Introduction
Calibra ("we", "our", or "the app") is an application for tracking weight and body composition. Your privacy is important to us. This Privacy Policy explains how we handle your data.
Calibra is designed as a local-first application: your raw tracking data (weight, measurements, goals) is stored on your device and never uploaded to external servers in its raw form. Some optional and infrastructure features require minimal server-side metadata, described in detail below.
Data We Collect
The Calibra app may store or process the following data:
Body Data (stored locally on your device)
- Body weight
- Body measurements (waist, hips, neck, thighs, arms)
- Body fat percentage
- Height, age, sex (for metabolic calculations)
Usage Data (stored locally on your device)
- Weight and body composition goals
- App preferences (theme, notifications, etc.)
- Weigh-in history and progress
Purchase Data
- License status (Free/Trial/Pro)
- Promotional codes redeemed (see Purchases & Promo Codes section)
How We Store Data
Local-First Storage
Your raw personal data (weight, measurements, goals, weigh-in history) is stored exclusively on your device using Hive, an encrypted local database. This data is never uploaded to external servers in its raw form.
Firebase Anonymous Authentication
At startup, the app creates an anonymous Firebase authentication session. This provides a pseudonymous backend identifier used solely to:
- Authenticate requests to Calibra's backend functions
- Manage AI feature access, trial quota, and entitlement state
- Enforce abuse-prevention rate limits
This is not a user-facing account. No email, password, or profile information is collected. The anonymous identifier cannot be linked to you personally.
Firebase App Check
The app uses Firebase App Check (Google Play Integrity on Android) to verify that requests originate from an authentic, unmodified copy of the app. This is an integrity attestation mechanism and does not transmit your personal data.
AI Daily Insight (Optional Feature)
Calibra offers an optional AI-powered Daily Insight that provides a short, personalized message about your progress. This feature is gated by access tier (trial or Pro) and is not active for all users.
When you use this feature:
- What stays on your device: Your full tracking history, raw weight entries, and all body data remain stored locally and are never sent to the server in their entirety.
- What is sent to the server: The app computes a minimal, summarized signal payload
and sends it to the Calibra backend. This payload includes an installation-specific identifier
(
aiInstallationId), your locale (language), a content-based signature used for caching (impactSignature), a payload version tag, and summarized context fields such as goal direction, impact verdict, confidence level, trend direction and strength, goal alignment, number of entries, 24-hour weight change, weekly velocity (kg/week), and comparison basis. - Backend processing: The backend uses the summarized payload to generate a natural-language insight via OpenAI's API. The raw payload is not stored long-term; a cached version of the generated message is kept server-side for up to 7 days to avoid redundant API calls.
- Server-side metadata: The backend stores usage metadata (generation count, timestamps) for up to 90 days to manage trial quotas and enforce rate limits.
Purchases & Promo Codes
In-App Purchases
In-app purchases are handled by Google Play. Calibra does not collect or store payment card or payment instrument data. For details, see Google Play's Privacy Policy.
When you purchase Calibra Pro, the following verification metadata is stored on the Calibra backend (Firestore, EU region) to manage your access:
- Purchase tier and source (e.g., "play_purchase")
- Product ID and package name
- Order ID (as provided by Google Play)
- A SHA-256 hash of the purchase token (the raw token is not stored)
- Purchase state and acknowledgment status
- Verification timestamp
Promo Code Redemption
When you redeem a promotional code:
- The promo code and its expiry date are sent to the backend
- If valid, an entitlement record is stored including the promo code, expiry date, and activation timestamp
- This data is retained as needed to manage your access and prevent abuse
Analytics (Firebase)
To improve the application and optimize advertising campaigns, we use Google's Firebase Analytics. Firebase Analytics collects event-level data that may include the following parameters:
Events tracked:
- Screen views
- Onboarding flow (start, step progress, completion, abandon)
- Weight events (weight added — includes the weight value and entry source, weight edited, weight deleted)
- Goal events (goal set, goal reached — includes goal type)
- CSV import/export (import includes entry count)
- Smoothing operations
- Paywall views (includes source)
- Purchase events (Pro purchase, purchase restored)
- Promo code redeemed (includes the promo code)
- AI insight events (success, fallback, error — includes reason/error and source)
- Achievement unlocks (includes achievement ID)
- Theme changes
Device metadata automatically collected by Firebase:
- Device country, language, and type
- App version
Firebase assigns a pseudo-anonymous identifier to each installation. This data is used to understand how the app is used and to improve it. For more information, see Firebase Privacy Policy.
