Privacy Policy

Carbly ("we," "our," or "us") operates the Carbly mobile application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our app.

By using Carbly, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the app.

Account Information

When you create an account, we collect your email address, display name, and a hashed version of your password. We never store your password in plain text.

Health & Diabetes Data

To provide personalized bolus suggestions, we collect information you voluntarily provide, including:

• Insulin-to-carb ratio and correction factor
• Target blood glucose range
• Blood glucose readings (if manually entered or synced)
• Food scan results and meal logs

Apple Health Data

If you grant permission, we read and write data to Apple Health, including blood glucose, insulin delivery, carbohydrates, and energy consumed. This data stays on your device and is only shared with Apple Health at your direction.

Photos & Camera

When you use the food scanning feature, images are sent to our servers for AI analysis. Images are processed and then discarded — we do not retain food photos after analysis is complete unless you choose to post them to the community feed.

Usage Data

We collect anonymized usage analytics to improve the app, including screen views, feature usage frequency, and crash reports.

• Provide and personalize the bolus calculator and carb estimates
• Improve the accuracy of our AI food recognition over time
• Process your subscription and manage your account
• Display your posts and profile in the community feed
• Send you important account or service-related notices
• Detect, prevent, and address technical issues

Your data is stored on encrypted servers managed by DigitalOcean. Food images are stored on Wasabi S3-compatible cloud storage with access controls. All data is transmitted over HTTPS/TLS.

Authentication tokens are stored securely on your device using encrypted storage (Expo SecureStore). We use bcrypt for password hashing and JWT for session management.

We do not sell your personal data. We may share data with:

• Anthropic — Food images are sent to Anthropic's Claude API for AI analysis. Images are processed per Anthropic's data usage policies and are not used to train their models.
• Apple — Subscription purchase receipts are verified with Apple's servers.
• Law enforcement — Only if required by law or to protect the safety of our users.

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Withdraw consent for Apple Health integration at any time through your device's Settings
• Export your data in a portable format

To exercise any of these rights, contact us at privacy@carbly.app.

Carbly is intended for users aged 13 and older. Users under 18 should use the app under parental or guardian supervision. We do not knowingly collect information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

Subscriptions are processed entirely through Apple's In-App Purchase system. We do not collect or store credit card numbers or payment method details. We only receive purchase receipts from Apple to verify your subscription status.

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it. Anonymized, aggregated data (e.g., average carb estimates for food items) may be retained indefinitely to improve our AI models.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy in the app and updating the "Last updated" date above. Your continued use of Carbly after changes constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy, please contact us:

• Email: privacy@carbly.app
• Website: carbly.app