Privacy Policy

Last updated: March 27, 2026

CalGap (the "App") is developed and operated by Jimmy Lv. We take your privacy seriously. This policy explains what data the App collects, how it is collected, all uses of that data, and any third parties with whom data is shared.

1. Data We Collect and How We Collect It

1.1 Food Photos — Shared with Third-Party AI Services

Important: The App sends your food photos to third-party AI services for food recognition and nutritional analysis. The App explicitly asks for your consent before any data is shared.

What data is sent: When you take or select a food photo, it is compressed to a JPEG image (approximately 100–200 KB, max 1024px resolution) and sent to the AI service you have selected in Settings.
When it is sent: Only after you have explicitly agreed to data sharing — either during the onboarding consent step or via the in-app consent dialog that appears before your first analysis.
Purpose: Solely to identify the food in the photo and estimate its nutritional content (food name, calories, protein, carbohydrates, fat).
Data retention by AI services: Photos are sent as part of a one-time API request for analysis. We do not instruct the AI services to store your photos. Please refer to each service's own privacy policy for their data handling practices.
No other personal data is included: Only the compressed photo and a text prompt requesting nutritional analysis are sent. No name, device ID, location, or health data is included in the request.

1.2 Apple Health Data (HealthKit)

With your explicit authorization, the App reads the following HealthKit data: basal energy burned, active energy burned, step count, body mass, and dietary energy entries. The App also writes dietary intake data (calories, protein, carbohydrates, fat) back to HealthKit.

This data is used locally on your device only to calculate your energy gap. It is never sent to any server or third party.

1.3 Meal Records

Your meal entries (food name, calories, macronutrients, timestamps, photos) are stored locally on your device using SwiftData. If you are signed into iCloud, data syncs via Apple's CloudKit to your other devices. We do not operate any backend server.

1.4 API Keys

If you log in via OpenRouter OAuth or manually enter API keys, these credentials are stored securely in your device's iOS Keychain with kSecAttrAccessibleAfterFirstUnlock protection. API keys are sent only to the respective AI service endpoint you have selected — never to us.

2. Third-Party AI Services We Share Data With

The App may share food photos with the following third-party AI services, depending on your configuration:

OpenRouter (openrouter.ai) — AI model routing service. Privacy Policy
Google Gemini (ai.google.dev) — Google's AI service. Terms & Privacy
OpenAI (openai.com) — OpenAI's API service. Privacy Policy
Custom Provider — If you configure a custom OpenAI-compatible endpoint, data is sent to the URL you specify. You are responsible for reviewing that service's privacy practices.

Each of these services provides the same or equivalent data protection for your data as described in their respective privacy policies. Only the compressed food photo and a text analysis prompt are sent — no personal identifiers are included.

3. How We Obtain Your Consent

Onboarding: During first-time setup, the App presents a dedicated privacy consent screen that explains what data is sent, to whom, and for what purpose. You must tap "Agree and Continue" before any photos can be sent to AI services.
In-app consent dialog: If consent has not been granted (e.g., after an app update), the App displays a consent alert before the first food analysis, with options to agree, view the privacy policy, or cancel.
Settings control: You can review the data sharing disclosure and revoke consent at any time in Settings → AI Data Usage. Revoking consent disables food recognition.

4. Data We Do NOT Collect

We do not require account registration — no name, email, or phone number is collected
We do not use any third-party analytics or advertising SDKs
We do not sell or share your health data with any third party
We do not track your location
We do not collect device identifiers for tracking purposes

5. Data Storage and Security

All meal records are stored locally on your device, optionally synced via iCloud
API keys are stored in the iOS Keychain with hardware-backed encryption
HealthKit data is read and used locally only
We do not operate any backend server to store user data
Food photos sent to AI services are transmitted over HTTPS

6. Your Rights and Controls

Revoke AI data sharing consent at any time in Settings → AI Data Usage
Revoke HealthKit authorization in iOS Settings → Health → Data Access
Sign out of OpenRouter and delete API keys within the App
Delete the App to remove all local data from your device
Manage iCloud-synced data through iCloud Settings

7. Children's Privacy

This App is not directed at children under 13. We do not knowingly collect personal information from children.

8. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated revision date.

