Last Updated: March 2026 | Version: 1.2
1. Overview
Claro AI ("we," "us," "our," or "Company") is committed to protecting your privacy and ensuring you have a positive experience on our mobile application and website. This Privacy Policy explains our data practices and your rights under applicable privacy laws, including the EU General Data Protection Regulation (GDPR).
This policy applies to all personal data we collect through:
- The Claro AI mobile application (iOS)
- Our website and marketing materials
- Related services and platforms
Privacy by Design: We implement privacy principles from the ground up. Your health data is encrypted, stored securely, and you maintain full control over your information.
2. Data We Collect
2.1 Account Information
When you create a Claro AI account, we collect:
- Email Address: For account identification and authentication
- Name: For personalization
- Google Account Information: When you sign in via Google OAuth
2.2 Health & Biometric Data
To provide our core services, we collect and store:
- Profile Information: Age, Gender, Height, Weight (used for calorie calculations and personalized recommendations)
- Food Logs: Photographs and analysis of meals and nutritional data
- Body Composition Data: Body scan photographs (front, side, back profiles) and AI-generated analysis
- Weight History: Weight measurements over time
- Daily Statistics: Calorie intake, macro nutrients, water consumption
2.3 Health Platform Data
With your explicit permission, we access (but do not store on our servers):
- Heart Rate data
- Active Energy (calories burned)
- Workout information
Important: Health platform data remains on your device. We retrieve it only when you use the app and integrate it with your fitness goals.
2.4 Device & Technical Data
- Device type and iOS version
- App version and crash reports
- IP address and device identifiers
- Camera and photo library access (for food scanning)
2.5 Usage Data
- App interaction patterns
- Features used and frequency
- Settings preferences (e.g., Ramadan mode)
2.6 Communication Data
If you contact us, we collect:
- Email messages and support requests
- Communication preferences
Data Collection Summary
| Data Category |
Collection Method |
Storage |
Required? |
| Account Information |
User input, secure authentication |
Encrypted database |
Yes |
| Health Profile |
User input (age, height, weight, gender) |
Encrypted database |
Yes |
| Food Logs |
Photo capture, AI analysis |
Encrypted storage |
No |
| Body Scans |
Photo capture, AI analysis |
Encrypted storage |
No |
| Health Platform Data |
With explicit permission |
Device only (not sent to servers) |
No |
| Usage Information |
Automatic app interaction tracking |
Secure servers |
No |
3. How We Use Your Data
3.1 Primary Purposes
We use your personal data to:
- Provide Core Services: Food scanning with AI analysis, body composition tracking, weight history management
- Personalization: Customize recommendations based on your health profile
- Performance Analysis: Analyze food images using advanced AI technology
- Health Insights: Generate AI-powered assessments of your health trends
3.2 Secondary Purposes
- Account Management: Authentication, security, account recovery
- Communications: Send notifications about your health goals, app updates
- Service Improvement: Analyze app usage to improve features and performance
- Legal Compliance: Meet regulatory requirements and prevent fraud
3.3 AI Analysis
We use advanced AI technology to analyze:
- Food Photos: Identify foods and calculate nutritional content
- Body Scans: Analyze body composition, visceral fat, and muscle definition
Important - Data Training: Your health data, photos, and analysis results are never used to train our AI model or improve algorithms. Your data is processed temporarily for immediate analysis only and then deleted. Your personal health information remains completely private and is not used for model development or enhancement.
3.5 Content Moderation & Safety
3.5.1 Automated Content Screening
To maintain a safe and appropriate platform, all uploaded images (body scans and food photos) undergo automated content moderation before processing. Our AI-powered system validates that images meet our content policy requirements.
