Calorintel

Privacy Policy

Last updated: April 2026

This Privacy Policy explains what personal data Calorintel collects, why it collects it, how it is stored, and what your rights are. We have tried to write this in plain language — if something is unclear, email us at legal@calorintel.com.

1. Who We Are

Calorintel is a free web application for personal weight tracking and energy-balance estimation. It is operated by a private individual based in the Netherlands. Because of that, the EU General Data Protection Regulation (GDPR) applies to how we handle your personal data. A postal address & Data controller details are available on request to users exercising their data protection rights — please contact us at the email below.

Contact: legal@calorintel.com

2. What Data We Collect and Why

2a. Account data (when you sign in with Google)

When you create an account using Google Sign-In, we receive from Google: your name, email address, and a Google User ID (UID). We use this to identify your account and link it to your stored data. We do not receive your password — authentication is handled entirely by Google.

2b. Weight and health data

You enter your daily body weight measurements directly. Alongside each entry, you can optionally record:

A short text note about that day
One or more contextual events: period, poor sleep, illness, fasting, cheat day, or high sodium

You also optionally define weight goals (start date, end date, target weight) and choose app settings such as your preferred rolling average window.

We collect this data for one purpose only: to run the app. Weight entries drive all calculations — rolling averages, trend lines, calorie deficit estimates, and goal progress. Nothing else.

2c. Usage analytics (Google Analytics 4)

We use Google Analytics 4 (GA4) to understand how people use the app — which features are used, how often, and where people drop off. GA4 collects data through cookies and assigns an anonymous identifier to your browser session. It does not give us access to your name, email, or weight data.

What GA4 tracks: page views, feature interactions, session duration, device type, and approximate location (country/city level). GA4 derives this from your IP address at the moment of the request and does not log or store the IP itself.

We use this information to improve the app. We do not use GA4 data for advertising.

Legal basis for processing:

Account and identity data (name, email, Google UID): performance of a contract (Art. 6(1)(b) GDPR) — necessary to provide the service you signed up for
Weight data, notes, events, and goals: your explicit consent (Art. 9(2)(a) GDPR), given when you create an account and enter data. Some of this information — particularly event tags such as illness, period, or poor sleep — qualifies as health data under EU law, and we treat it accordingly. You can withdraw consent at any time by deleting your account, which removes all this data permanently.
Analytics data (when you accept the cookie banner):your consent (Art. 6(1)(a) GDPR). You can withdraw consent at any time using your browser's cookie controls or by clearing site data.

3. How and Where Your Data Is Stored

Your account data and weight history are stored in Google Firestore, a cloud database provided by Google LLC. Firestore data is stored in Google's europe-west4 data centre (the Netherlands) and does not leave the EEA. Google is a certified GDPR data processor — it processes your data on our behalf under a Data Processing Agreement (DPA) that includes Standard Contractual Clauses (SCCs) for transfers where applicable.

Your app settings (rolling average preference, etc.) are also stored in Firestore when you are signed in.

For performance, a copy of your weight history, notes, events, and goals is also kept in your browser's local storage. This local copy is read-only — it is used to display your data instantly when you open the app and to keep the app responsive when your connection is unstable. It is never sent back to our servers and never overwrites the authoritative copy in Firestore. When you delete your account or sign out, this local copy is cleared on next sign-in.

4. Cookies

Calorintel uses the following types of cookies:

Firebase Authentication: a session cookie to keep you signed in. This is strictly necessary for the service to function — it does not require consent.
Google Analytics 4: analytics cookies (_ga, _ga_XXXXXXXX) that persist for up to 2 years. These track your anonymous usage of the app.

There are no advertising cookies, no third-party tracking pixels, and no social media cookies.

To opt out of GA4 analytics cookies, you can: install the Google Analytics Opt-out Browser Add-on (available at tools.google.com/dlpage/gaoptout), or use your browser's "Do Not Track" or privacy settings to block third-party cookies.

5. Third-Party Services

These are the third-party services Calorintel uses, what role each plays, and their privacy policies:

Google Firebase Authentication — handles sign-in. Google Privacy Policy: policies.google.com/privacy
Google Firestore — stores your data. Google Cloud DPA applies.
Google Analytics 4 — usage analytics. Google Privacy Policy: policies.google.com/privacy
Netlify — hosts the static web app files. Netlify processes server log data (IP address, request URL, timestamp, user agent) for security and performance purposes; it does not have access to your account, weight history, or any data stored in Firestore. Netlify Privacy Policy: netlify.com/privacy

We do not sell your data to anyone. We do not share your data with third parties for advertising or marketing. The services listed above receive only what is technically necessary for them to function.

6. Your Rights Under GDPR

As a resident of the EU (or anywhere the GDPR applies to us), you have the following rights:

Right of access: you can request a copy of all personal data we hold about you
Right to rectification: you can correct inaccurate data directly within the app (edit any weight entry or note), or contact us to correct account-level data
Right to erasure: you can delete your account and all associated data from within the app at any time — go to Menu and select "Delete Account." This permanently removes your weight history, notes, goals, and Google account identity from Firestore
Right to data portability: you can export your complete weight history as a CSV file at any time from within the app
Right to object: you can opt out of analytics cookies (see Section 4) or object to any processing based on legitimate interest
Right to restrict processing: you can contact us to request that we limit how we process your data while a dispute is being resolved

To exercise any of these rights, use the in-app deletion and export features, or contact us at legal@calorintel.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Dutch data protection authority: Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

7. Data Retention

Your data is retained for as long as your account is active. If you delete your account through the app, all your personal data (weight entries, notes, goals, Google identity) is deleted from Firestore immediately and cannot be recovered.

GA4 analytics data is retained for 2 months by default (the minimum GA4 allows). This data is anonymous and cannot be linked back to your account.

8. Data Security

Your weight data is stored in Google Firestore, which is protected by Google's enterprise-grade security infrastructure including encryption at rest and in transit. Access to Firestore is controlled by Firebase Security Rules, which restrict read and write access to the signed-in account owner only — no other user can access your data.

We take reasonable precautions on our end, but no internet service is 100% secure. If you become aware of any security issue, please contact legal@calorintel.com immediately.

9. Children's Privacy

Calorintel is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected data from a child, please contact us at legal@calorintel.com and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. For significant changes — such as new categories of data collection or new third-party processors — we will notify you by email (if you have an account) or by a notice within the app.

Continuing to use Calorintel after a policy change means you accept the updated terms.

11. Contact

For any privacy questions, requests to exercise your rights, or concerns: legal@calorintel.com