Privacy Policy

This Privacy Policy explains how Shivendra Ananthan Chelliah, the independent developer and operator of CalTrak+ (“CalTrak+,” “we,” “us,” or “our”), collects, uses, shares, retains, and protects personal information. It applies to:

• The CalTrak+ website at caltrakplus.app, including the waitlist landing page and this policy (the “Site”); and
• The CalTrak+ mobile application for iOS (the “App”), a personal health- and nutrition-tracking tool for people using GLP-1 medications.

Together, the Site and the App are the “Services.” By using the Services, you acknowledge the practices described here. If you do not agree with this policy, please do not use the Services.

CalTrak+ is a personal tracking tool. It is not a medical device and does not provide medical advice, diagnosis, or treatment. We are not a healthcare provider, health plan, or healthcare clearinghouse, and we are not a “covered entity” or “business associate” under the U.S. Health Insurance Portability and Accountability Act (HIPAA). Some information you enter may nonetheless qualify as “consumer health data” under newer U.S. state laws; see Section 15.

The data controller (and the “business” under U.S. state privacy laws) responsible for your personal information is:

Shivendra Ananthan Chelliah (operating as CalTrak+), an independent developer based in Malaysia.
Email: developer@rainfroglabs.com

For any privacy question, request, or complaint, contact us at the email above. We are a solo independent developer and do not currently maintain a separate data protection officer or an EU/UK Article 27 representative. If you are in the European Economic Area (EEA) or United Kingdom and have concerns about this, you may contact us directly and we will handle your request in accordance with applicable law.

CalTrak+ is designed to keep your most sensitive information on your own device wherever possible:

• Your food, water, weight, dose, side-effect, and chat logs are stored on your device by default, not on our servers.
• The limited data we do hold on our servers — your account, your Friends profile and weekly activity signals, your subscription status, and security/abuse-prevention records — is described in Section 4 and kept to what each feature needs.
• Optional analytics and crash reporting are off by default, separate from your health data, and never include the contents of your logs, chats, or photos.
• We do not sell your personal information, we do not sell or share your consumer health data, and we do not use your information for cross-context behavioral advertising or third-party ad targeting.
• We do not use Apple Health (HealthKit) data for advertising or marketing, and we do not share it with third parties.

4.1 Information you provide on the Site (waitlist)

• Email address. When you join the waitlist, we collect the email address you submit and store it in normalized form (trimmed and lowercased) so we can manage signups consistently and contact you about CalTrak+. We do not ask for your name, health information, or payment details on the Site.

4.2 Information collected automatically on the Site

When you visit the Site or submit the waitlist form, our hosting and analytics providers may process limited technical information, including:

• Pages viewed and approximate visit timing
• Referring URL or link that brought you to the Site
• Browser type, device type, operating system, and language
• IP address and similar network identifiers in server and platform logs

To reduce abuse of the waitlist form, our server temporarily uses your IP address, and the email you submit, in short-lived in-memory rate limiters (for example, a per-IP, a per-email, and an overall limit). These counters are held only transiently in server memory, are not written to our waitlist database, and are not retained as a permanent record.

4.3 Information stored on your device in the App

The App is built so that your health and lifestyle data stays on your device by default. We do not receive this content on our servers except where a specific cloud feature below requires it. On-device data includes:

• Food, water, weight, dose, and side-effect logs; custom foods; and clinician export PDFs you generate
• Your conversations with “Eve AI,” the in-app AI food assistant (chat history is kept on your device)
• Profile details (such as gender, height, weight, activity level, goals, medication and dosing schedule, and a profile photo if you add one) and your nutrition targets

Your profile photo is stored on your device and is not uploaded to our servers or shown to other users.

4.4 Account information (Sign in with Apple)

To use the Friends feature, Eve AI, and Progress AI insights, you sign in with Apple. Apple provides us with an identity token and, depending on your choices, your name (the first time) and either your email address or a private Apple relay email. We exchange the Apple token for a session managed by Supabase and store that session securely in your device Keychain. Your account record (held by Supabase) includes your user identifier and the email or relay email associated with your Apple sign-in. Server-side, your identity is derived from your signed session token, not from an account identifier supplied by the App.

