Privacy Policy

Last Updated: March 17, 2026

CarnivOS ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "App"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

1. Information We Collect

We utilize a "Privacy First" approach. Wherever possible, data is processed locally on your device or stored securely associated with your authenticated user ID.

A. Personal Data

We may collect personally identifiable information, such as:

Name / Username
Email address (for authentication and support)
User ID (assigned by our authentication provider)

B. Health and Fitness Data

To provide the core functionality of the App (Carnivore Diet tracking and analysis), we collect:

Body Measurements: Weight, Height, Body Fat Percentage.
Dietary Data: Food intake, nutrient calculations, meal timing.
Lifestyle Data: Sleep hours, sun exposure time, activity levels.
Symptoms: User-reported physical or mental symptoms for analysis.

C. Financial Data

Financial information, such as data related to your payment method (e.g., valid credit card number, card brand, expiration date), is handled by our third-party payment processor (Stripe). We do not store complete financial information on our servers.

D. Technical Data

We may automatically collect certain technical information, including:

Device information (operating system, browser type)
Usage data (feature usage frequency, interaction patterns)
Error logs and crash reports
IP address (for security and fraud prevention purposes only)

2. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal basis for collecting and using the personal information described in this Privacy Policy depends on the data concerned and the specific context:

Contract Performance: Processing necessary to provide you with the App's services (account management, nutrient tracking, subscription management).
Legitimate Interests: Processing necessary for our legitimate interests (improving the App, preventing fraud), provided those interests are not overridden by your rights.
Consent: Where you have given explicit consent (e.g., using AI features that send data to third-party APIs, optional health data collection).
Legal Obligation: Where we need to comply with a legal obligation.

3. Use of Your Information

We use the information we collect to:

Create and manage your account.
Calculate personalized nutrient targets based on your metabolic data.
Analyze your diet and provide AI-driven feedback (e.g., "CarnivOS" insights).
Process payments and manage subscriptions.
Improve the App's algorithms and accuracy.
Respond to customer service requests and support needs.
Send important service-related communications (e.g., subscription status, security alerts).

4. Disclosure of Your Information

We do not sell, trade, rent, or otherwise share your personal health data with third parties for marketing purposes.

We may share information in the following situations:

Service Providers: With third-party vendors who perform services for us (e.g., payment processing via Stripe, database via Supabase, AI processing via Google Gemini). These vendors are obligated to protect your data.
Legal Requirements: If required by law or to respond to legal process.

Third-Party Services

We use the following third-party services:

Supabase: Cloud database and authentication. Your account data and health/nutrition records are stored securely on Supabase infrastructure. See Supabase Privacy Policy.
Stripe: Payment processing for subscriptions. Stripe handles all financial data directly. See Stripe Privacy Policy.
Google Gemini AI: AI-powered features (photo analysis, AI chat, dietary insights). When you use AI features, relevant dietary and nutritional data is sent to the Google Gemini API. AI features are optional; core app functionality works without them. See Google AI Terms of Service.
Web Speech API (Voice Input): When you use the voice input feature, your speech is processed by your browser's built-in speech recognition service. On Chrome, audio is sent to Google's servers for processing. On Safari, audio is sent to Apple's servers. CarnivOS does not store or transmit your audio data directly; however, your browser vendor may process it according to their privacy policy. Voice input is entirely optional. See Google Privacy Policy or Apple Privacy Policy.
Google Analytics: We use Google Analytics to understand how users interact with the App in aggregate. This data is pseudonymised and used solely for improving the App experience. IP addresses are truncated and not stored in full. See Google Privacy Policy.
Vercel: Web hosting and content delivery. See Vercel Privacy Policy.
Sentry (Functional Software, Inc.): Error monitoring and crash reporting. When the App encounters an error, technical details (stack trace, browser version, anonymized user ID) are sent to Sentry to help us diagnose and fix bugs. No personal health data, food logs, or dietary records are sent to Sentry. See Sentry Privacy Policy.

Data Processing Agreements

We maintain Data Processing Agreements (DPAs) or equivalent contractual safeguards with our key third-party service providers, including Supabase, Stripe, and Google, to ensure that your personal data is processed in accordance with applicable data protection laws (including GDPR). These agreements obligate our processors to implement appropriate technical and organizational measures to protect your data and to process it only on our documented instructions.

5. Cookies and Local Storage

The App uses the following technologies to store data on your device:

Local Storage: Used to store your preferences, food logs, and app settings locally on your device for offline functionality. This data remains on your device unless you choose to sync it.
Session Cookies: Used for authentication and maintaining your logged-in session. These are essential for the App to function.
Analytics Cookies: Used by Google Analytics to understand usage patterns. These cookies collect pseudonymised data (device and session identifiers) only.

