At GlowUpPal, we believe your personal and health data belongs to you—and only you. We do not operate any servers. All your data is stored exclusively on your device. We cannot access, view, or retrieve your information because we simply don't have it. We don't sell data (we don't have any), we don't use analytics or tracking tools, and we're fully transparent about how the app works.
1. Introduction
Welcome to GlowUpPal ("we," "our," or "us"). GlowUpPal is a personal nutrition coaching application designed to help you track your food intake, monitor your health metrics, and achieve your wellness goals through AI-powered guidance.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"). Please read this Privacy Policy carefully. By using the App, you consent to the data practices described in this policy.
If you do not agree with the terms of this Privacy Policy, please do not access or use the App.
1.1 Data Controller
GlowUpPal is developed and operated by Dondeti Apps. We are the data controller responsible for your personal information under applicable data protection laws. For questions about how we handle your data, please contact us at dondeti.apps@gmail.com.
2. Information We Collect
2.1 Information You Provide Directly
We collect information that you voluntarily provide when using our App:
- Profile Information: Name, age, gender, current weight, height, activity level, and health goals that you enter during profile setup
- Dietary Preferences: Food allergies and cuisine preferences you select to help personalize your nutrition recommendations
- Food Logs: Information about meals you record, including food photos, voice recordings, text descriptions, portion sizes, and meal times
- Communications: Messages you exchange with our AI nutrition coach
2.2 Information Collected Automatically
We collect minimal technical information necessary for app functionality:
- Device Information: Device type and operating system version (used only to ensure app compatibility)
- Performance Data: Local error logs for debugging purposes (stored only on your device, never transmitted)
Important: We do NOT use any analytics SDKs, tracking pixels, or third-party analytics services. We do NOT collect usage patterns, behavioral data, or advertising identifiers.
2.3 Information from Third-Party Services
With your explicit permission, we may receive information from:
- Android Health Connect: Health and fitness data as detailed in Section 3 below
3. Health Connect Data (Android Health Connect Integration)
GlowUpPal integrates with Android Health Connect to provide personalized nutrition recommendations based on your actual health metrics. This integration is entirely optional and requires your explicit consent.
3.1 Health Data Types We Access
When you grant permission, we access the following data from Health Connect. Important: GlowUpPal requests read-only access to Health Connect. We do not write or modify any data in Health Connect.
| Data Type | Purpose | How It's Used |
|---|---|---|
| Steps | Activity Monitoring | Displayed on your dashboard to provide context for your daily activity level alongside your nutrition data. Helps you understand the relationship between movement and caloric needs. |
| Total Calories Burned | Energy Expenditure Calculation | Used to calculate your Total Daily Energy Expenditure (TDEE) and display real-time Energy Balance (Calories In - Calories Out) on your dashboard. This enables accurate, personalized calorie recommendations based on your actual activity level rather than generic estimates. The Energy Balance feature helps users understand whether they are in a caloric deficit or surplus throughout the day. |
| Sleep Data | Holistic Health Insights | Displayed to help you understand how sleep patterns may affect your energy levels, appetite, and nutritional needs, supporting a comprehensive view of your wellness. |
3.2 Background Health Data Access
With your permission, GlowUpPal may access Health Connect data while operating in the background. This functionality is essential for the following core features:
Post-Workout Nutrition Coaching
Our app periodically checks Health Connect for recent exercise sessions. When a workout is detected, we send timely notifications suggesting protein-rich recovery meals to support muscle recovery. This feature requires background access because workouts may occur while the app is closed.
Real-Time Energy Balance
The dashboard displays your current Energy Balance (Calories Eaten minus Calories Burned). Background access ensures this calculation uses your actual calorie burn data from Health Connect, refreshed throughout the day, rather than stale or estimated values. Without background access, your energy balance would only update when you manually open the app.
Reliable Meal Reminders
Background access ensures meal reminder notifications continue functioning even when the app is not actively open. This is essential for users with aggressive battery optimization settings (common on Samsung and other Android devices) that would otherwise prevent timely reminders.
Continuous Data Synchronization
Background access enables the app to sync your latest health metrics (steps, calories burned, sleep) so your dashboard always reflects current data when you open the app.
Important: Background access is used solely for the features described above. We do not collect, transmit, or store your health data on any external servers. All health data remains on your device.
3.3 Our Health Data Commitments
All health data accessed from Health Connect is stored exclusively on your device using encrypted local storage. This data is never transmitted to external servers, never sold or rented to third parties, never used for advertising or marketing purposes, and is used solely to provide the personalized nutrition coaching features within the App.