You can disable data collection in your Android device settings (Settings → Google → Ads → Opt out of Ads Personalization).
Operational Notifications
For operational monitoring purposes, the app sends event notifications to the developer via the Calibra backend, which forwards them to Telegram in the following cases:
Installation Notification
When a new user completes initial setup:
- Platform (e.g., "android")
- App version
- Date and time
- Onboarding type selected (e.g., "express" or "advanced")
Purchase Notification
When a Pro purchase is completed:
- Product ID
- Price
- Date and time
These notifications are sent first to the Calibra backend (Cloud Functions, EU region) over HTTPS. The backend authenticates every request via Firebase Auth (anonymous identifier) and Firebase App Check (app integrity verification), then forwards the message to Telegram. They do not contain your name, email, or any personal data you entered in the app. They are used solely to monitor service health and sales activity.
Support & Bug Reports
The app includes a "Report a Problem" feature that allows you to voluntarily send a bug report to the developer. When you choose to use this feature:
- You can write a description of the issue
- The app attaches a log file containing recent debug output from your session
- The log may include app version, device platform, and technical diagnostic information
- The report is sent via your device's email app or share sheet to com.calibra.app@gmail.com
This data is shared only when you explicitly choose to send it. Logs are not transmitted automatically.
Server-Side Data Retention
| Data Type | Retention Period |
|---|---|
| AI cached insights | Up to 7 days |
| AI usage metadata (trial quota) | Up to 90 days |
| Rate-limit counters | 1-hour rolling window |
| Entitlement records (purchase/promo) | Retained as needed to manage access |
| Purchase verification metadata | Retained as needed to manage access |
The Calibra backend runs on Google Cloud (europe-west1 region).
Third-Party Processors
The following third-party services process data on behalf of Calibra:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Google Firebase (Auth, App Check, Analytics, Firestore, Cloud Functions) | Authentication, app integrity, analytics, data storage, backend logic | firebase.google.com/support/privacy |
| Google Play | In-app purchase processing | policies.google.com/privacy |
| OpenAI | AI insight message generation | openai.com/privacy |
| Telegram | Operational notifications (install/purchase alerts) | telegram.org/privacy |
Your Control
You have full control over your local data:
Export
You can export all your data to CSV format at any time through the app settings.
Import
You can import data from CSV files to restore backups or migrate from other apps.
Deletion
You can delete all your local data at any time by:
- Settings → Data Management → Reset Data
- Uninstalling the application
Note: Server-side entitlement and usage metadata is managed by the developer. You can request deletion by contacting com.calibra.app@gmail.com.
Notifications
The app may send you local notifications for:
- Daily weigh-in reminders
- Weekly summary
- Streak at risk alerts
These notifications are completely local and configurable. You can disable them at any time in settings.
Permissions Required
| Permission | Reason |
|---|---|
| Notifications | To send you reminders (optional) |
| Vibration | For haptic feedback in notifications |
| Boot completed | To schedule notifications after device restart |
| Internet access | For AI features, purchase verification, analytics, and app integrity checks |
Security
- Local data is stored in encrypted format using Hive
- Server-side data is stored in Google Cloud (EU region) with Firebase security rules
- Communication with backend functions uses HTTPS and requires both Firebase Auth and App Check
- Purchase tokens are stored as SHA-256 hashes, never in plain text
- No login credentials or passwords are required from you
Children
The app is not intended for children under 13 years old. We do not knowingly collect personal data from minors.
Changes to Privacy Policy
We may update this Privacy Policy occasionally. We will notify you of any significant changes through the app or by updating the date at the top.