Privacy Policy

Version 2.1 • Last updated: February 12, 2026

Welcome to Cholify ("we," "our," "us"). We are committed to protecting your privacy and ensuring your personal data is handled securely, responsibly, and transparently.

This Privacy Policy explains how we collect, use, and protect your data when you interact with our services, which include:

  • Our marketing landing page (LP)
  • Our Cholify mobile application (App)

It also outlines your rights and how you can exercise them.

1. Who Can Use Our Services

Our services are intended only for individuals 18 years of age or older. This is because the nutrition and fitness guidance we provide is designed for adults and is based, in part, on European Food Safety Authority (EFSA) nutrient reference values for individuals aged 18 and above. Our system also incorporates additional expert guidelines and proprietary logic developed for adult physiology.

We do not knowingly collect personal data from anyone under 18. If we discover that we have inadvertently collected data from someone under 18, we will delete it immediately.

2. Information We Collect

a. Contact & Account Information

  • Email address (LP waitlist and App registration)
  • Username (App)
  • Account identifiers (user ID)

b. Biometric & Personal Attributes (App)

  • Date of birth (or age)
  • Weight
  • Height
  • Sex
  • Body fat percentage or body type (e.g., underweight, normal, fit)

These data points are necessary to calculate nutrition estimates and personalize features.

c. Activity Data (App)

  • Physical Activity Level (PAL)
  • Logged activities (e.g., football / 30 minutes / intense)

d. Goals & Preferences (App)

  • Fitness goals (e.g., lose weight, gain muscle, maintain)
  • Target weight
  • Dietary preferences
  • Allergens

e. Health & Nutritional Data (App)

We generate nutrition scores and insights based on information you provide. These calculations use dietary reference values (including EFSA guidance) as a scientific baseline, supplemented by additional proprietary logic and internally developed calculation methods.

Important: These data are considered sensitive personal data under GDPR and are processed only with your explicit consent. Our nutrition scores are estimates, intended for general guidance only. They do not assess health and are not medical advice.

f. Meal Tracking (App)

  • Meals, foods, and recipes you log
  • Associated nutritional breakdowns
  • Dates and times of entries

g. Images & Media (App)

  • Profile pictures
  • Food, meal, or recipe images you upload

Images are processed securely. Metadata (such as EXIF data) is removed where possible. Images are used only to provide app functionality and are not used to train AI models without your explicit consent.

h. Voice Input (If Enabled)

If you use voice features:

  • Audio is converted to text for logging
  • Audio recordings are not retained after transcription
  • Resulting text is processed like standard meal entries

i. AI Interaction Data

When you use AI-powered features (e.g., nutrition chat, food image recognition, recipe generation, voice coaching), the following categories of data may be shared with third-party AI providers depending on the feature you use and the permissions you grant:

  • Text Queries: Chat messages, prompts, and text input you submit for AI analysis (e.g., asking nutrition questions, requesting recipes).
  • Food Photos: Images you capture or upload for meal analysis and nutrition label scanning.
  • Voice Data: Audio recordings captured when using voice input features, sent for speech-to-text transcription. Audio recordings are not retained after transcription.
  • Profile & Health Context: Your weight, height, age, sex, dietary goals, and allergy information, used to personalize AI responses.
  • Meal History: Your logged meals and daily calorie/macronutrient data, used to provide nutritional context for AI recommendations.

Before any data is sent to AI services, you will be asked for explicit consent through an in-app consent dialog. You can control which categories of data are shared individually and change your preferences at any time in Settings > AI Data Sharing. See Section 10 for details on our AI partners and data handling.

j. Tracking & Analytics Data (LP)

We use Umami, a privacy-focused, cookie-less analytics tool, to collect anonymized usage data for the LP, including:

  • Device type, operating system, browser
  • Pages visited and time spent

This data cannot be used to identify you personally.

k. Push Notification Data

  • Push notification tokens
  • Device and platform information (iOS / Android)

Used only to deliver app notifications.

3. How We Obtain Explicit Consent for Health Data

Before collecting or processing biometric or health-related data, we present a clear consent prompt explaining:

  • What data is collected
  • Why it is needed
  • How it is used

You must actively agree before these features are enabled. You may withdraw your consent at any time by contacting us.

4. How We Use Your Data

We use your data to:

  • Provide and operate the App
  • Personalize nutrition insights and estimates
  • Generate nutrition scores and recommendations
  • Track progress and display analytics
  • Send essential service communications
  • Improve performance and user experience
  • Enhance security and prevent misuse
  • Comply with legal obligations

5. Legal Basis for Processing

We process personal data based on:

  • Contract performance – to deliver features you request
  • Explicit consent – for health and biometric data
  • Legitimate interests – service improvement, analytics, security
  • Legal obligations – compliance and record-keeping

6. Payments & Subscriptions

Paid features are offered through subscriptions processed by Apple App Store.

