Privacy Policy
Last updated: 28 April 2026
This policy describes what data NordCalAI ("we", "us") collects when you use the NordCalAI app and nordcal.se website, why we collect it, and what your rights are. It's written to be readable. The legal version is the same — we just use shorter sentences.
Who is the data controller?
The data controller is the operator of NordCalAI, contactable at support@nordcal.se. We're based in Sweden, EU.
What we collect and why
Account data
- Email address — required to create your account and to send the one-time code that verifies you own that email.
- Display name and username — optional, only used inside the app and on the social/friends screen if you enable it.
Legal basis: contract performance (Art. 6(1)(b) GDPR).
Profile and health data you enter
- Weight, height, sex, date of birth, activity level, weight goal, weight-loss tempo.
- This is used to calculate your daily calorie and macro targets.
Legal basis: explicit consent for special-category data (Art. 9(2)(a) GDPR), given when you complete onboarding.
Usage data you generate
- Meals you log (food items, portions, time, photos if you choose to scan).
- Water intake, weight history, exercise entries, recipes you save.
- Step count from your phone's motion sensor (Apple Health / Android step counter), only if you grant permission.
Legal basis: contract performance (Art. 6(1)(b) GDPR).
Subscription & billing
- If you subscribe, your app store handles the payment. We never see your card number.
- We receive your subscription status (active / cancelled / expired) so we can unlock the right features.
Legal basis: contract performance (Art. 6(1)(b) GDPR).
Technical data
- Device type, OS version, app version — to debug crashes and pick the right build.
- IP address — temporarily logged by our servers (max 30 days) for security and abuse prevention.
Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
What we don't collect
- No advertising IDs, no third-party ad pixels, no Facebook/Google Ads SDKs.
- No location tracking. Your phone's GPS is never read.
- No browsing history, contacts, calendar, or microphone recordings.
How we use the AI
When you scan a meal photo, the image is sent to a third-party vision model to identify foods and estimate portions. The image is processed and not retained for model training. The image is never associated with your name or email when sent to the AI provider — only with a session identifier.
Where your data lives
Your data is stored on EU-based cloud infrastructure with industry-standard encryption at rest and in transit. Meal photos are kept only while the meal entry exists; deleting a meal removes its photo.
Third-party services we use
To deliver the service, we work with trusted providers for cloud hosting, authentication, AI photo analysis, subscription management, and email delivery. All providers we use are GDPR-compliant. We do not sell, rent, or share your personal data for advertising or analytics. For a current list of sub-processors, email support@nordcal.se.
How long we keep it
- While your account is active — for as long as you use the app.
- If you delete your account — all profile, meal, water, and weight data is erased within 30 days. Anonymous aggregates may persist.
- Email verification codes — discarded after 10 minutes.
- IP logs — auto-deleted after 30 days.
Your rights (GDPR)
You have the right to:
- Access the data we have about you — email support@nordcal.se.
- Rectify incorrect data — most of it is editable in the app's Profile screen.
- Erase your account and data — Profile → Delete Account, or email us.
- Export your data in JSON format — email us.
- Withdraw consent at any time — sign out or delete your account.
- Lodge a complaint with the Swedish data protection authority (Integritetsskyddsmyndigheten, IMY) at imy.se.
Children
NordCalAI is not directed at children under 13. If you believe a child under 13 has provided us with personal data, contact us and we'll delete it.
Changes to this policy
If we make material changes, we'll notify you in the app and update the "Last updated" date. Minor wording fixes happen without notice.