Privacy
Policy
1. Overview
Claro AI ("we," "us," "our") is committed to protecting your privacy and ensuring you have a positive experience on our mobile application and website. This Privacy Policy explains our data practices and your rights under applicable privacy laws, including the EU General Data Protection Regulation (GDPR).
This policy applies to all personal data we collect through the Claro AI mobile application (iOS), our website and marketing materials, and related services.
Privacy by Design: Your health data is encrypted, stored securely, and you maintain full control over your information.
2. Data We Collect
2.1 Account Information
- Email Address: For account identification and authentication
- Name: For personalization
- Google Account Information: When you sign in via Google OAuth
2.2 Health & Biometric Data
- Profile Information: Age, gender, height, weight
- Food Logs: Photographs and analysis of meals and nutritional data
- Body Composition Data: Body scan photographs and AI-generated analysis
- Weight History: Weight measurements over time
- Daily Statistics: Calorie intake, macro nutrients, water consumption
2.3 Health Platform Data
With your explicit permission, we access (but do not store on our servers): Heart Rate data, Active Energy, and Workout information. Health platform data remains on your device only.
2.4 Device & Technical Data
- Device type and iOS version
- App version and crash reports
- IP address and device identifiers
Data Collection Summary
| Data Category | Storage | Required? |
|---|---|---|
| Account Information | Encrypted database | Yes |
| Health Profile | Encrypted database | Yes |
| Food Logs | Encrypted storage | No |
| Body Scans | Encrypted storage | No |
| Health Platform Data | Device only (not sent to servers) | No |
| Usage Information | Secure servers | No |
3. How We Use Your Data
3.1 Primary Purposes
- Core Services: Food scanning with AI analysis, body composition tracking, weight history
- Personalization: Customize recommendations based on your health profile
- Health Insights: Generate AI-powered assessments of your health trends
3.2 Secondary Purposes
- Account Management: Authentication, security, account recovery
- Communications: Notifications about your health goals and app updates
- Service Improvement: Analyze app usage to improve features
- Legal Compliance: Meet regulatory requirements and prevent fraud
3.3 AI Analysis
We use advanced AI to analyze food photos and body scans. Your health data and photos are never used to train our AI model. Data is processed temporarily for immediate analysis only, then deleted.
4. Content Moderation & Safety
4.1 Automated Content Screening
All uploaded images undergo automated content moderation before processing. Our AI-powered system validates that images meet our content policy requirements.
4.2 Prohibited Content
The following are strictly prohibited and result in immediate rejection:
- Images containing nudity or suggestive content
- Images of anyone appearing under 18 years of age
- Content violating community standards
- Images that are not body scans or food photos
4.3 Automated Deletion
If prohibited content is detected, the upload is immediately rejected, permanently deleted within seconds, and never processed or reviewed by humans.
Privacy Protection: Content moderation is performed entirely by automated AI systems. Rejected images are never stored, analyzed, or reviewed by humans.
4.4 Age Verification
By using Claro AI, you confirm that you are 18 years of age or older. Images of minors will be automatically detected and rejected.
5. Legal Basis for Processing (GDPR)
5.1 Consent
We rely on your explicit consent for health platform data access, camera access, photo library access, and notification permissions — all requested via iOS permission dialogs.
5.2 Performance of Contract
We process account information, health data, and scan data to authenticate your account and generate personalized insights.
5.3 Legitimate Interests
App security, fraud prevention, service improvement, and business development.
5.4 Legal Obligation
Data protection laws, financial and tax regulations, and law enforcement requests.
6. Data Sharing & Third Parties
6.1 Third-Party AI — Google Gemini
When you use food scanner or body scan features, a compressed photo is sent from our secure Firebase Cloud Function (EU, europe-west1) to Google Gemini AI for analysis.
- What is sent: A JPEG-compressed copy (resized to 1024px). No other personal data is attached.
- Retention: Google does not store the photo after the request completes.
- AI training: Your photos are never used to train AI models.
- Google's policy: policies.google.com/privacy
6.2 Data Processing Infrastructure
| Function | Data Processed | Retention |
|---|---|---|
| Authentication & Database | Account info, health profile | Until account deletion |
| Secure File Storage | Images (encrypted) | Until user deletion |
| Google Gemini AI | Compressed photo (temporary) | Deleted after analysis |
| Health Platform | None (stays on device) | Device only |
6.3 Data NOT Shared
We do not sell your data, share it with advertisers, use it to train AI models, or share it without your explicit consent (except as required by law).
7. Data Retention & Deletion
| Data Type | Retention Period |
|---|---|
| Account Information | Until account deletion |
| Health Profile | Until account deletion |
| Food Logs & Body Scans | Until user deletion |
| Rejected Images (Policy Violation) | Immediately deleted (seconds) |
| Weight History | Until account deletion |
| HealthKit Data | Never stored on servers |
| Backup / Logs | 30–90 days |
Account Deletion
Delete your account anytime via app Settings. All personal data is deleted within 30 days; backup copies purged within 90 days. This action is permanent and cannot be undone.
8. Your Rights Under GDPR
If you are an EU resident, you have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of all personal data we hold |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | Request deletion ("Right to be Forgotten") |
| Restriction | Limit how we process your data |
| Portability | Export your data in machine-readable format |
| Object | Opt-out of certain processing activities |
To exercise any right, contact us at privacy@claroai.app. We respond within 30 days.
9. Security & Data Protection
Technical Safeguards
- Encryption in Transit: All data transmitted via HTTPS/TLS
- Encryption at Rest: Database and storage encrypted
- Access Control: User data isolated and accessible only to authorized users
- Authentication: Secure multi-factor authentication
Data Breach Notification
In the unlikely event of a data breach, we will notify affected users within 72 hours (GDPR requirement) and inform relevant authorities.
10. Children's Privacy
Claro AI is intended for adults 18 years and older. We do not knowingly collect data from minors. Our content moderation system automatically detects and rejects images of minors. If we discover we have collected data from a minor, we will immediately delete it. Contact us at privacy@claroai.app.
11. Changes to This Privacy Policy
We may update this policy to reflect changes in our practices or legal requirements. We will notify you via email and in-app notification. Continued use of Claro AI after changes constitutes acceptance.
Version History
- v1.2 (March 2026): Added explicit disclosure of Google Gemini AI as third-party processor
- v1.1 (January 2026): Added content moderation policy, updated age restrictions to 18+
- v1.0 (January 2024): Initial privacy policy
12. Contact Us
| Contact Type | Address |
|---|---|
| Privacy Team | privacy@claroai.app |
| General Support | support@claroai.app |
| Data Protection Officer | dpo@claroai.app |
We take privacy seriously. Your trust is essential to us. We are committed to transparent data practices and your right to privacy.
This Privacy Policy is effective as of January 2024 and was last updated March 2026.