calmr-legal

Privacy Policy

Effective Date: October 30, 2025
Last Updated: December 2, 2025

This Privacy Policy explains how Iman Khan (“we”, “us”, “our”) collects, uses, and protects information when you use the Calmr mobile application and related services (“the Service”). Calmr provides tools and education to help you reduce emotional overeating.

1) Information We Collect

a) Information you provide

• Account information: email address; name if you provide it; authentication method (Apple, Google, or email/password).
• Profile information: age, goals, and preferences you choose to add.
• Progress entries: check-ins, hunger/satiety inputs (e.g., “Real Hunger” or “Satiety Compass”), pledges, reflections, and optional weight/goal data.
• Support messages: emails or messages you send to us.

b) Automatically collected data

• Device + usage data: device type, OS version, app version, basic diagnostics, and in-app interactions.
• Crash reports: via platform providers (e.g., Apple).
• Local storage/cookies: used only for session management and preferences.

c) Meta SDK (Facebook SDK)

If you allow tracking through Apple’s App Tracking Transparency (ATT) prompt, the Meta SDK may receive:

• App interactions (e.g., feature usage)
• Device identifiers (IDFA only if you grant permission)
• Coarse device information (device type, OS)
• Attribution/installation data

If you decline tracking, Meta SDK receives only non-tracking, privacy-preserving data needed for essential functionality (e.g., install attribution, aggregated analytics).

We do not collect:

• precise location
• contacts
• Apple Health data
• sensitive categories of personal data

We do not sell personal data.

2) How We Use Information

We use the information described above to:

• Provide, personalize, and operate the Service
• Authenticate users and maintain the security of accounts
• Understand app performance and improve reliability
• Communicate with you about updates and support
• Process purchases through Apple (we do not store full payment details)
• Optimize onboarding, retention, and app experience through privacy-compliant analytics
• Optimize ads and measure app install performance using the Meta SDK (only if permitted; see ATT section)
• Comply with legal requirements and enforce our Terms

3) Legal Bases (EEA/UK if applicable)

We rely on performance of a contract (to provide the Service), legitimate interests (e.g., app improvement and security), consent where required (e.g., tracking permissions), and compliance with legal obligations.

4) Sharing of Information

We may share information with:

• Service providers: hosting (e.g., Supabase), backend infrastructure, analytics, email/support tools
• Authentication and platform providers: Apple and Google sign-in
• Payments: Apple App Store for in-app purchases
• Meta (Facebook) SDK: for analytics and ad optimization — only if you grant tracking permission
• Legal reasons: to comply with law, protect rights/safety, or in a business transaction

We do not sell your personal information or share it for cross-context behavioral advertising.

Link to Meta’s data policy

https://www.facebook.com/privacy/policy

5) Data Retention

Data is retained while your account is active and as needed for the purposes described above. When you request deletion, we delete or anonymize data unless retention is required for legal or security reasons (e.g., fraud prevention, dispute resolution).

6) Your Rights

Depending on your region, you may have rights to access, correct, delete, or export your data, object or restrict certain processing, or withdraw consent. To exercise your rights, email imanzkhan26@gmail.com.

7) Your Choices and Account Deletion

• You may update certain information within the app.
• To delete your account and associated data, email “Calmr Account Deletion” to imanzkhan26@gmail.com from your account email.
  We will verify and complete deletion within a reasonable period (typically 30 days).

8) Children’s Privacy

The Service is not intended for children under 13 (or the minimum legal age in your region). We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will delete it.

9) International Transfers

We may store and process data in countries outside your own (e.g., the United States). Where legally required, we use safeguards such as Standard Contractual Clauses.

10) Security

We use reasonable technical and organizational measures to protect data, including encryption in transit, access controls, and secure infrastructure. However, no method of storage or transmission is completely secure.

11) Changes to This Policy

We may update this Policy. We will post the new version here with an updated “Last Updated” date. Material updates may also be communicated in-app.

12) Contact

Operator: Iman Khan
Email: imanzkhan26@gmail.com