CaloNote
🌐 한국어

Privacy Policy

Effective Date: March 23, 2026

1. Purpose of Processing Personal Data

We process personal data solely for the purposes listed below. Data will not be used for any other purpose without prior separate consent. If the purpose changes, we will take necessary steps including obtaining separate consent.

  • Service delivery — Food image analysis, nutritional calculations, and personalized health management
  • AI model improvement — Enhancing recognition engine performance, algorithm training, and new feature development based on user-provided data
  • Partner integrations — Sharing data with user-selected partners (gyms, pilates studios, clinics, etc.) for expert coaching
  • Paid service operation — Subscription billing, access management, fraud prevention, and purchase history
  • Marketing & advertising — Interest-based ads via AdMob, usage analytics, and event notifications
2. Eligibility & Data Collected

This service is available to users aged 14 and above. We do not knowingly collect personal data from children under 14. Any accounts identified as belonging to children under 14 will be deleted immediately.

CategoryItems
Registration & Auth(Social) Apple / Google / Kakao unique identifiers, email address / (Direct) Email address
Health & Body DataHeight, weight, body composition (muscle mass, body fat %, etc.), meal photos, nutrient intake, and health records
Payments & SubscriptionsIn-app purchase confirmation numbers, subscription status, billing history
Auto-collectedAdvertising identifiers (ADID/IDFA), IP address, usage logs, access logs, cookies, device info (OS, model)
※ Health records and body composition data constitute sensitive personal data and are collected only with separate explicit consent at sign-up. Certain features may be unavailable without this consent.
3. Retention & Use Period

We delete personal data promptly upon account termination, except as outlined below.

CategoryRetention Period & Basis
Fraud prevention records6 months post-withdrawal (internal policy)
Payment & supply records5 years (Korean E-Commerce Act)
Contract / cancellation records5 years (Korean E-Commerce Act)
Consumer complaint records3 years (Korean E-Commerce Act)
Access logs3 months (Communications Privacy Act)
Anonymized AI training dataRetained in irreversibly anonymized form for service improvement (no fixed retention period)
4. Third-Party Data Sharing

We share data with third parties only when users explicitly consent via a dedicated in-app consent screen.

CategoryDetails
RecipientsPartner fitness centers, clinics, and healthcare partners
PurposePersonalized diet coaching, workout guidance, professional consultations, and product recommendations
Data sharedBody data, meal photos, and nutritional analysis records
RetentionUntil the user disconnects the integration or withdraws from the service
5. Data Processing Delegation & Cross-Border Transfers
ServiceDetails
Infrastructure (GCP)Data storage and server operations
Ad analytics (Google AdMob)Targeted ad delivery and effectiveness analysis (cross-border transfer)
Authentication (Apple, Google, Kakao)Social login and identity verification
Cross-border transfers comply with applicable data protection laws, including GDPR Standard Contractual Clauses (SCCs) where required.
6. Data Deletion

Personal data is deleted promptly once it is no longer necessary. Electronic files are destroyed using technical methods that prevent recovery or reconstruction.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access, correction, or deletion of your personal data
  • Restriction of processing
  • Data portability (GDPR users)
  • Right to object to automated decision-making / profiling
  • Withdrawal of consent at any time (without affecting prior lawful processing)
Cookies and advertising identifiers (ADID/IDFA) can be opted out via your device settings. Opting out may limit personalized ad delivery.

Certain data may be retained beyond your deletion request where required by applicable law.

To exercise any of your rights, contact us at: support@calonote.com. We will respond within 30 days.

8. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process personal data on the following legal bases:

Processing ActivityLegal Basis
Account management & core servicePerformance of a contract (Art. 6(1)(b) GDPR)
Health & body dataExplicit consent (Art. 9(2)(a) GDPR)
Payments & fraud preventionLegal obligation / Legitimate interests (Art. 6(1)(c)(f) GDPR)
Marketing & analyticsConsent (Art. 6(1)(a) GDPR)
AI model training (anonymized)Legitimate interests (Art. 6(1)(f) GDPR)
9. Security Measures

We implement technical and organizational measures to protect your personal data, including SSL/TLS encrypted data transmission, access controls, and anti-intrusion security systems.

10. Privacy Officer & Contact
CategoryDetails
Privacy OfficerYUNHO NOH (CEO)
TeamCaloNote Operations Team
Emailsupport@calonote.com
11. Policy Updates

This policy is effective as of March 23, 2026. Material changes will be notified at least 30 days in advance; other changes 7 days in advance, via in-app notices.