4.5 Eve AI, the AI food assistant

When you choose to use Eve AI, the meal descriptions you type and any photos you attach are sent from your device to our relay (a Supabase Edge Function), which forwards them through the Vercel AI Gateway to third-party AI providers (Google as the primary provider and OpenAI as a fallback) so they can estimate the nutritional content of your meal. Eve may also use Perplexity-powered nutrition web search to look up published nutrition facts for branded or restaurant foods. The first time you open the chat, the App requires you to acknowledge an in-app notice that these messages and photos leave your device. We do not store the meal text or photos in our database; they are processed to return your estimate.

4.6 Progress AI insights

If you choose to generate a Progress AI insight, the App sends a small weekly aggregate snapshot to our Supabase relay, which forwards it through the Vercel AI Gateway to third-party AI providers (OpenAI as the primary provider and Google as a fallback). This snapshot may include weight progress, protein, hydration and calorie averages, days logged, weigh-in count, and the targets you set in the App. The App requires a separate in-app acknowledgment before sending this snapshot. We do not send detailed food names, dose entries, side-effect notes, chat text, photos, or raw HealthKit samples for this feature, and we do not store the snapshot in our database.

4.7 Friends feature

Friends is an optional social feature. If you register for it and connect with buddies, we process the following on our servers (Supabase Edge Functions and database), linked to your account:

• Your community profile — a display name you choose and a cosmetic profile-card style.
• Weekly activity signals — for each week, the number of days (a count from 0 to 7) on which you hit your protein target, hit your hydration target, and logged food, plus current streak lengths.
• Activity-feed events and interactions — events such as closing your weekly anchors or logging food, and the cheers and nudges you send to or receive from buddies.
• Your buddy graph — the buddy relationships you form and the invite codes you create or redeem.

We do not share your food names, calories, macros, weight, medication, doses, side effects, meal photos, chat text, or any other free-text content with your buddies. The only free-text you choose is your display name.

4.8 Apple Health (HealthKit)

Only if you grant permission, the App reads certain values from Apple Health (such as weight, steps, and active energy) and can write food, water, and weight entries back to Apple Health. HealthKit data flows between CalTrak+ and Apple Health on your device under Apple’s policies. We never send HealthKit samples to our servers or analytics providers, never use HealthKit data for advertising or marketing, never sell it, and never share it with third parties.

4.9 Subscriptions, purchases, and App Store notifications

Subscriptions are sold and processed by Apple through the App Store. We do not receive your full payment card number. To unlock and verify paid features, we record your subscription entitlement status on our servers: which plan you have, whether it is currently active, its expiry, and an Apple-provided transaction identifier. This record is created and updated by Apple’s App Store Server Notifications (server-to-server messages Apple sends us about events such as renewals, expirations, refunds, and revocations) and is linked to your account by a random, app-generated token rather than by your Apple ID. We use it only to confirm whether your paid features should be available.

4.10 Security, abuse-prevention, and service-limit data

To keep the Services secure, enforce fair-use limits, and prevent abuse of our paid AI features, our backend records limited operational data:

• Service-limit counters — per-account counts of how many AI requests (Eve and Progress) you have made, used to enforce daily quotas.
• Rate-limit and abuse counters — short-window request counters keyed to your account and, for some endpoints, to a network identifier, used to throttle and block abusive traffic.
• Security event logs — privacy-safe records of security-relevant events (for example, a blocked request). These contain only a function name, an event type, a short non-identifying detail token, a truncated/redacted reference to the account, and a truncated IP-address prefix. They do not contain your name, email, tokens, request bodies, health data, or message content.

4.11 Optional usage analytics (off by default)

If you opt in under Profile → Data & account → Privacy, we collect anonymous product-usage analytics through PostHog: event names (such as which screen or tab you viewed), coarse feature usage, app version, and device OS version, tied only to an anonymous device identifier. This never includes your name, email, Apple ID, account identifier, food, macros, weight, medication, doses, side effects, chat text, photos, or HealthKit values. We disable session replay, UI autocapture, surveys, and person profiling. It is off by default and you can turn it off again at any time.

4.12 Optional crash and error reports (off by default)

If you opt in separately, we collect crash and error diagnostics through PostHog Error Tracking: stack traces, exception types, app build version, and device model/OS. Symbol files (dSYMs) are uploaded at build time so crashes translate into readable code locations; they do not contain your personal logs. These reports do not include health data or chat content, and properties are sanitized before transmission.

4.13 Reminders and notifications

Reminders (such as hydration or dose reminders) are scheduled locally on your device using iOS notifications. We do not operate a push-message server for these reminders and do not collect a device push token.