You can control cookies through your browser settings. Disabling essential cookies may prevent the App from functioning correctly.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States (where Supabase and Stripe infrastructure is located). These transfers are protected by appropriate safeguards, including Standard Contractual Clauses approved by relevant data protection authorities.

7. Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information. Your data is encrypted in transit (TLS/SSL) and at rest where applicable. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

8. Policy for Children

We do not knowingly solicit information from or market to children under the age of 16. The Service is intended for users who are 16 years of age or older. If we learn that we have collected information from a child under 16 without verification of parental consent, we will delete that information as quickly as possible. If you believe we have collected information from a child under 16, please contact us at support@carnivos.app.

9. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Right of Access: Request a copy of your personal information.
Right to Rectification: Correct inaccurate or incomplete personal information.
Right to Erasure: Request deletion of your personal information ("right to be forgotten").
Right to Data Portability: Export your data in a machine-readable format (available via Settings → Data Export).
Right to Restrict Processing: Request that we limit processing of your data under certain circumstances.
Right to Object: Object to the processing of your personal data for certain purposes.
Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.
Right to Lodge a Complaint: File a complaint with your local data protection authority.

To exercise any of these rights, contact us at support@carnivos.app. We will respond to your request within 30 days.

How to Request Data Deletion

To delete some or all of your data without deleting your account:

Open CarnivOS, go to Settings → Others → "Delete Data".
Or contact us via the "Contact Us" section below to request deletion.

To delete your account entirely, use the "Delete Data" option above or the account deletion option in Settings.

Data Retention

Data subject to deletion: Account information (email, etc.), profile, food logs, diary, health/nutrition data, and all technical data stored by the app.

Retention period: Data will be deleted from servers and backups within 30 days of receiving the deletion request. The same applies when an account is deleted.

Exceptions: We may retain certain data where required by law (e.g., financial transaction records for tax compliance) or where necessary to resolve disputes or enforce our agreements.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You have the right to request that we delete any personal information we have collected from you, subject to certain exceptions.
Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

Categories of Personal Information Collected: Identifiers (email, user ID), health/fitness data (body measurements, dietary data, symptoms), internet activity (usage data, device info), commercial information (subscription status).

Categories of Personal Information Disclosed for a Business Purpose: Identifiers and commercial information (to Stripe for payment processing), internet activity (to Supabase for data storage), dietary data (to Google Gemini when AI features are used).

Retention: We retain your personal information for as long as your account is active, or as needed to provide you with the Service. You may request deletion at any time.

To exercise any of these rights, contact us at support@carnivos.app with "California Privacy Request" in the subject line. We will verify your identity and respond within 45 days.

12. State Health Data Privacy Rights

If you reside in Washington State, you may have additional rights under the My Health My Data Act (MHMDA), effective March 31, 2024. This law applies to the collection and sharing of "consumer health data," which may include dietary information, body measurements, symptoms, and biomarker data processed by CarnivOS.

Consent: We collect health data only with your consent, provided through your use of the App's features. You may withdraw consent at any time by discontinuing use or requesting data deletion.
Right to Know: You may request a list of all third parties and affiliates with whom we have shared your health data.
Right to Delete: You may request deletion of your consumer health data at any time.
Geofencing Prohibition: We do not use geofencing technology around healthcare facilities.

To exercise these rights, contact us at support@carnivos.app. We will respond within 30 days.

Residents of other states with health data privacy laws (Connecticut, Nevada, etc.) may also contact us to exercise applicable rights.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons. You are advised to review this Privacy Policy periodically for any changes. For material changes, we will notify you via the App or email.

14. Contact Us

If you have questions or comments about this Privacy Policy, or wish to exercise your data protection rights, please contact us:

Email: support@carnivos.app
In-App: Settings → Feedback / Contact

For privacy-specific inquiries, please include "Privacy Request" in the subject line of your email. We aim to respond to all privacy-related requests within 30 days.

プライバシーポリシー

最終更新日: 2026年3月17日

1. はじめに

CarnivOS（以下「当アプリ」）は、ユーザーのプライバシーを尊重し、個人情報の保護に努めています。本プライバシーポリシーは、当アプリが収集、使用、保護する情報について説明します。

