Built to Solve. Designed to Scale.

Jerach Technology Ltd

Privacy Officer: Chukwuka Uroko
Contact Email: chuks@jerachtechnology.com

1. Introduction & Scope

Jerach Technology Ltd (“Kcaltrack AI”, “we”, “us”) provides a mobile app (“Kcaltrack AI”) that uses AI to track calories, scan food items (barcode or photo), accept voice input, and offer nutrition advice via chatbot. In compliance with GDPR, CCPA/CPRA, PIPEDA, Australia’s Privacy Act, and other relevant laws, this policy explains how we collect, use, share, and protect your personal data.

2. Data We Collect

a. Account & Profile Data

  • Name, email, birth date, gender (optional), height, weight (for BMI and calorie tracking).
  • These constitute personal data under GDPR (Article 4), CCPA, PIPEDA, and APPs.

b. Health-Related Data

  • Weight, BMI, dietary intake, nutritional goals.
  • Under GDPR and many national laws, this is special category data and sensitive personal data (requires explicit consent). 

c. Voice Data (Biometric + Speech Content)

  • Audio recordings used to log food and spoken entries.
  • The voice recordings and derived voiceprints may be classified as biometric data, under GDPR and CCPA/CPRA definitions.

d. Camera and Image Data

  • Photos of meals or packaged food, barcodes, scanned via Open Food Facts data.
  • Images may include identifiable information; thus treated as personal data when linked to your account.

e. Usage & Device Data

  • Device identifiers, IP address, app usage analytics, timestamps.

f. Chatbot Interactions

  • Nutrition advice logs are processed in real-time; we do not retain chat transcripts at this time.

3. Legal Bases for Processing

– Consent:

We obtain explicit, informed consent before collecting sensitive data such as weight, health metrics, and voice recordings. Consent is revocable at any time.

– Legitimate Interests:

For analytics, app improvements, fraud prevention—we rely on legitimate interests while preserving your rights.

– Compliance with Laws:

Processing as necessary for compliance with legal obligations (e.g., breach notification under PIPEDA, APPs).

4. How We Use Your Data

  • Provide calorie tracking, meal analysis (via open food facts), BMI calculation, and chatbot advice.
  • Improve app features, accuracy of AI analysis, and support personalized functionality.
  • Conduct internal analytics and quality assurance (data anonymized when possible).
  • For legal compliance, audit logs, fraud prevention.

5. Sharing & Third-Party Services

  • Open Food Facts API: For nutritional content lookup. We pass only barcode or image, not user identity.
  • Cloud hosting/service providers: May process data on behalf of Kcaltrack AI under service contracts with limited purposes.
  • We do not sell personal data, including biometric or health data.
  • If required by law enforcement, handled only per legal due process.

6. Data Subjects Rights

Under GDPR / UK GDPR:

  • Right to access, rectify, delete, restrict processing, data portability, objection, including profiling.
  • Right to withdraw consent at any time for voice / health data.

Under CCPA / CPRA (California residents):

  • Right to Know, Delete, Opt-Out of Sale, Non‑Discrimination.
  • Biometric data is explicitly covered and rights apply equally.

Under PIPEDA (Canada):

  • Right to access and correct personal data.
  • Mandatory data breach notification if significant harm is possible.

Under Australia’s Privacy Act (APPs):

  • Right to know why data is collected, who will see it, access and correction.

To exercise any right, contact chuks@jerachtechnology.com.

7. Consent for Biometrics & Voice

Before enabling voice-based logging or analysis, we provide a clear consent prompt explaining:

  • That audio is recorded, processed, and (optionally) stored temporarily.
  • The purpose: logging food, improving voice recognition.
  • That you can revoke consent anytime and delete recordings.

We maintain a record of consent per GDPR Article 7, CPRA and PIPEDA requirements.

8. Data Minimization & Retention

  • We collect only what’s necessary: BMI, basic profile, dietary logs, voice input, nutrition metadata.
  • Raw voice recordings are retained no longer than necessary (e.g. 30 days) unless deleted on request.
  • Once data is anonymized (aggregate analytics), it is no longer linkable and kept longer for product improvement.

9. Security Measures

  • Data is encrypted in transit (TLS) and at rest (AES-256 or similar).
  • Access controls, automated audit logs, regular security assessments.
  • For sensitive/biometric data, we implement strong safeguards compliant with GDPR, CCPA, and CPRA best practice.

10. International Data Transfers

If data is transferred across borders (e.g. cloud servers outside your region), we rely on:

  • Standard Contractual Clauses (GDPR) or equivalent legal safeguards
  • Adequate protections under PIPEDA and Australian law

11. Privacy by Design

We integrate data protection at every stage:

  • Pseudonymization (user IDs replace names in analysis)
  • Differential privacy or anonymization for aggregated insights. 
  • Ongoing Privacy Impact Assessments (PIAs) for high-risk processing (e.g., voice biometrics).

12. Children’s Data

We do not knowingly collect data from anyone under 16 without parental consent. Users must affirm they are of age before signing up.

13. Breach Notification

If a data breach occurs that poses a real risk of harm:

  • EU Supervisory Authority and affected individuals will be notified within 72 hours (GDPR).
  • Under PIPEDA, we will inform Canadian regulator and users.
  • Under CCPA/CPRA, California residents will be notified promptly.

14. Policy Updates

We may update this Privacy Policy to reflect legal or operational changes. Any material changes will be provided via in-app or email notice, with effective date clearly indicated.

15. Contact Us

If you have any questions, requests, or concerns regarding privacy:

Jerach Technology Ltd
Privacy Officer: Chukwuka Uroko
Email: chuks@jerachtechnology.com