We do not collect or store full payment details (such as credit card numbers). We receive limited information such as:

  • Subscription status
  • Subscription tier
  • Renewal or expiration dates

Payments, billing, cancellations, and refunds are handled by the respective app store under their own terms and privacy policies.

7. Data Sharing and Disclosure

We do not sell your personal data.

We may share data with:

  • Service providers (cloud hosting, email delivery, analytics)
  • Third-party AI providers (for processing AI feature requests only — see details below)
  • Legal authorities, when required by law

AI Partners

We share data with the following third-party AI providers solely to deliver AI-powered features you request:

ProviderPurposeData Received
Google Gemini (Google LLC)Text analysis, food image recognition, nutrition recommendationsText queries, food photos, profile context, meal history (as applicable)
Google Speech-to-Text (Google LLC)Voice transcriptionAudio recordings when you use voice input

Our AI partner does not use your personal data to train AI models. Data sent to AI services is used solely for processing your specific request and is not stored longer than necessary for that processing. Google's data processing is governed by Google's Cloud Data Processing Addendum and Privacy Policy.

All processors operate under contractual safeguards and data-protection agreements that provide protection equivalent to GDPR and CCPA standards.

8. Data Retention

  • LP waitlist emails: retained until beta completion unless converted into an App account
  • App account data: retained until account deletion
  • After deletion, limited records (e.g., consent logs) may be retained for up to 2 years for legal and compliance purposes
  • AI interaction data: retained only briefly as required for functionality
  • Analytics data: retained in aggregated form only

9. International Data Transfers

If data is transferred outside the EU/EEA, we apply appropriate safeguards, including:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • EU–US Data Privacy Framework (where applicable)

10. AI-Powered Features, Consent, and Data Protection

10.1 How AI Features Work

Cholify uses third-party artificial intelligence (AI) services to power nutrition analysis, meal scanning, recipe generation, and voice coaching features. When you use these features, certain data is transmitted to our AI partner (Google) for processing and a response is returned to the app. These processes:

  • Do not produce legal or similarly significant effects
  • Are intended solely for general nutritional guidance
  • Are not medical assessments

10.2 Your Consent and Control

Before any personal data is sent to third-party AI services, the app presents a mandatory consent dialog that:

  • Clearly lists all categories of data that may be shared
  • Identifies each AI partner by name and explains what data each partner receives
  • Requires your explicit action to consent (via "Accept All" or per-category customization)
  • Provides a "Decline" option that disables AI features while keeping all other app features available

You can change your AI data sharing preferences at any time in Settings > AI Data Sharing. You can enable or disable sharing individually for: text queries, food photos, voice data, profile & health data, and meal history.

10.3 Data Protection by AI Partners

Our third-party AI partners provide data protection equivalent to GDPR and CCPA standards:

  • Data is transmitted using encrypted connections (HTTPS/TLS)
  • Data is processed solely for your specific request and is not retained beyond what is necessary
  • Your data is not used to train AI models
  • Processing is governed by each provider's data protection policies and our contractual agreements with them

11. Security Measures

We implement appropriate technical and organizational safeguards, including:

  • Encryption in transit and at rest
  • Secure authentication mechanisms
  • Access controls
  • Monitoring and incident response procedures

12. Cookies

Our LP and App do not use cookies. Umami analytics is cookie-less.

13. U.S. Privacy Rights

13.1 California (CCPA/CPRA)

California residents have rights to access, delete, correct, and limit the use of personal data. We do not sell or share personal information for targeted advertising.

13.2 Other U.S. States

Residents of other states with privacy laws may have similar rights.

13.3 Exercising U.S. Rights

Email cholifyapp@gmail.com with the subject "Privacy Rights Request."

14. Changes to This Privacy Policy

We may update this policy periodically. Significant changes will be communicated via the App, LP, or email.

15. Company & Contact Details

Data Controller: Cholify s.r.o. Bělehradská 858/23, Vinohrady 120 00 Praha 2, Czech Republic

Privacy Contact: 📧 cholifyapp@gmail.com

Supervisory Authority: Úřad pro ochranu osobních údajů, Pplk. Sochora 27, 170 00 Praha 7 — www.uoou.cz

Policy version: 2.1 • Last updated: February 12, 2026