Privacy Policy
Last updated: April 3, 2026
AfroCal ("we", "our", or "the app") is developed and operated by Bryte Labs. This Privacy Policy explains how we collect, use, store, and protect your information when you use the AfroCal mobile application. It also explains your rights regarding your data under applicable privacy laws including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), the Australian Privacy Act 1988, and Nigeria's NDPR.
Beta Notice: AfroCal is currently in beta. The service is free to use during this period. A Pro subscription plan is planned for a future release. We will notify you of any changes to pricing or features through the app before they take effect.
1. Information We Collect
Information You Provide
- Account Information: When you sign in with Apple, we receive your Apple user identifier and, if you choose to share them, your name and email address. Apple may provide a private relay email address instead of your real email.
- Profile Information: Name, email, and daily nutrition goals that you set within the app.
- Meal Logs: Food items you log, portion sizes, timestamps, notes, and calorie/nutrition data.
Information Collected Automatically
- Food Photos: When you use the AI food recognition feature (requires sign-in), the image is sent to our server for AI analysis. Photos are processed in real-time and are not stored on our servers after analysis is complete.
- Device Information: We do not collect device identifiers, IP addresses, or analytics data.
- Local Storage: Meal data and food photos are stored on your device to enable offline use. This data remains on your device even when you are signed out.
2. How We Use Your Information
We process your personal data on the following legal bases (where applicable under GDPR):
- Performance of a contract — to provide the AfroCal service you have requested, including food tracking, AI recognition, and account management.
- Legitimate interests — to maintain the security and reliability of our service, and to detect and prevent abuse.
- Consent — for push notifications, which you may withdraw at any time in your device settings.
Specifically, we use your information to:
- Identify food items, calculate nutritional information, track your meals, and display your nutrition history.
- Process food photos through our AI service (Anthropic Claude API) to identify food items and estimate nutrition. You must be signed in to use this feature. Images are processed ephemerally and not retained.
- Authenticate your identity and sync your meal data across sessions and devices.
- Send meal reminders via push notification if you opt in.
3. Data Storage, Offline Mode, and Sync
On-Device Storage
- Your meal logs and food photos are stored locally on your device at all times, regardless of whether you are signed in.
- This allows you to continue logging meals and viewing your history when you are signed out or offline.
- Authentication tokens are stored in the iOS Keychain, which provides hardware-level encryption.
- Preference settings (such as appearance mode and notification preferences) are stored in on-device system storage (UserDefaults).
What Happens When You Sign Out
- Your meal data and food photos remain on your device when you sign out.
- Your session token is removed from the Keychain — you will need to sign in again to access server-synced features.
- You can continue to log, view, and manage meals locally while signed out.
Automatic Sync on Sign-In
- When you sign back in, any meals you logged while signed out are automatically uploaded to your account on our servers.
- Your server-side meal history is also downloaded and merged with your local data, so no data is lost.
- Conflict resolution: local meals created while offline are pushed to the backend; meals deleted from another device are removed locally.
Server-Side Storage
- Meal logs and profile data linked to your account are stored on our secure backend (hosted by Convex).
- All data transmission between the app and our servers uses HTTPS/TLS encryption.
- We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.
4. Third-Party Services
We use the following third-party services to operate AfroCal:
- Apple Sign-In: For authentication. Subject to Apple's Privacy Policy.
- Convex: For backend data storage and server functions. Data is stored in Convex's cloud infrastructure. Subject to Convex's Privacy Policy.
- Anthropic (Claude API): For AI-powered food recognition. Food images are sent to Anthropic's API for processing only when you are signed in and actively using the scan feature. Images sent via the API are not used to train AI models per Anthropic's API usage policy. Subject to Anthropic's Privacy Policy.
- Open Food Facts: For barcode product lookups. This is a public open-source database. No personal data is shared with it.
- Apple Push Notification Service (APNs): For delivering meal reminders if you opt in. Subject to Apple's Privacy Policy.
- Apple StoreKit: For managing future in-app subscriptions. Any subscription payments are processed by Apple, not by Bryte Labs. Subject to Apple's Privacy Policy.
5. Camera and Photo Library
AfroCal requests access to your device camera and photo library solely to capture or select food images for nutritional analysis. We do not access your camera or photo library for any other purpose. You must be signed in to use AI-powered food recognition.
- Photos are compressed and resized before transmission (max 5MB).
- Photos are sent to our server over HTTPS/TLS for AI analysis.
- Photos are not stored on our servers after processing is complete.