3.4 Your Control Over Health Data
You maintain complete control over your health data at all times:
- Voluntary Connection: Health Connect integration is entirely optional. The App functions fully without it.
- Granular Permissions: You may grant or deny access to individual data types.
- Revoke Access Anytime: Navigate to Settings → Apps → Health Connect → GlowUpPal on your device to modify or revoke permissions at any time.
- Data Deletion: Clear the App's data or uninstall the App to permanently remove all stored health information from your device.
- No Feature Lock-Out: Revoking Health Connect permissions disables health-related features but does not affect core functionality such as food photo analysis, manual meal logging, or AI chat.
4. How We Use Your Information
We use the information we collect for the following purposes:
4.1 Service Delivery
- Calculate personalized calorie and macronutrient targets based on your profile and activity level
- Analyze food photos to identify items and estimate nutritional content
- Process voice recordings to log meals via speech-to-text
- Track your nutrition intake against daily goals
- Provide personalized nutrition advice through our AI coach
- Send meal reminders and motivational notifications (with your consent)
4.2 Service Improvement
- Review local error logs (stored on your device only) to identify and fix bugs
- Develop new features based on user feedback submitted via email
Note: We do NOT analyze usage patterns or track user behavior. We have no analytics or tracking tools.
4.3 Communication
- Respond to your inquiries and support requests
- Send important updates about the App or this Privacy Policy
4.4 Legal Compliance
- Comply with applicable laws, regulations, and legal processes
- Protect our rights, privacy, safety, or property
5. AI and Data Processing
GlowUpPal utilizes artificial intelligence to deliver its core features. We offer you control over how your data is processed:
5.1 Food Photo Analysis
When you capture a photo of your meal, our AI analyzes it to identify foods and estimate nutritional content. You may choose between:
- Cloud-Based AI (Google Gemini): Photos are transmitted securely via HTTPS to Google's Gemini API for analysis. Important: When you choose this option, your food photos and analysis prompts are sent directly to Google. We do not operate any intermediate servers—data goes directly from your device to Google. Google's handling of this data is governed entirely by Google's Privacy Policy and Gemini API Terms of Service. We have no control over how Google processes, stores, or uses this data.
- On-Device AI: For maximum privacy, you may select our local AI model (Gemma), which processes all data directly on your device. No food photos or data leave your device when using this option.
When you select Cloud AI (Google Gemini), your food photos are transmitted from your device directly to Google's servers. This data leaves your device and is subject to Google's privacy practices, not ours. Google may retain and use data submitted to Gemini API for service improvement and model training as described in their Terms of Service. We have no control over Google's data retention or usage practices. If you want maximum privacy, select On-Device AI instead.
5.2 AI Nutrition Coach
Our chat-based AI coach provides personalized nutrition guidance. When using cloud AI, your messages are sent directly to Google's Gemini API. We do not intercept, store, or process these messages on any server—they go directly from your device to Google's servers. Google's data handling practices apply.
Google Gemini is an independent third-party service operated by Google. We do not control its availability, accuracy, response quality, data handling, or terms of service. By using Cloud AI features, you interact directly with Google's service and agree to Google's terms. We are not responsible for Google's actions, data practices, or service interruptions.
5.3 Voice Processing
Voice recordings for meal logging are processed using on-device speech recognition. Audio recordings are processed locally and are not transmitted to external servers.
5.4 What We Send to AI Services
When you use Cloud AI (Google Gemini), only the following is sent:
- The food photo you captured
- A prompt asking to identify the food and estimate nutrition
- Your cuisine preferences (if you provided them, to improve food identification)
We do NOT send: Your name, age, weight, height, health goals, food allergies, health metrics, chat history, or any personal identifiers.
6. Data Storage and Security
6.1 100% Local Storage - No Servers
GlowUpPal does not operate any servers or cloud infrastructure. We are a fully offline-first application. All your data is stored exclusively on your device:
- Profile Data: Stored locally on your device using encrypted storage
- Food Entries and History: Stored locally on your device
- Health Metrics: Stored locally on your device
- Chat History: Stored locally on your device
- Preferences and Settings: Stored locally on your device
We do not have access to your data. We cannot retrieve, view, or recover your data because it exists only on your device. If you uninstall the app or clear app data, your information is permanently deleted with no possibility of recovery.