3.5.2 Prohibited Content
The following types of content are strictly prohibited and will result in immediate rejection and deletion:
- Nudity: Images containing full or partial nudity, visible private areas, or suggestive content
- Minors: Images of anyone appearing under 18 years of age. Claro AI is intended for adult use only (18+)
- Inappropriate Content: Suggestive poses, sexualized content, or images violating community standards
- Invalid Content: Images that are not body scans or food photos (e.g., screenshots, documents, unrelated objects)
3.5.3 Automated Deletion
If prohibited content is detected:
- The upload is immediately rejected and never processed or analyzed
- All images are permanently deleted from our systems within seconds
- You will receive a clear error message explaining why the content was rejected
- The incident is logged for security monitoring and compliance purposes
- No human review occurs - the entire process is automated to protect your privacy
3.5.4 Appropriate Body Scan Images
Valid body scan images must show:
- Adults (18+ years) in appropriate fitness attire
- Modest clothing such as workout clothes, underwear, or swimwear
- Clear front, side, or back views for body composition tracking
- Focus on fitness and health tracking purposes only
Privacy Protection: Content moderation is performed entirely by automated AI systems. Rejected images are never stored, analyzed, or reviewed by humans. This protects your privacy while maintaining platform safety.
3.5.5 Age Verification
By using Claro AI, you confirm that you are 18 years of age or older. Images of minors will be automatically detected and rejected to comply with child safety regulations.
4. Legal Basis for Processing (GDPR)
Under GDPR, we process your data based on the following lawful grounds:
4.1 Consent
We rely on your explicit consent for:
- Health platform data access (iOS permission dialog)
- Camera access for food and body photos (iOS permission dialog)
- Photo library access for meal images (iOS permission dialog)
- Notification permissions (iOS permission dialog)
4.2 Performance of Contract
We process data necessary to provide our services:
- Account information to authenticate your account
- Health data to generate personalized insights
- Food and body scan data to track your progress
4.3 Legitimate Interests
We use legitimate interests for:
- App security and fraud prevention
- Service improvement and analytics
- Marketing and business development
4.4 Legal Obligation
We process data to comply with:
- Data protection and privacy laws
- Financial and tax regulations
- Law enforcement requests
5. Data Sharing & Third Parties
5.1 Third-Party AI Service — Google Gemini
When you use the food scanner or body scan features, a compressed copy of your photo is sent from our secure Firebase Cloud Function (hosted in the EU, europe-west1) to Google Gemini AI for analysis.
- What is sent: A JPEG-compressed copy of your photo (resized to 1024 px). No other personal data is attached to the request.
- Who receives it: Google LLC, via the Gemini API. Your photo is transmitted through our server — the API key never leaves our infrastructure.
- How it is used: Google Gemini analyses the image to identify food items or body composition and returns nutritional or fitness metrics. The photo is not stored by Google after the request completes.
- AI training: Your photos and health data are never used to train AI models (ours or Google's).
- User consent: A consent disclosure is shown inside the app the first time you use an AI-powered scan. You must agree before any photo is transmitted.
- Google's privacy policy: https://policies.google.com/privacy
5.2 Data Processing Infrastructure
We process your data using secure cloud infrastructure for:
| Function |
Purpose |
Data Processing |
Data Retention |
| Authentication & Database |
User accounts and data storage |
Account info, health profile, measurements |
Until account deletion |
| Secure File Storage |
Store food and body scan photos |
Images only (encrypted) |
Until user deletion |
| AI Analysis Engine (Google Gemini) |
Food and body composition analysis |
Compressed photo (temporary — deleted after analysis) |
Deleted after analysis |
| Health Platform Integration |
Health data synchronization |
None (stays on your device) |
Device only |
5.2 Data Processing Standards
All data processing partners maintain strict data protection standards and security requirements aligned with GDPR and international privacy regulations. We enforce contractual obligations ensuring:
- Encrypted data transmission and storage
- User data isolation and access controls
- Regular security assessments
- Strict confidentiality obligations
5.3 Data NOT Shared or Used
We do NOT:
- Sell your personal or health data
- Share data with advertisers or marketing partners
- Use your data to train AI models
- Lease or rent your information to third parties
- Use health data for purposes other than your personal health tracking
- Share data without your explicit consent (except as required by law)
5.4 Legal Requests
We may disclose data if required by law, court order, or governmental request. We will:
- Notify you of such requests when legally permitted
- Challenge overly broad or unlawful requests
- Provide only the minimum required information
5.5 Business Transfers
If Claro AI is acquired or merged, your data will be transferred as part of that transaction. We will notify you and ensure the same privacy protections apply.
