← All Apps
Lumeal - AI Calorie Tracker icon

Lumeal - AI Calorie Tracker

iOS · iOS 17.0 · Released

Privacy Policy

Effective date: 2026-03-25

Summary

Lumeal is an AI-powered nutrition tracking app that uses a local-first architecture with optional cloud sync. Food photos are processed by OpenAI for recognition but are not retained by OpenAI for training. Product barcodes can be scanned and looked up via Open Food Facts and FatSecret. Anonymous analytics are collected via TelemetryDeck, and crash reports via Sentry. HealthKit data is used to read exercise calories, step count, and weight, and to write logged meal nutrition data back to Apple Health — HealthKit data is never stored on servers or shared with third parties. Lumeal does not sell, share, or trade any personal data.

Data Collected

Account Information

  • Apple ID user identifier (via Sign in with Apple)
  • Google account identifier (via Sign in with Google)
  • Email address (if you choose to share it)

Purpose: Authentication and account creation for cloud sync. You may use the app without an account in local-only mode. · Linked to your identity

Profile Information

  • Age, sex, height, weight, target weight
  • Activity level
  • Dietary preferences
  • Language preference

Purpose: Calculating personalized calorie and macronutrient targets based on your goals (lose, gain, or maintain weight). · Linked to your identity

Food Photos

  • Photos taken or selected for meal recognition

Purpose: Photos are sent to our server-side AI processing service (via Supabase Edge Functions) where OpenAI identifies foods and estimates portions. OpenAI does not retain your images for training or any other purpose per our data processing agreement. Photos are stored in your account's secure cloud storage for your meal history. · Linked to your identity

Food & Nutrition Logs

  • Meal records and timestamps
  • Calorie and macronutrient data
  • Corrections to AI-identified foods

Purpose: Tracking daily nutrition intake, displaying meal history, and improving future AI recognition accuracy locally. · Linked to your identity

Weight Logs

  • Weight entries recorded in the app or imported from HealthKit

Purpose: Tracking weight progress toward your goals. May also be read from HealthKit with your permission. · Linked to your identity

Water Logs

  • Water intake amounts and timestamps

Purpose: Tracking daily water intake and hydration goals. · Linked to your identity

Favorite Meals

  • Saved meal templates with food items and nutrition data

Purpose: Quick re-logging of frequent meals. · Linked to your identity

Barcode Scans

  • Product barcodes scanned for nutrition lookup

Purpose: Barcode strings are sent to Open Food Facts and FatSecret for product identification. No user identifiers are transmitted.

AI Correction History

  • Original and corrected food names and portions from AI recognition

Purpose: Stored locally to improve future AI recognition accuracy for your meals.

Achievement Data

  • Streak milestones and dates achieved

Purpose: Stored locally for gamification features and streak tracking.

AI-Generated Tips

  • Cached meal tips, daily summaries, weekly reports, and helpfulness feedback

Purpose: Stored locally to provide and improve personalized nutritional advice.

Usage Analytics

  • Anonymous feature usage and screen views (via TelemetryDeck)

Purpose: Understanding which features are used and identifying bugs. Events tracked include app launches, meal logging, AI feature engagement, and paywall interactions. TelemetryDeck does not collect personal identifiers or IP addresses.

Crash Reports

  • Crash logs, device model, OS version, app state, and app screenshots at time of crash (via Sentry)

Purpose: Diagnosing and fixing crashes to improve app stability. Screenshots may contain visible on-screen information.

HealthKit Data

  • Active energy burned (exercise calories) — read
  • Step count — read
  • Body mass (weight) — read (opt-in toggle in Settings)
  • Dietary calories, protein, carbs, fat, fiber, sodium — write

Purpose: Used solely within the app to calculate calorie targets, track weight and activity progress, and record logged nutrition in Apple Health. HealthKit data is never stored on our servers or shared with third parties. Weight syncing from HealthKit can be toggled on or off at any time in Settings.

Data Not Collected

Lumeal - AI Calorie Tracker does not collect the following:

  • Location data
  • Contacts
  • Browsing history
  • Financial or payment information (purchases handled entirely by Apple)
  • Advertising identifiers

Permissions

HealthKit

Lumeal reads active energy burned, step count, and body mass from HealthKit to calculate calorie targets and track weight and activity progress. Weight syncing is an opt-in toggle in Settings. Lumeal writes logged meal nutrition data (calories, protein, carbs, fat, fiber, sodium) to Apple Health. HealthKit data is never stored on our servers or shared with third parties. You can revoke HealthKit permissions at any time via iOS Settings.

Camera

Used to photograph meals for AI food recognition and to scan product barcodes for nutrition lookup.

Notifications

Used to send reminders and updates about your nutrition tracking, including water intake reminders. You can disable notifications at any time in iOS Settings.

Sign in with Apple

Optional authentication method to enable cloud sync across devices. You may use the app without signing in (local-only mode).