Some information you enter into the App (such as weight, GLP-1 medication, doses, side effects, and meal photos) relates to your health and is treated as “sensitive,” “special category,” or “consumer health” personal data under laws such as the EU/UK GDPR, the California Privacy Rights Act, and the Washington My Health My Data Act.

• We minimize collection of this data on our servers by keeping it on your device wherever possible.
• Where sensitive data does leave your device — specifically the meal text and photos you send to Eve AI, and the weekly aggregate snapshots you send for Progress AI insights — we process it only with your explicit, informed consent (the in-app acknowledgment) and solely to provide the estimate or insight you requested.
• The Friends feature shares only the limited, non-content weekly signals described in Section 4.7, and only after you sign in and choose to use it.
• We do not use sensitive or health-related data to infer characteristics about you for advertising, and we do not sell or share it.

We use personal information to:

• Operate the App — store and display your logs, calculate nutrition targets, generate clinician export PDFs, schedule reminders, and provide the features you use.
• Provide Eve AI — estimate the macros of meals you describe or photograph.
• Provide Progress AI insights — summarize your own weekly aggregate tracking numbers after you acknowledge the Progress AI privacy notice.
• Provide Friends — sync your weekly activity signals and interactions with buddies you connect with.
• Operate subscriptions — verify your entitlement and unlock paid features.
• Secure the Services and enforce limits — detect, prevent, and respond to abuse, spam, and security incidents, and enforce fair-use quotas and rate limits.
• Manage the waitlist — record your interest and contact you when CalTrak+ becomes available.
• Communicate with you — send launch-related and occasional product update emails about CalTrak+, and respond to your requests. You can unsubscribe from non-essential emails at any time.
• Improve the Services — only with your opt-in consent for analytics and crash reporting.
• Comply with law — meet legal obligations, respond to lawful requests, and enforce our terms and rights.

We do not use your information for personalized advertising and we do not sell your personal information.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases:

• Consent (Art. 6(1)(a); Art. 9(2)(a) for health data). For joining the waitlist and receiving launch emails, for sending meal text/photos to Eve AI, for sending weekly aggregate snapshots for Progress AI insights, and for optional analytics and crash reporting. You may withdraw consent at any time.
• Performance of a contract (Art. 6(1)(b)). To provide the App features you request, including account sign-in, the Friends feature, and managing your subscription entitlements.
• Legitimate interests (Art. 6(1)(f)). To secure the Services, prevent abuse and fraud, enforce fair-use limits, verify paid entitlements, and operate the Site, where those interests are not overridden by your rights.
• Legal obligation (Art. 6(1)(c)). Where processing is required to comply with law.

Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

Eve AI and Progress AI use automated systems to generate nutrition estimates and summaries of your own tracking numbers. These features:

• run only when you choose to use them and acknowledge the relevant in-app notice;
• produce estimates and informational summaries, not decisions that produce legal effects or similarly significant effects concerning you;
• are advisory only — you remain in control and can edit, accept, or ignore any output; and
• are not medical advice, diagnosis, or treatment, and are not a substitute for guidance from a qualified clinician.

We do not use these features to profile you for advertising, and we do not make solely automated decisions about you that have legal or similarly significant effects within the meaning of Article 22 of the GDPR.

We share personal information only with service providers (processors) that help us run the Services, and only as needed for them to perform services on our behalf under contractual terms that limit their use of the information:

• Apple, Inc. — Sign in with Apple, HealthKit, App Store subscription processing, and App Store Server Notifications.
• Supabase, Inc. — stores waitlist email addresses and your account, Friends, subscription-entitlement, and security/abuse-prevention records, and powers authentication, the Eve AI relay, the Progress AI relay, and Friends Edge Functions.
• Vercel, Inc. — hosts the Site, serves API routes, provides privacy-focused web analytics, and routes Eve AI and Progress AI requests via the Vercel AI Gateway.
• Google LLC and OpenAI, L.L.C. — process the meal text and photos you send to Eve AI, and the weekly aggregate snapshots you send for Progress AI insights, to generate estimates and insights. (For Eve AI, Google is primary and OpenAI is the fallback; for Progress AI, OpenAI is primary and Google is the fallback.)
• Perplexity AI, Inc. — may process concise nutrition-search queries from Eve AI when the assistant looks up published nutrition facts.
• PostHog, Inc. — processes optional, opt-in, anonymous usage analytics and crash/error diagnostics.