2. 収集する情報

2.1 アカウント情報

当アプリを使用するために、以下の情報を収集する場合があります：

メールアドレス
パスワード（暗号化して保存）

2.2 健康・栄養情報

当アプリの機能を提供するために、以下の情報を収集します：

食事記録（食品名、量、栄養素情報）
体重、体脂肪率
日記（体調、症状など）
プロファイル情報（性別、年齢、体重、活動レベルなど）
血液検査値（任意入力）

2.3 技術情報

当アプリの改善のために、以下の技術情報を収集する場合があります：

デバイス情報（OS、ブラウザ種類など）
使用状況（機能の使用頻度など）
エラーログ

3. 情報の使用目的

収集した情報は、以下の目的で使用します：

アプリの機能提供（栄養素追跡、目標値計算など）
アカウント管理と認証
アプリの改善と新機能の開発
エラーの修正とパフォーマンスの向上
ユーザーサポート

4. 情報の保存と保護

4.1 データの保存

データは以下の方法で保存されます：

ローカルストレージ（ブラウザのローカルストレージ）
Supabase（クラウドデータベース、認証済みユーザーのみ）

4.2 データの保護

当アプリは、以下の方法でデータを保護します：

データの暗号化（転送時および保存時）
認証とアクセス制御
定期的なセキュリティ監査

5. 情報の共有

当アプリは、以下の場合を除き、ユーザーの個人情報を第三者と共有しません：

ユーザーの明示的な同意がある場合
法的義務に基づく場合
アプリのサービス提供に必要な場合（例：Supabase（データベース）、Google Gemini（AI解析）、Stripe（決済処理））

AIサービスについて：当アプリのAI機能（食品写真解析、AIチャット等）を使用する際、食事内容や栄養データがGoogle Gemini APIに送信されます。Googleのデータ取扱いについてはGoogle AI利用規約をご確認ください。AI機能は任意であり、使用しなくてもアプリの基本機能は利用できます。

音声入力について：音声入力機能を使用する際、音声データはブラウザの組み込み音声認識サービスにより処理されます。Chromeではgoogleのサーバーに、SafariではAppleのサーバーに音声が送信されます。当アプリは音声データを直接保存・送信しません。音声入力は任意の機能です。

6. ユーザーの権利

ユーザーは、以下の権利を有します：

個人情報へのアクセス
個人情報の修正
個人情報の削除
データのエクスポート
アカウントの削除

6.1 データの削除をリクエストする方法（CarnivOS）

一部またはすべてのデータを、アカウント削除なしで削除したい場合：

アプリ「CarnivOS」を開き、設定 → Others → 「データ削除」をタップする。
または、本ページの「お問い合わせ」経由で削除を依頼する。

アカウントごと削除する場合も、上記「データ削除」または設定内のアカウント削除から行えます。

6.2 削除・保持されるデータの種類と保持期間

削除対象となるデータ： アカウント情報（メール等）、プロファイル、食事記録・日記・健康・栄養情報、技術情報のうち当アプリが保存しているものすべて。

保持期間： 削除リクエスト受付後、30日以内にサーバーおよびバックアップから削除します。アカウント削除時も同様です。

上記以外の権利行使は、設定画面からアカウントを削除するか、お問い合わせください。

7. クッキーとトラッキング

当アプリは、セッション管理とアプリの機能提供のために、必要最小限のクッキーを使用します。分析クッキー（Google Analytics）は、ユーザーの明示的な同意を得た場合にのみ有効化されます。広告配信は行いません。

8. カリフォルニア州居住者の権利（CCPA/CPRA）

カリフォルニア州に居住するユーザーは、カリフォルニア消費者プライバシー法（CCPA）およびカリフォルニアプライバシー権法（CPRA）に基づき、以下の追加的な権利を有します：

知る権利： 収集された個人情報のカテゴリと具体的な情報を知る権利
削除する権利： 収集された個人情報の削除を要求する権利
訂正する権利： 不正確な個人情報の訂正を要求する権利
販売・共有のオプトアウト： 当アプリはユーザーの個人情報を販売しません。行動ターゲティング広告のための個人情報の共有も行いません。
差別を受けない権利： 本権利の行使を理由とした差別的取扱いは行いません。

権利行使は support@carnivos.app まで、件名に「California Privacy Request」と記載の上ご連絡ください。45日以内に対応いたします。

9. 州健康データプライバシー権

ワシントン州に居住するユーザーは、My Health My Data Act（MHMDA、2024年3月施行）に基づく追加的な権利を有する場合があります。この法律は、食事情報、身体測定値、症状、バイオマーカーデータなど、CarnivOSが処理する「消費者健康データ」の収集・共有に適用されます。

同意： 健康データはアプリ機能の使用を通じたユーザーの同意に基づいてのみ収集します。同意はいつでも撤回できます。
知る権利： 健康データを共有した第三者のリストを要求できます。
削除する権利： 消費者健康データの削除をいつでも要求できます。
ジオフェンシング禁止： 医療施設周辺でのジオフェンシング技術は使用しません。

権利行使は support@carnivos.app までご連絡ください。30日以内に対応いたします。

10. お問い合わせ

プライバシーポリシーに関するご質問やご意見は、設定画面または support@carnivos.app からお問い合わせください。

11. 変更通知

本プライバシーポリシーは、予告なく変更される場合があります。重要な変更がある場合は、アプリ内で通知します。