BasedCal logoBasedCal

Privacy Policy

Last updated: May 31, 2026

BasedCal ("we," "our," "the Service") respects your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights.

0. Data Controller

The seller and data controller responsible for your personal data is Alberto Cassab, operating under the trading name BasedCal ("BasedCal," "we," "us"). You can contact the controller at basedcal.life@gmail.com. Where references to "BasedCal" appear elsewhere in this Policy, they refer to this same controller.

1. Data We Collect

Information you provide:

  • Account information: Email address, display name, password (hashed, never stored in plain text)
  • Body metrics: Age, gender, height, weight, body fat percentage (used to calculate calorie and macro targets)
  • Food log data: Food entries, meal times, custom foods, custom recipes
  • Supplement data: Supplement entries and custom supplements
  • Weight log: Weight entries with dates and optional notes
  • Sun tracking data: Sunlight session entries (duration, time of day, UV index)
  • Warmth tracking data: Optional inputs like body temperature, resting pulse, sleep, mood, stress, hydration
  • Calculator settings: Diet preset, activity level, steps, gym sessions, sports, climate data, goal, custom diet descriptions
  • Location data: Latitude and longitude (only if you enable climate-based calorie adjustment or sun UV auto-fill; not collected by default)

Information collected automatically:

  • Device information: Device type, operating system version, app version
  • Usage data: Which screens you visit, features you use (anonymized, not tied to your identity)

Information from third parties:

  • Authentication: If you sign in with a third-party provider (e.g., Google, Apple), we receive your email address and name from that provider
  • Payment data: Payment processing is handled by Paddle (web) or Apple/Google (mobile). We do not store your credit card number, bank account, or payment card details. We receive confirmation of payment status only.
  • Connected health devices: If you connect a health platform (such as Fitbit, Whoop, Oura, Garmin, or Apple Health), we receive the data you authorize — such as steps, resting heart rate, sleep, heart rate variability, and weight. Access tokens for these services are stored encrypted and are never exposed to the mobile app.

2. How We Use Your Data

We use your data to:

  • Provide the Service (calculate targets, store food logs, generate AI suggestions, compute scores)
  • Sync your data across devices (web and mobile) via your account
  • Process Pro subscription payments
  • Send you notifications you've opted into (meal reminders, sunrise alerts)
  • Improve the Service (anonymized, aggregated usage analytics)

We do NOT:

  • Sell your personal data to third parties
  • Share your health data with advertisers
  • Use your data for purposes other than providing and improving the Service
  • Train AI models on your personal data

2a. Legal Basis for Processing

Where data protection laws such as the EU/UK GDPR apply, we rely on the following legal bases to process your personal data:

  • Performance of a contract: to create and operate your account, calculate targets, store your food, weight, sun, and warmth logs, sync data across devices, and provide the Pro subscription (Terms of Service).
  • Legitimate interests: to keep the Service secure, prevent fraud and abuse, debug issues, and improve features through anonymized, aggregated usage analytics. We balance these interests against your rights and freedoms.
  • Consent: for optional features that you explicitly enable, such as location-based climate or UV auto-fill, connections to third-party health platforms (Fitbit, Whoop, Oura, Garmin, Apple Health), opt-in notifications, and any non-essential cookies. You may withdraw consent at any time by disabling the feature or deleting your account.
  • Legal obligation: to comply with applicable laws, including tax, accounting, and lawful requests from authorities. Tax and invoicing obligations for web subscription payments are handled by Paddle as Merchant of Record.

3. AI Data Processing

When you use AI features (chat bots, food suggestions, food alignment reviews, food verdicts, custom diet generation), your relevant data (food log summary, macro targets, preset name, custom diet description) is sent to our server, which forwards it to an AI language model to generate a response. This data is:

  • Processed in real-time and not stored by the AI provider after the response is generated
  • Not used to train AI models
  • Sent only when you actively trigger an AI feature (never in the background)

4. Data Storage and Security

Your data is stored in the backend, a cloud database. We use:

  • Encrypted connections (HTTPS/TLS) for all data transmission
  • Row-level security (RLS) in the database so users can only access their own data
  • Encrypted local storage on your device for general app data
  • Hashed passwords (never stored in plain text)
  • Encryption at rest for sensitive tokens (such as connected health device tokens)

No system is 100% secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • Your personal data is deleted from our servers within 30 days
  • Anonymized, aggregated data (which cannot identify you) may be retained for analytics
  • Local data on your device is not automatically deleted; you can clear it by uninstalling the app

6. Your Rights

You have the right to:

  • Access your data: All your data is visible within the app
  • Export your data: Contact us to request a copy of your data
  • Correct your data: Edit your profile, food logs, and settings at any time within the app
  • Delete your data: Delete your account from the Account screen, or contact us to request full deletion
  • Withdraw consent: You can stop using the Service at any time and delete your account

If you are in the European Economic Area (EEA), you also have rights under GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority. If you are in Mexico, you have rights under the Federal Law on Protection of Personal Data Held by Private Parties (including access, rectification, cancellation, and opposition).

7. Children's Privacy

BasedCal is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, contact us and we will delete it promptly.

Users between 13 and 18 may use BasedCal with the consent of a parent or legal guardian.

8. Location Data

Location data (latitude/longitude) is collected ONLY if you enable the climate-based calorie adjustment feature or the sun UV auto-fill feature. This data is:

  • Used solely to fetch weather, climate, and UV data for your area
  • Stored in your calculator/sun profile
  • Never shared with third parties
  • You can disable these features and delete location data at any time

9. Cookies and Tracking (Web Only)

The BasedCal website uses:

  • Essential cookies: For authentication and session management (required for the site to function)
  • No advertising cookies
  • No third-party tracking pixels
  • Anonymous analytics: We may use privacy-respecting analytics to understand usage patterns (no personal data is shared)

10. Third-Party Services

BasedCal uses the following third-party services:

  • Lovable Cloud: Database, authentication, and real-time data
  • Paddle (Paddle.com Market Limited): Merchant of Record and reseller for all web purchases of BasedCal Pro. Paddle handles checkout, payment processing, billing, invoicing, sales tax compliance, subscription management, and refunds on our behalf, and receives the personal and transactional data needed to do so (such as your name, email, billing address, and purchase details). See paddle.com/legal/privacy.
  • RevenueCat: Mobile subscription management (revenuecat.com)
  • Apple/Google: Mobile payment processing via App Store and Play Store
  • AI gateway provider: AI model access for chat, suggestions, verdicts, and analysis features
  • Open Food Facts: Barcode food lookup (openfoodfacts.org)
  • Open-Meteo: Weather, climate, and UV data (open-meteo.com)
  • Connected health platforms (optional): Fitbit, Whoop, Oura, Garmin, Apple Health — only if you choose to connect them

Each third-party service has its own privacy policy. We encourage you to review them.

11. Data Transfers

Your data may be processed in countries outside your country of residence (including the United States) where data protection laws may differ. By using the Service, you consent to this transfer.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.

13. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at:

Email: basedcal.life@gmail.com