Skip to main content
← Back

Privacy Policy

Last updated: May 22, 2026

1. Information We Collect

We collect the following types of information:

  • Account information: name, email address, phone number, role, organization
  • Health & nutrition data: food logs, meal plans, body composition, dietary goals, sleep, hydration, glucose readings, workouts
  • Sensitive health data: biological sex and (when entered) menstrual cycle data — used to tailor calorie / macro / supplement recommendations
  • Payment information: when you purchase coaching from a marketplace dietitian, payment details are entered into Stripe’s hosted checkout (Calsanova never sees full card numbers); we retain transaction metadata (amount, status, dietitian, timestamp) linked to your account
  • Usage data: feature usage, session information, device type
  • Communication data: in-app messages between you and your dietitian, plus video consultation audio and transcripts (when consented)

1a. SMS/Text Messaging

When you provide your phone number during registration and consent to receive text messages, we collect your phone number to send you SMS messages related to the Calsanova service. These messages may include:

  • Phone number verification codes during signup
  • Account security alerts (password resets, suspicious login attempts)
  • Appointment reminders for scheduled consultations with your dietitian
  • Meal logging reminders and nutrition goal notifications

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Your phone number is used solely for the purposes described above and is not sold, rented, or shared with any third party except our SMS service provider (Twilio) which processes messages on our behalf under strict data processing agreements.

You may opt out of SMS messages at any time by replying STOP to any message. For help, reply HELP or contact support@calsanova.com. Message frequency varies based on your account activity. Message and data rates may apply.

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Generate personalized nutritional insights and meal plans
  • Facilitate secure messaging, scheduling, and document exchange between members and their assigned providers (Registered Dietitians, Calsanova Coaches, or Specialist Coaches)
  • Improve the Service through aggregated, anonymized analytics
  • Send important account and service notifications

3. AI Processing

Calsanova uses artificial intelligence to generate nutritional insights, meal plans, and recommendations. Your nutritional data may be processed by AI models to provide these features. AI-generated content is clearly labeled and should not be considered medical advice.

4. Data Storage & Security

Your data is stored securely using industry-standard encryption. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Passwords are hashed using bcrypt and are never stored in plain text.

4a. Health Data & HIPAA Considerations

Calsanova collects and processes health-related information including dietary intake, body composition, nutritional goals, biological sex, menstrual cycle data (when entered), sleep, hydration, glucose readings, and consultation notes (including audio recorded during video sessions when consented). We recognize the sensitive nature of this data and apply the following safeguards:

  • Health data is encrypted in transit (TLS) and at rest
  • Access to health data is restricted to authorized users (the member and their assigned provider — Registered Dietitian, Calsanova Coach, or Specialist Coach, as displayed on the provider profile)
  • We do not share health data with third parties for marketing or advertising purposes
  • AI-processed health data is not used to train models or shared outside your care team
  • Users may request complete deletion of their health data at any time

HIPAA Notice: While Calsanova implements security practices aligned with HIPAA standards, the platform is designed as a nutrition + performance-coaching tool for Registered Dietitians, Calsanova Coaches, Specialist Coaches, and members — not as a covered healthcare provider or health plan. If your organization requires a Business Associate Agreement (BAA) or formal HIPAA compliance certification, please contact us at compliance@calsanova.com to discuss your specific requirements.

4b. Apple HealthKit Data

The Calsanova iOS app integrates with Apple HealthKit to read and write health and fitness metrics including weight, body composition, heart rate, sleep, steps, and workout data. Per Apple’s HealthKit data-use policies, the following safeguards apply specifically to data accessed via HealthKit:

  • HealthKit data is used only to provide and personalize the Service’s nutrition tracking, meal planning, body composition, and coaching features
  • HealthKit data is never used for advertising, marketing, analytics, or any third-party data-mining purpose
  • HealthKit data is never shared with third parties for advertising
  • HealthKit data is never sold to data brokers or any third party
  • HealthKit data is never used to train AI models or shared outside your care team
  • HealthKit access is opt-in per category; you can revoke any individual permission at any time via iOS Settings → Health → Data Access & Devices → Calsanova

HealthKit data flows are governed by the App Store Review Guidelines section 5.1.3 and the Apple Developer Program License Agreement. If you believe these terms have been violated, you may report concerns to Apple directly or to privacy@calsanova.com.

