7. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

8. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@klyftig.co.