We may also disclose information if required by law, court order, or valid government request, or to protect the rights, safety, and security of CalTrak+, our users, or others, or in connection with a business transfer (such as a merger or acquisition), subject to this policy.

We do not sell personal information, we do not sell or share consumer health data, and we do not share personal information for cross-context behavioral advertising.

The Site does not set advertising cookies and does not use third-party advertising trackers. We use Vercel Web Analytics, which is designed to measure page views and performance without third-party advertising cookies. Our hosting infrastructure may still process technical data such as IP addresses and user-agent strings in server logs as part of normal operation.

The App does not use web cookies. Optional in-app analytics rely on an anonymous device identifier rather than advertising identifiers, and only when you opt in.

Because we do not sell or share personal information and do not serve targeted advertising, there is nothing to opt out of via browser-based opt-out preference signals such as Global Privacy Control (GPC); where applicable, we treat such a signal as a valid request not to sell or share your personal information.

CalTrak+ is operated from Malaysia and is available globally. Our service providers (including Apple, Supabase, Vercel, Google, OpenAI, Perplexity, and PostHog) may store and process information in the United States and other countries that may have data-protection laws different from those in your country. Malaysia and several of these countries have not received an EU “adequacy” decision. Where required for transfers out of the EEA, UK, or Switzerland, we and our providers rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent mechanisms. You may contact us for more information about these safeguards.

• On-device App data: retained until you delete it in the App or delete your account.
• Account and Friends records (Supabase): retained until you delete your account through the in-app deletion flow.
• Subscription entitlement records: retained while your account exists and deleted when you delete your account.
• Service-limit and rate-limit counters: per-account counters are deleted when you delete your account; short-window network (IP-based) counters expire automatically as their time windows age.
• Security event logs: retained for approximately 90 days and then deleted.
• Eve AI messages and Progress AI snapshots: processed to return your result and not stored in our database; AI providers may retain inputs only transiently for abuse monitoring under their own terms.
• Optional analytics and crash data (PostHog): retained per our configuration (generally up to 7 years) unless deleted earlier at your request or when you withdraw consent.
• Waitlist email: retained until CalTrak+ launches and for a reasonable period afterward, or until you unsubscribe or ask us to delete it.
• Server, hosting, and analytics logs: retained per our providers’ default schedules, used for security, debugging, and aggregate measurement.

We use reasonable administrative, technical, and organizational measures to protect personal information, including:

• HTTPS/TLS encryption in transit and Apple platform encryption for on-device data
• Storing the account session token in the device Keychain
• Server-only access to database credentials (never exposed in the browser), with row-level security and least-privilege access on our backend
• Input validation, rate limiting, and abuse protections on our APIs
• Security headers such as a Content Security Policy, HSTS, and frame protections on the Site
• Sanitizing telemetry before transmission and disabling session replay, UI autocapture, and person profiling in PostHog

No method of transmission or storage is completely secure. If we become aware of a personal-data breach that affects you, we will notify you and the relevant authorities where and as required by applicable law (for example, within the timelines set by the GDPR and U.S. state breach-notice laws). If you believe your interaction with us is no longer secure, please contact us promptly.

Depending on where you live, you may have some or all of these rights:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Delete your information
• Withdraw consent where processing relies on consent
• Object to or restrict certain processing
• Receive a portable copy of information you provided
• Opt out of any “sale” or “sharing” and limit use of sensitive data
• Appeal a decision we make about your request
• Lodge a complaint with your local data protection authority

How to exercise your rights. Email us at developer@rainfroglabs.com. We may need to verify your request before responding, you may use an authorized agent where the law allows, and we will not discriminate against you for exercising your rights. If we decline your request, you may appeal by replying to our response; you may also complain to your local supervisory authority (for example, your EEA data protection authority, the UK Information Commissioner’s Office, or Malaysia’s Personal Data Protection Department).

Account deletion. You can delete your account directly in the App (Profile settings). In-app deletion wipes your local data and, for signed-in users, deletes your server-side records — including your authentication record, Friends profile and buddy graph, service-limit and rate-limit counters, and subscription-entitlement record — and clears your session. Deleting your account does not cancel your App Store subscription (manage that in your Apple Settings) and does not remove data you previously wrote to Apple Health. To delete a waitlist email, email us and we will remove it.