6.2 Security Measures
We implement industry-standard security measures to protect your information:
- Local data encryption using Android's security framework (AES-256) and encrypted SharedPreferences
- Secure HTTPS/TLS encryption for any network communications (Cloud AI only)
- No collection or storage of passwords, email addresses, or authentication credentials
- Regular security assessments and updates
While we implement robust security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data, but we are committed to protecting it using commercially reasonable safeguards.
6.3 Data Breach Considerations
Because we do not store your data on servers, a traditional server-side data breach affecting your personal information is not possible from our end.
However, if you use Cloud AI features (Google Gemini), any potential security incidents on Google's infrastructure would be governed by Google's security policies and breach notification procedures.
If we become aware of any security vulnerability in the App itself that could compromise locally-stored data, we will:
- Release an updated version of the App with the fix
- Notify users through the App's update notes
- Provide guidance on protective steps if needed
7. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information to third parties.
Because we do not operate servers, we do not have your data to share. Your data exists only on your device.
7.1 Third-Party AI Services (User-Initiated Only)
If you choose to use Cloud AI features, data is sent directly from your device to Google:
- Google Gemini API: Food photos and chat prompts are sent directly to Google when you use Cloud AI. This is a direct device-to-Google transmission. We do not intercept or have access to this data. Google's data handling is governed by their own privacy policies.
Note: We do not use any analytics services, tracking tools, or data collection SDKs.
7.2 Legal Requirements
Because we do not store your data on servers, we cannot provide your data to law enforcement or government agencies even if requested. Your data exists only on your device and is under your control.
7.3 Business Transfers
In the event of a merger, acquisition, or sale of our business, the App itself may be transferred. However, since we do not store user data on servers, no user data would be transferred as part of such a transaction. Your data remains on your device.
8. Your Rights and Choices
You have the following rights regarding your personal information:
8.1 Access and Portability
You may access your personal data at any time through the App's profile and settings screens. Since your data is stored locally on your device, it is inherently portable and under your control.
8.2 Correction
You may update or correct your profile information at any time through the App's settings.
8.3 Deletion
You may delete your data by:
- Clearing the App's data through your device settings
- Uninstalling the App from your device
- Contacting us at the email address provided below
8.4 Permission Management
You may manage App permissions (camera, microphone, notifications, Health Connect) at any time through your device's settings.
8.5 Opt-Out Options
- Push Notifications: Disable through device settings or within the App
- Cloud AI Processing: Switch to on-device AI processing in App settings
- Health Connect: Revoke permissions through device settings
9. Data Retention
We do not retain any of your data because we do not have servers to store it. Your data exists only on your device.
You control your data retention. You can delete your data at any time by:
- Using the "Clear All Data" option in App Settings
- Clearing App data through your device settings
- Uninstalling the App
Once deleted, your data cannot be recovered because no backups exist anywhere.
10. Children's Privacy
GlowUpPal is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at the email address below. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to remove that information.
11. International Data Transfers
GlowUpPal is operated from the United States. If you are accessing the App from outside the United States, please be aware that:
- Your locally stored data remains on your device in your jurisdiction
- If you use cloud-based AI features, data may be processed in the United States or other countries where Google operates data centers
- By using cloud features, you consent to the transfer and processing of your data in these locations
We ensure that any international transfers comply with applicable data protection laws and implement appropriate safeguards.
12. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions
- Right to Correct: You may request correction of inaccurate personal information
- Right to Opt-Out of Sale: We do not sell personal information. If this changes, we will provide a clear opt-out mechanism
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
- Right to Limit Use of Sensitive Personal Information: You may limit the use of sensitive personal information to purposes necessary to provide the services
Disclosure: In the preceding 12 months, we have not sold or shared any personal information with third parties for cross-context behavioral advertising purposes.
To exercise these rights, please contact us using the information provided in Section 15.
13. European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):
- Right of Access: Request access to your personal data
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing: Request limitation of processing of your data
- Right to Data Portability: Receive your data in a structured, commonly used format
- Right to Object: Object to processing of your personal data
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
- Right to Lodge a Complaint: File a complaint with a supervisory authority
Legal Basis for Processing: We process your personal data based on: (a) your consent, (b) the necessity to perform our contract with you (providing the App services), (c) our legitimate interests in improving and securing our services, and (d) compliance with legal obligations.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:
- We will update the "Last Updated" date at the top of this policy
- For material changes, we will provide prominent notice within the App prior to the changes becoming effective
- We encourage you to review this Privacy Policy periodically
Your continued use of the App after any changes to this Privacy Policy constitutes your acceptance of the updated policy.
15. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We will respond to your inquiry within 30 days.