9. Contact Us

If you have questions about this privacy policy, please contact us:

Email: hi@jimmylv.cn
Website: jimmylv.cn

隐私政策

最后更新：2026 年 3 月 27 日

CalGap（以下简称"本应用"）由 Jimmy Lv 开发和运营。我们非常重视您的隐私。本政策说明本应用收集哪些数据、如何收集、数据的所有用途，以及与哪些第三方共享数据。

1. 我们收集的数据及收集方式

1.1 食物照片 — 与第三方 AI 服务共享

重要提示：本应用会将您的食物照片发送至第三方 AI 服务进行食物识别和营养分析。在发送任何数据之前，应用会明确征求您的同意。

发送的数据：当您拍摄或选择食物照片时，照片会被压缩为 JPEG 格式（约 100–200 KB，最大 1024px 分辨率），然后发送至您在设置中选择的 AI 服务。
发送时机：仅在您明确同意数据共享之后——通过新用户引导中的隐私同意步骤，或首次分析前的应用内同意弹窗。
用途：仅用于识别照片中的食物并估算其营养成分（食物名称、热量、蛋白质、碳水化合物、脂肪）。
AI 服务的数据留存：照片作为一次性 API 请求发送用于分析。我们不指示 AI 服务存储您的照片。请参阅各服务自身的隐私政策了解其数据处理方式。
不包含其他个人数据：请求中仅包含压缩后的照片和请求营养分析的文本提示，不包含姓名、设备ID、位置或健康数据。

1.2 Apple Health 数据（HealthKit）

经您明确授权后，本应用会读取以下 HealthKit 数据：基础代谢消耗、运动消耗、步数、体重和饮食能量条目。本应用也会将饮食摄入数据（热量、蛋白质、碳水、脂肪）写入 HealthKit。

此数据仅在您的设备本地使用，用于计算能量缺口。不会发送至任何服务器或第三方。

1.3 饮食记录

您的每餐记录（食物名称、热量、营养素、时间戳、照片）使用 SwiftData 存储在设备本地。如果您已登录 iCloud，数据会通过 Apple 的 CloudKit 同步到您的其他设备。我们不运营任何后端服务器。

1.4 API 密钥

如果您通过 OpenRouter OAuth 登录或手动输入 API 密钥，这些凭据会安全存储在设备的 iOS Keychain 中。API 密钥仅发送至您选择的相应 AI 服务端点——从不发送给我们。

2. 我们共享数据的第三方 AI 服务

根据您的配置，本应用可能将食物照片共享给以下第三方 AI 服务：

OpenRouter（openrouter.ai）— AI 模型路由服务。隐私政策
Google Gemini（ai.google.dev）— Google AI 服务。条款与隐私
OpenAI（openai.com）— OpenAI API 服务。隐私政策
自定义服务商 — 如果您配置了自定义 OpenAI 兼容端点，数据将发送至您指定的 URL。您有责任审查该服务的隐私做法。

上述每项服务均为您的数据提供与其各自隐私政策中所述的同等或等效的数据保护。发送的内容仅包含压缩后的食物照片和文本分析提示——不包含任何个人标识信息。

3. 我们如何获取您的同意

新用户引导：在首次设置时，应用会呈现专门的隐私同意界面，说明发送什么数据、发送给谁、用途是什么。您必须点击"同意并继续"才能将照片发送至 AI 服务。
应用内同意弹窗：如果尚未授权（例如应用更新后），应用会在首次食物分析前显示同意提示，提供同意、查看隐私政策或取消的选项。
设置控制：您可以随时在设置 → AI 数据使用中查看数据共享说明并撤回同意。撤回同意将禁用食物识别功能。

4. 我们不收集的信息

我们不要求注册账号，不收集姓名、邮箱或手机号
我们不使用任何第三方分析或广告 SDK
我们不会将您的健康数据出售或分享给任何第三方
我们不会追踪您的位置信息
我们不会收集设备标识符用于追踪目的

5. 数据存储与安全

所有饮食记录存储在设备本地，可选通过 iCloud 同步
API 密钥通过 iOS Keychain 安全存储，具备硬件级加密保护
HealthKit 数据仅在设备本地读取和使用
我们不运营任何后端服务器来存储用户数据
发送至 AI 服务的食物照片通过 HTTPS 传输

6. 您的权利与控制

随时在设置 → AI 数据使用中撤回 AI 数据共享同意
在 iOS 设置 → 健康 → 数据访问中撤销 HealthKit 授权
在应用内退出 OpenRouter 登录并删除 API 密钥
删除应用即可删除设备上的所有本地数据
通过 iCloud 设置管理同步的数据

7. 儿童隐私

本应用不面向 13 岁以下儿童，我们不会有意收集儿童的个人信息。

8. 隐私政策变更

本政策如有变更，我们会在此页面更新，并标注修订日期。

9. 联系我们

如果您对隐私政策有任何疑问，请通过以下方式联系：

邮箱：hi@jimmylv.cn
网站：jimmylv.cn