5. Data Sharing

We do not sell your personal data. We may share your information with:

  • Your assigned provider within the platform — a Registered Dietitian, Calsanova Coach, or Specialist Coach. The provider’s credential type is displayed on their profile so you have transparency about who is providing care.
  • Service providers who assist in operating the platform (under strict data processing agreements)
  • Law enforcement when required by applicable law

5a. Third-Party Service Providers

We rely on the following service providers to operate the Service. Each is bound by a data processing agreement and processes data only on our behalf for the purpose listed. None of these processors receive HealthKit data except where explicitly noted:

  • Google Cloud Platform — application hosting (Cloud Run), database (Cloud SQL Postgres), object storage, and CI/CD. All data encrypted at rest and in transit.
  • Sentry — error tracking and performance monitoring. Receives error stack traces and user identifiers (account ID, email) for diagnostic purposes. Does not receive HealthKit data, food log content, or message content.
  • Resend — transactional and marketing email delivery. Receives recipient email address, name, and template variables.
  • RevenueCat — in-app purchase and subscription entitlement management. Receives App Store transaction identifiers and subscription status.
  • Apple Push Notification Service (APNs) and Firebase Cloud Messaging (FCM) — push notification delivery. Receives device push tokens and notification payloads.
  • Stripe and Stripe Connect — payment processing for marketplace coaching purchases and dietitian payouts. Stripe receives payment information directly; Calsanova never sees full card or bank account numbers.
  • Twilio — SMS message delivery for verification codes and security alerts (see section 1a).
  • OpenAI and Anthropic — large-language-model providers used for AI nutrition coaching and meal-plan generation. Inputs are processed under zero-data-retention agreements where available; HealthKit data is not transmitted to these providers.

5b. International Data Transfer

Calsanova is operated from the United States. If you access the Service from outside the U.S., your data will be transferred to, stored in, and processed in the U.S. By using the Service, you consent to this transfer.

For users in the European Economic Area, United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to lawfully transfer personal data to our U.S. infrastructure and sub-processors. You may request a copy of the relevant SCCs by emailing privacy@calsanova.com.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing
  • Lodge a complaint with a supervisory authority

6a. How To Delete Your Account

You can delete your account and all associated data at any time:

  1. Log in to your account at calsanova.com or the Calsanova app
  2. Navigate to Settings (accessible from your profile)
  3. Scroll to the Danger Zone section
  4. Click “Delete Account” and confirm

Upon confirmation, the following data is permanently deleted within 30 days:

  • Account information: name, email, profile, credentials
  • Health & nutrition data: food logs, meal plans, body composition, goals, hydration logs
  • Workout data: workout journal entries and exercise history
  • Communication data: messages with coaches/dietitians, consultation notes
  • AI interaction data: Kiwi AI conversation history and queries
  • Device tokens: push notification registrations

Data that may be retained: Anonymized, aggregated analytics data that cannot be linked back to you. Transaction records required for legal or tax compliance (up to 7 years). Data that has been shared with your assigned provider (Registered Dietitian, Calsanova Coach, or Specialist Coach) as part of their professional records may be retained by them separately.

6b. How To Delete Specific Data

You can delete specific data without deleting your account:

  • Food logs: Swipe or click delete on individual entries in your food diary
  • Weight/body composition: Remove entries from your body composition history
  • Workout logs: Delete individual workouts from your workout journal
  • All health data: Email privacy@calsanova.com to request bulk deletion of all health data while keeping your account active

Deletion requests sent to privacy@calsanova.com are processed within 30 days. You will receive email confirmation when your data has been deleted.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you request account deletion, we will delete your personal data within 30 days, except where retention is required by law.