Communication choices.You can unsubscribe from non-essential emails using the link in those emails or by contacting us. You can toggle in-app analytics and crash reporting under Profile → Data & account → Privacy, and control HealthKit access in iOS Settings.

California (CCPA/CPRA)

In the past 12 months we have collected the following categories of personal information: identifiers (such as email address, account identifier, and IP address); commercial information (such as your subscription/entitlement status); internet or other electronic network activity (such as pages viewed and opt-in analytics events); and, within the App and only as described above, health-related information you choose to enter, which may be treated as sensitive personal information. We collect this from you, from your device, and from Apple (sign-in and subscription events). We use it for the business purposes described in Section 6, and we disclose it to the service providers listed in Section 9. We do not sell or share personal information for cross-context behavioral advertising, and we do not use sensitive personal information for purposes that would trigger the right to limit its use beyond providing the Services you request. We do not knowingly sell or share the personal information of consumers under 16. California residents may exercise access, deletion, correction, and opt-out rights, and may appeal a denial, by emailing developer@rainfroglabs.com. Under California’s “Shine the Light” law, we do not share personal information with third parties for their own direct marketing.

Washington, Nevada, and other consumer health data laws

The Washington My Health My Data Act, the Nevada consumer health data law (SB 370), and similar laws regulate “consumer health data.” We are not a HIPAA covered entity or business associate. Where these laws apply, we collect consumer health data only to provide the features you use and with your consent; we do not sell consumer health data (which would require a separate valid authorization that we do not seek); and we restrict access to it. You may exercise rights to access, delete, and withdraw consent regarding your consumer health data by emailing developer@rainfroglabs.com.

Other U.S. states

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) may have rights to access, correct, delete, and obtain a copy of their personal data, to opt out of targeted advertising, sale, and certain profiling, and to appeal a denied request. Because we do not engage in targeted advertising, sale, or such profiling, there is nothing to opt out of, but you may still exercise your access, correction, deletion, and appeal rights by contacting us.

EEA, UK, and Switzerland

See Sections 7, 8, 11, and 14. You have the right to lodge a complaint with your local supervisory authority, and the right to withdraw consent at any time.

Canada (PIPEDA and Quebec Law 25)

We obtain consent appropriate to the sensitivity of the information, limit collection to what is necessary, and let you access and correct your personal information by contacting us. Residents of Quebec may have additional rights under Law 25, including in relation to automated processing and data portability.

Australia

We handle personal information in line with the Australian Privacy Principles, including limits on use and disclosure of sensitive information, and you may request access or correction by contacting us.

Malaysia (PDPA)

We are based in Malaysia. Where the Malaysian Personal Data Protection Act 2010 (as amended) applies, we process personal data with your consent and for purposes a reasonable person would consider appropriate, give notice of our processing, keep data accurate and secure, and honor withdrawal-of-consent, access, and correction requests. You may contact us at the email above as our point of contact for PDPA matters, and you may contact Malaysia’s Personal Data Protection Department (Jabatan Perlindungan Data Peribadi).

The Services are intended for adults aged 18 and older and are not directed to children. We do not knowingly collect personal information from anyone under 18 (or under 13 on the waitlist Site). If you believe a minor has provided us with personal information, contact us and we will take steps to delete it.

CalTrak+ is distributed through the Apple App Store and follows Apple’s requirements:

• Sign in with Apple data (identity token, and the name/email or relay email you allow) is used only to create and secure your account.
• HealthKit data is used only to provide app features on your device, is never used for advertising or marketing, is never sold, and is never shared with third parties or our analytics providers.
• App Store subscriptions are handled by Apple; we do not receive your payment card details. We process Apple’s App Store Server Notifications only to keep your subscription-entitlement status current.
• Our App Privacy details on the App Store product page are kept consistent with this policy.

The Services may link to or rely on third-party websites and services with their own privacy practices governed by their own policies, not this one. We encourage you to review those policies, including Apple, Supabase, Vercel, Google, OpenAI, Perplexity, and PostHog.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above. If changes are material, we may provide additional notice on the Site or require re-acceptance in the App. Your continued use of the Services after an update means you accept the revised policy.

If you have questions about this Privacy Policy or our privacy practices, contact:

Shivendra Ananthan Chelliah
CalTrak+
Email: developer@rainfroglabs.com