Sign in with Google

Optional authentication method to enable cloud sync across devices. The Google Sign-In SDK (v8.0.0) is embedded and may collect device identifiers per Google's privacy policy. You may use the app without signing in (local-only mode).

Background App Refresh

Used to sync data with the cloud when the app is in the background, ensuring your data is up to date across devices.

Third-Party Services

OpenAIAI food recognition, coaching tips, daily/weekly reports, and smart food swap suggestions. Meal photos, food context, nutrition totals, goal type, correction history, and language preference are sent via Supabase Edge Functions. No user ID, email, or other PII is included. OpenAI does not retain images for training per our data processing agreement.

Privacy Policy

SupabaseAuthentication, data sync, and cloud storage. Account info, food logs, weight/water logs, favorites, corrections, and photos are stored with row-level security (RLS) so only you can access your data.

Privacy Policy

Open Food FactsBarcode-based food lookup. Only the barcode string is transmitted. No user identifiers are sent.

Privacy Policy

FatSecretSecondary barcode-based food lookup. Only the barcode string is transmitted. No user identifiers are sent.

Privacy Policy

TelemetryDeckPrivacy-friendly anonymous analytics. Collects anonymous usage events without personal identifiers or IP addresses.

Privacy Policy

SentryCrash reporting and error tracking. Collects crash logs, device info, app state, and app screenshots to improve app stability.

Privacy Policy

AppleAuthentication (Sign in with Apple) and payment processing (App Store subscriptions). Apple handles all purchase transactions.

Privacy Policy

GoogleAuthentication (Sign in with Google). Only your Google account identifier and, if you choose to share, your email address are received. The Google Sign-In SDK (v8.0.0) is embedded and may collect device identifiers per Google's privacy policy.

Privacy Policy

Data Storage

Lumeal uses a local-first architecture. All data is stored on your device first using SwiftData (SQLite). The app works fully offline. If you sign in with Apple or Google, data is synced to Supabase with row-level security (RLS), meaning only you can access your data. Data in transit is encrypted via TLS/HTTPS. Data at rest is protected by Supabase's encryption at rest. A trial start date is stored in the iOS Keychain to persist across app reinstalls; this contains no personal information.

Data Sharing

Lumeal shares your information only with the service providers listed above, strictly for operating the app. Meal photos and food context are sent to OpenAI (via Supabase Edge Functions) for AI food recognition — no user ID, email, or other PII is included, and OpenAI does not retain images for training. Product barcodes are sent to Open Food Facts and FatSecret for nutrition lookup — no user identifiers are transmitted. Account info, food logs, weight/water logs, favorites, corrections, and photos are synced to Supabase for cloud storage. Anonymous usage events go to TelemetryDeck, and crash reports (including app screenshots) go to Sentry. Lumeal does not share data with advertisers, data brokers, or any other third parties. Lumeal does not sell, rent, or trade your personal information.

Data Retention and Deletion

Your data is retained as long as your account is active. When you delete your account (via Settings > Account > Delete Account), all your data — including food photos in cloud storage — is permanently removed from our servers within 30 days. You can delete all local data at any time via the app's settings, even without an account. Uninstalling the app removes all locally stored data. Anonymous analytics data (TelemetryDeck) and crash reports (Sentry) are retained per each service's own data retention policies and cannot be individually deleted as they contain no personal identifiers.

Your Rights and Choices

You have the right to: access your data (view all data within the app), export your data (export food logs, weight logs, and water logs as CSV, or all data as JSON via Settings > Data Export), correct your data (edit any food log or profile information), delete your data (delete your account and all associated data), and withdraw consent (revoke HealthKit, camera, or notification permissions via iOS Settings). For users in the EU/EEA (GDPR), California (CCPA), or other jurisdictions with data protection laws, we honor all applicable rights including data portability and the right to be forgotten.

Data Security

All data in transit is encrypted via TLS/HTTPS. Cloud data at rest is protected by Supabase's encryption at rest. Row-level security (RLS) ensures only you can access your data. In the unlikely event of a data breach, we will notify affected users promptly and provide guidance on recommended actions.

Ownership Transfer

In the event of a merger, acquisition, or sale of assets, we will notify users before any ownership transfer occurs. Any successor entity will be required to honor the commitments made in this privacy policy. If the new entity's privacy practices differ materially, you will be given the option to delete your data before the transition.

CCPA Compliance

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. Lumeal does not sell personal information. You can delete your account and all associated data at any time as described in the Data Retention and Deletion section. To exercise your CCPA rights or make any data-related request, contact us at yu@anyu.dev.

Children’s Privacy

Lumeal is not intended for children under 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided personal information through the app, please contact us at yu@anyu.dev and it will be promptly deleted.

Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you by posting the new policy in the app and updating the effective date. Your continued use of the app after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy, contact us at yu@anyu.dev.