- A copy of the food photo may be stored locally on your device as part of the meal log entry. This copy is removed when you delete the meal or delete your account.
- Photos are not shared with any third party other than the AI processing service (Anthropic) for the sole purpose of food identification.
6. Data Retention and Deletion
Account Data
- Your account and server-side meal data are retained for as long as your account is active.
- You can delete your account directly within the app (Settings → Delete Account). This permanently removes all your data from our servers, including your profile and all meal history.
- Account deletion is irreversible. Once deleted, your data cannot be recovered from our servers.
Local Data
- When you sign out, local meal data and photos remain on your device.
- When you delete your account from within the app, locally cached data and photos are also cleared from the device.
- You may also delete all local data by uninstalling the AfroCal app from your device.
Session Tokens
- Your authentication session token is deleted from the iOS Keychain immediately upon sign-out or account deletion.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
All Users
- Access: View your personal data stored in the app at any time through your profile and meal history.
- Correct: Update your profile information at any time through Settings → Personal Information.
- Delete: Delete your account and all associated server-side data directly within the app (Settings → Delete Account), or by contacting us.
- Opt out of notifications: Disable push notifications at any time in your device settings or within the app.
EU/UK Users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following additional rights under the GDPR:
- Right to erasure ("right to be forgotten"): Request deletion of your personal data. You may do this directly in-app or by contacting us.
- Right to data portability: Request a copy of your personal data in a structured, machine-readable format. Contact us at hello@brytelabs.co.
- Right to restriction of processing: Request that we limit how we use your data in certain circumstances.
- Right to object: Object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent (e.g. push notifications), you may withdraw consent at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint: You have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, or your country's supervisory authority).
Bryte Labs acts as the data controller for personal data processed through AfroCal. To exercise your GDPR rights, contact us at hello@brytelabs.co. We will respond within 30 days.
California Users (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you the following rights:
- Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, our purpose for collecting it, and the categories of third parties with whom we share it.
- Right to delete: You may request deletion of personal information we have collected from you, subject to certain exceptions. You may do this directly in-app or by contacting us.
- Right to correct: You may request correction of inaccurate personal information.
- Right to opt out of sale or sharing: We do not sell or share your personal information with third parties for cross-context behavioural advertising.
- Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
- Sensitive personal information: We collect food photos for AI analysis (which may constitute sensitive personal information). This data is used solely to provide the food recognition service and is not retained on our servers.
To exercise your California privacy rights, contact us at hello@brytelabs.co or use the in-app account deletion feature.
Australian Users (Privacy Act 1988)
If you are located in Australia, you have rights under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), including the right to access and correct your personal information and to complain to the Office of the Australian Information Commissioner (OAIC) if you believe your privacy rights have been breached.
8. International Data Transfers
AfroCal is operated from and data is processed in jurisdictions where our service providers (Convex, Anthropic, Apple) maintain infrastructure, which may include the United States. If you are located in the EEA, UK, or other jurisdictions with data transfer restrictions, your data may be transferred internationally. We rely on the following safeguards for such transfers:
- Standard Contractual Clauses (SCCs) where required under GDPR.
- Our third-party providers' compliance with applicable data transfer frameworks.
9. Children's Privacy
AfroCal is not directed at children under the age of 13 (or 16 in certain EU jurisdictions). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at hello@brytelabs.co and we will delete it promptly.
10. Security
- Authentication tokens are stored in the iOS Keychain with hardware-level encryption.
- All data transmitted between the app and our servers is encrypted using HTTPS/TLS.
- Local meal data is stored with iOS data protection (encrypted at rest when the device is locked).
- We do not store payment information — all subscription payments are processed by Apple.
- Despite our safeguards, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
11. Beta Program
AfroCal is currently in a beta phase. During beta:
- The service is provided free of charge.
- Features and functionality may change.
- A Pro subscription plan with additional features (including unlimited AI food scans) is planned for a future release.
- We will provide advance notice in the app before any paid features are introduced.
- Your data collected during beta will carry over to the general release version.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of material changes through the app and by updating the "Last updated" date above. For significant changes (such as new data uses or third-party sharing), we will seek fresh consent where required by law. Continued use of the app after changes take effect constitutes acceptance of the updated policy.
13. Contact Us
For questions about this Privacy Policy, to exercise your data rights, or to lodge a privacy complaint, contact us at:
Bryte Labs
Email: hello@brytelabs.co
Website: brytelabs.co
We aim to respond to all privacy enquiries within 30 days. EU/UK users who are not satisfied with our response may escalate to their local data protection authority.
Also see our Terms of Service.