6. Data Retention & Deletion
6.1 Retention Schedule
| Data Type |
Retention Period |
Rationale |
| Account Information |
Until account deletion |
Necessary for account management |
| Health Profile |
Until account deletion |
Core to personalized service |
| Food Logs |
Until user deletion |
For ongoing nutrition tracking; user can delete anytime |
| Body Scans |
Until user deletion |
For progress comparison; user can delete anytime |
| Body Scan Images (Valid) |
Until user deletion |
For progress comparison; user can delete anytime |
| Rejected Images (Policy Violation) |
Immediately deleted (seconds) |
Automatic safety compliance; never stored or analyzed |
| Weight History |
Until account deletion |
For trend analysis; deleted with account |
| HealthKit Data |
Never stored on servers |
Remains on your device only |
| Backup/Logs |
30-90 days |
For system recovery and security |
6.2 Account Deletion
You can delete your account anytime through the app Settings:
- Your account will be immediately deactivated
- All personal data will be deleted within 30 days
- Backup copies will be purged within 90 days
- This action is permanent and cannot be undone
6.3 Data Deletion on Request
You can request deletion of specific data categories anytime by contacting us.
7. Your Rights Under GDPR
If you are an EU resident, you have the following rights regarding your personal data:
Right to Access
Request a copy of all your personal data we hold
Right to Rectification
Correct inaccurate or incomplete data
Right to Erasure
Request deletion of your data ("Right to be Forgotten")
Right to Restrict
Limit how we process your data
Right to Portability
Export your data in machine-readable format
Right to Object
Opt-out of certain processing activities
7.1 How to Exercise Your Rights
To exercise any of these rights, contact us at:
- Email: privacy@claroai.app
- Address: Claro AI Privacy Team, [Your Address]
We will respond to your request within 30 days (GDPR requirement). We may ask for verification of your identity to protect your data security.
7.2 Right to Lodge Complaint
If you believe we have violated your privacy rights, you have the right to lodge a complaint with your national data protection authority.
8. Security & Data Protection
8.1 Technical Safeguards
- Encryption in Transit: All data transmitted via HTTPS/TLS encryption
- Encryption at Rest: Database and storage encrypted with advanced encryption standards
- Access Control: User data isolated and accessible only to authorized users
- Authentication: Secure multi-factor authentication with single sign-on support
- Image Processing: Photos compressed and processed securely, temporary AI analysis with immediate deletion
8.2 Organizational Safeguards
- Limited access to data based on job function
- Regular security audits and penetration testing
- Employee training on data protection
- Vendor security assessments
8.3 Database & Storage Security Rules
Our database and file storage infrastructure enforces strict access controls:
- Users can only access their own data
- Image uploads limited to defined file sizes and verified formats
- Backend operations restricted to authorized functions
- All operations require authentication verification
8.4 Data Breach Notification
In the unlikely event of a data breach:
- We will notify affected users within 72 hours (GDPR requirement)
- We will inform relevant authorities
- We will provide guidance on protective measures
8.5 Limitations
While we implement comprehensive security measures, no system is 100% secure. We cannot guarantee absolute security against sophisticated attacks. However, we maintain industry-standard protections and continuous monitoring.
9. Children's Privacy
9.1 Age Restrictions
Claro AI is intended for adults 18 years and older. We do not knowingly collect data from anyone under 18.
9.2 Automated Minor Detection
Our content moderation system automatically detects and rejects images of minors (anyone appearing under 18 years old). Such images are:
- Immediately rejected upon upload
- Permanently deleted from all systems within seconds
- Never processed, analyzed, or stored
9.3 Data Deletion
If we discover we have collected data from a minor, we will immediately delete it. Parents/guardians can request deletion by contacting us at privacy@claroai.app.
10. Changes to This Privacy Policy
10.1 Updates
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:
- Email notification to your registered email address
- In-app notification with prominent display
- Updated "Last Modified" date on this page
10.2 Your Acceptance
Continued use of Claro AI after changes constitute your acceptance of the updated Privacy Policy. If you do not agree with changes, you may delete your account.
10.3 Version History
- v1.2 (March 2026): Added explicit disclosure of Google Gemini AI as third-party processor for food and body scan analysis (section 5.1)
- v1.1 (January 27, 2026): Added content moderation policy, updated age restrictions to 18+, clarified automatic image rejection and deletion procedures
- v1.0 (January 2024): Initial privacy policy
This Privacy Policy is effective as of January 2024 and was last updated on January 27, 2026.
For the most current version, please visit our website.
← Back to Home