Privacy Policy

Effective date: January 15, 2026

1. Who we are (Controller)

This Privacy Policy explains how Cleem (“we”, “us”, “our”) collects and processes information when you use the Cleem website and mobile application (the “Service”).

Controller: Individual Entrepreneur (Sole Proprietor) Faig Novruzov, AGHDAM DISTR., JAVAHIRLI VIL. Contact email: [email protected]

2. What information we collect

Depending on how you use the Service, we may collect:

• Account data: identifiers needed to create/sign in to an account (e.g., email, username), authentication tokens.
• Profile and goals: information you choose to provide such as height, weight, age, activity level, goals, preferences.
• Nutrition diary data: meals, foods, calories/macros, notes, timestamps.
• Images (optional): photos you choose to analyze or attach to entries (if the feature is enabled in the app).
• Health data (optional, Apple Health / HealthKit): if you connect Apple Health, we may read your step count and active energy burned to show activity and progress inside the app. You can grant or revoke Health permissions at any time in iOS.
• Push notification data: your device token (APNs) and notification preferences (e.g., whether push is enabled).
• Device and usage data: device identifiers, IP address, app version, language, timestamps, performance metrics.
• Diagnostics: crash logs and error reports to improve stability.
• Support communications: messages you send to us and the information you choose to share.

3. How we use information

• Provide the Service: create accounts, sync data, show diary and progress, deliver core functionality.
• Health and activity features: if you connect Apple Health, show steps and calories burned in the app and sync them with your account.
• Notifications: deliver push notifications you enable (e.g., reminders, social/chat updates) and route you when you open a notification.
• Improve and secure: monitor reliability, prevent abuse, troubleshoot issues, maintain security.
• Support: respond to requests and provide customer support.
• Payments and subscriptions: enable purchases and manage subscriptions through App Store / Google Play.
• Legal: comply with applicable laws, resolve disputes, enforce our Terms.

4. Legal bases (EEA/UK users)

Where GDPR/UK GDPR applies, we rely on: performance of a contract (providing the Service), legitimate interests (security, analytics, improvement), consent (where required, e.g., certain optional features), and legal obligations.

5. Sharing and disclosures

We may share information with:

• Service providers that process data on our behalf (hosting, databases, and diagnostics/crash reporting, if enabled).
• App stores (Apple / Google) for billing, subscription management, and fraud prevention.
• Apple services such as Apple Push Notification service (APNs) to deliver push notifications, and Apple Health / HealthKit to read health data you authorize.
• Google services if you choose Google Sign‑In (to authenticate you via Google).
• Legal authorities when required by law or to protect rights, safety, and security.
• Business transfers (if the Service is sold/merged), subject to this Policy.

We do not sell your personal data.

5A. AI services, data sent, and your permission

Some optional features (such as AI Chat and food photo analysis) require sending data to third-party AI providers.

When these features are used, the app may send:

• User prompts/messages entered in AI Chat.
• Food photos you choose to analyze, including image content needed for recognition.
• Related nutrition context required to generate responses (for example diary or goal-related nutrition values).

Third-party recipients for these AI features include:

• OpenAI (AI chat and related AI processing).
• Edamam (nutrition and food analysis services).

Before sending data to third-party AI services, the app presents an in-app permission prompt. If you do not grant permission, data is not sent and those AI features will not run.

6. Data retention

We retain personal data as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. You may request deletion of your account and associated data, subject to applicable law.

7. Security

We use reasonable technical and organizational measures to protect data. However, no system is 100% secure. Please use a strong password and keep your device secure.

8. Your rights

Depending on your location, you may have rights to:

• access, correct, delete your personal data;
• object to or restrict certain processing;
• data portability;
• withdraw consent where processing is based on consent.

To exercise rights, contact us at [email protected].

9. Children

The Service is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us personal data, please contact us and we will take steps to delete such information.

10. International transfers

Your information may be processed in countries other than your own. Where required, we use appropriate safeguards for transfers.

11. Cookies (website)

Our website may use essential technical logs and may use cookies for basic functionality. If we add non‑essential analytics cookies, we will provide appropriate notice/choices as required by law.

12. Changes to this Policy

We may update this Privacy Policy from time to time. The updated version will be posted here with a new effective date.

13. Contact

If you have questions about this Privacy Policy, contact us at [email protected].

14. Language

English is the authoritative version of this Privacy Policy. Translations are provided for convenience; in case of discrepancy, the English version prevails.