  • Active accounts: Data retained as long as your account is active
  • Deleted accounts: Personal data permanently removed within 30 days
  • Backups: Data may persist in encrypted backups for up to 90 days after deletion, after which it is purged
  • Legal requirements: Transaction and billing records may be retained for up to 7 years for tax and legal compliance

7a. Security Incident Notification

In the event of a security incident that affects the confidentiality, integrity, or availability of your personal or health data, we will notify affected users without undue delay and, where required by applicable law, within statutory timeframes (e.g., 72 hours under GDPR, 60 days under the HIPAA Breach Notification Rule). Notification will include the nature of the incident, data categories affected, mitigation steps taken, and recommended user actions. We will also notify regulators where required by law.

8. Cookies

Calsanova uses essential cookies and local storage for authentication and user preferences. We do not use third-party tracking cookies.

9. Children's Privacy (COPPA)

Calsanova is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. Users must confirm they are 13 years of age or older during registration. If we learn that we have collected personal information from a child under 13, we will promptly delete such information.

Users between 13 and 18 should use the Service under the supervision of a parent or guardian. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@calsanova.com.

9a. Apple App Store Age Rating

The Calsanova iOS application is rated 16+ in the Apple App Store due to references to nutrition and supplementation guidance that may not be appropriate for younger users. The 16+ rating governs Apple App Store distribution. The under-13 prohibition described in section 9 above remains in effect independently as a U.S. federal-law (COPPA) requirement.

10. Changes To This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the “Last updated” date and, where appropriate, through in-app notification.

11. Contact

For privacy-related inquiries, contact our Data Protection Officer at privacy@calsanova.com.

12. Apple App Store Privacy Disclosures

The following data types are collected by the Calsanova iOS application as disclosed in the Apple App Store privacy label. Each item lists how the data is used. None of these data types are used for tracking purposes — we do not link your data with third-party data for advertising and we do not share with data brokers.

  • Contact Info — Name: app functionality, product personalization, and developer’s marketing communications.
  • Contact Info — Email Address: app functionality, analytics, and developer’s marketing communications.
  • Contact Info — Phone Number: app functionality only (multi-factor authentication, account recovery, fraud prevention).
  • Health & Fitness — Health and Fitness: app functionality and product personalization only. Per Apple HealthKit terms, never used for analytics, advertising, or marketing.
  • Financial Info — Payment Info: app functionality only (processing marketplace coaching transactions via Stripe Checkout; full card numbers never reach Calsanova’s servers).
  • Sensitive Info: app functionality and product personalization (biological sex and, when entered, menstrual cycle data — used to tailor calorie / macro / supplement recommendations). Never used for analytics, advertising, or marketing.
  • User Content — Photos or Videos: app functionality (meal-photo logging and macro estimation; body-composition progress photos).
  • User Content — Audio Data: app functionality only (audio recorded during video consultations with your assigned provider — Registered Dietitian, Calsanova Coach, or Specialist Coach — when consented, for SOAP-note or session-note documentation). Coach session notes are subject to quarterly review by Calsanova’s operator-RD for scope-of-practice compliance. Audio is never shared outside your care team.
  • User Content — Customer Support: app functionality (responding to support requests).
  • User Content — Other User Content: app functionality and product personalization (food logs, journal entries, coaching notes).
  • User Content — Emails or Text Messages: app functionality (in-app coach-member messaging).
  • Search History: app functionality, analytics, and product personalization (improving in-app food search).
  • Identifiers — User ID: app functionality, analytics, and product personalization.
  • Identifiers — Device ID: app functionality and developer’s marketing (push notification delivery and re-engagement reminders).
  • Purchases — Purchase History: app functionality and analytics (entitlement management and revenue analytics).
  • Usage Data — Product Interaction: app functionality, analytics, and product personalization.
  • Diagnostics — Crash Data, Performance Data, Other Diagnostic Data: app functionality only (debugging and reliability).

All data types listed above are linked to your user identity. None are used for tracking purposes as defined by Apple’s App Privacy framework.