Legal

Privacy Policy

Last updated: March 1, 2026

The short version: SAF Calorie Tracker is built with your privacy in mind. Your food logs, weight data, and health metrics live on your device and iCloud — never on our servers. We don't sell your data. We don't run ads. We don't track you.

1. Who We Are

SAF Calorie Tracker ("SAF", "we", "us", or "our") is an iOS app developed by Deviify. Our app helps you track calories, log meals, and monitor your weight — simply and without noise.

If you have any questions about this Privacy Policy, contact us at: omid@deviffy.com

2. Data We Collect

We collect only what is necessary to provide you with a personalised calorie tracking experience.

Account Information

When you sign in with Apple, we receive your name and email address from Apple and store them in our authentication backend (Supabase). This is the only data stored on our servers.

Profile & Body Metrics (stored locally & synced via iCloud)

Biological sex, age, height, current weight, target weight
Activity level and weight goal preference
Daily calorie goal

This data is stored on your device using iCloud Key-Value Store for sync across your own devices. It is not accessible to us.

Food & Weight Logs (stored locally & synced via iCloud)

Food entries (name, calories, macros, meal type, timestamp, source)
Text input you type for AI calorie estimation
Barcodes scanned for food lookup
Weight entries (value and timestamp)
Saved meals and favourite foods

All food and weight logs are stored in a local SwiftData database on your device, synced via Apple CloudKit to your personal iCloud account. We cannot access this data.

Health Data (via Apple HealthKit)

With your permission, we read biological sex, date of birth, height, and body weight from Apple Health to pre-fill your profile during onboarding. The app does not write any data back to Apple Health. HealthKit data is never shared with third parties or sent to our servers.

3. How We Use Your Data

To calculate your personalised calorie goal using the Mifflin-St Jeor BMR formula
To power AI calorie estimation — your text input is sent to Google Gemini to estimate calories and macros. This data is used solely to process your request and is not stored or used for model training by us.
To look up food barcodes via the Open Food Facts public database
To authenticate your account via Supabase and Apple Sign-In
To check the app version so we can notify you of required updates

4. Data Sharing & Third Parties

We do not sell, rent, or share your personal data with advertisers or data brokers. Period.

The limited third-party services we use:

Google Gemini — AI model used to estimate calories and macros from your text input. Your input is sent to Google's API solely to process your request. Google Privacy Policy
Supabase — authentication and user account management. Only your name and email are stored. Supabase Privacy Policy
Open Food Facts — a public, open-source food database used for barcode lookups. No personal data is sent. Open Food Facts Privacy Policy
Apple CloudKit / iCloud — syncs your food logs and settings across your devices. Governed by Apple's privacy policy.
Apple HealthKit — reads and writes health data on your device only.

We have no analytics SDKs, no ad networks, no crash reporting tools, and no third-party trackers integrated into the app.

5. Data Retention & Deletion

Your food logs and health data exist on your device and iCloud. You can delete individual entries at any time within the app. Deleting the app removes all local data.

To delete your account and all associated authentication data (name and email) from our servers, contact us at omid@deviffy.com and we will process your request within 30 days.

6. Children's Privacy

SAF Calorie Tracker is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

7. Security

We take security seriously. All communication with our servers is encrypted via HTTPS. Apple Sign-In uses industry-standard OAuth 2.0 with nonce-based verification. Sensitive API keys are never hardcoded in the app. Your local data is protected by iOS platform encryption.

8. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data. To exercise any of these rights, contact us at omid@deviffy.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

10. Contact

Questions or concerns? Reach us at omid@deviffy.com.