🛡 Conform cu GDPR (Regulamentul UE 2016/679)
Ultima actualizare: Februarie 2026
1. Cine suntem
ViewCalor AI este o aplicatie de analiza nutritionala bazata pe inteligenta artificiala. Aceasta politica explica cum colectam, folosim si protejam datele tale personale, in conformitate cu Regulamentul General privind Protectia Datelor (GDPR).
2. Ce date colectam
| Tip de date | Exemple | Scop |
|---|
| Date de cont | Username, parola (criptata), nume, email | Autentificare, verificare, resetare parola |
| Date de profil | Varsta, greutate, inaltime, sex, nivel activitate | Personalizare recomandari si calcul TDEE |
| Fotografii cu mancare | Poze incarcate pentru analiza | Analiza AI nutritionala |
| Date nutritionale | Istoric mese, calorii, macronutrienti, jurnal zilnic | Statistici si progres |
| Date de consum apa | Cantitate zilnica | Tracker hidratare |
| Masuratori corporale | Piept, brate, talie, solduri, coapse, gambe (cm) | Monitorizare evolutie corporala |
| Activitate fizica | Tip activitate, durata, calorii arse | Tracker miscare si consum energetic |
| Obiectiv greutate | Greutate tinta, ritm, greutate zilnica | Planificare si monitorizare progres |
| Date notificari push | Endpoint dispozitiv, preferinte (apa, mese, intervale) | Trimiterea notificarilor personalizate |
| Recenzii | Rating (1-5 stele), mesaj optional | Feedback utilizator |
Date sensibile: Datele despre alimentatie, greutate si sanatate sunt considerate date sensibile conform GDPR. Le protejam cu masuri tehnice si organizatorice adecvate.
3. Procesarea AI externa
Fotografiile tale cu mancare sunt trimise catre Google Gemini AI pentru analiza. Aceasta inseamna ca:
- Pozele sunt transmise securizat (HTTPS) catre serverele Google
- Google proceseaza imaginile conform Termenilor Google AI
- Nu trimitem date personale identificabile (nume, email) catre Google AI
- Pozele sunt folosite exclusiv pentru a genera analiza nutritionala
- Nu stocam pozele pe termen lung - sunt procesate si apoi sterse de pe server
4. Temeiul legal pentru procesare (Art. 6 GDPR)
- Consimtamant (Art. 6.1.a) - Ai acceptat aceasta politica la inregistrare
- Executarea contractului (Art. 6.1.b) - Procesarea e necesara pentru furnizarea serviciului
- Interes legitim (Art. 6.1.f) - Imbunatatirea si securizarea serviciului
5. Cum protejam datele tale
- Parolele sunt criptate cu algoritm securizat (hash + salt)
- Comunicatia este protejata prin HTTPS
- Datele sunt stocate pe servere securizate
- Accesul la date este restrictionat la personalul autorizat
- Nu vindem si nu partajam datele tale cu terti (cu exceptia procesarii AI)
6. Drepturile tale (GDPR)
Conform GDPR, ai urmatoarele drepturi:
- Dreptul de acces - Poti solicita o copie a datelor tale
- Dreptul la rectificare - Poti corecta datele incorecte din Profil
- Dreptul la stergere - Poti solicita stergerea contului si datelor
- Dreptul la portabilitate - Poti solicita exportul datelor tale
- Dreptul la opozitie - Poti refuza anumite tipuri de procesare
- Dreptul de retragere a consimtamantului - Poti retrage consimtamantul oricand
Pentru a-ti exercita drepturile, ne poti contacta prin pagina de Contact.
7. Stocarea datelor
- Datele contului sunt stocate cat timp ai cont activ
- Istoricul alimentar, masuratorile corporale, activitatile fizice si obiectivele sunt stocate pe termen nelimitat (cat timp ai cont)
- Fotografiile sunt procesate temporar si nu sunt stocate permanent pe server
- Logurile de securitate (autentificari, incercari esuate) sunt stocate pentru protectia contului
- La stergerea contului, toate datele asociate sunt eliminate permanent (istoric, masuratori, activitati, obiective, setari, abonamente push, recenzii)
8. Transferul datelor in afara UE
Prin utilizarea Google Gemini AI, fotografiile pot fi procesate pe servere Google situate in afara UE. Google are masuri de protectie adecvate conform GDPR (Clauze Contractuale Standard).
9. Cookie-uri si stocare locala
Aplicatia foloseste exclusiv cookie-uri strict necesare pentru functionare. Nu folosim cookie-uri de tracking, publicitate sau analiza.
| Cookie / Stocare | Scop | Durata |
|---|
| access_token | Autentificare (JWT token) | 30 minute |
| refresh_token | Reinnoirea sesiunii | 7 zile |
| csrf_token | Protectie impotriva atacurilor CSRF | Sesiune browser |
| session (Flask) | Sesiune server-side | Sesiune browser |
| localStorage: appTheme | Preferinta tema (light/dark) | Permanent |
| localStorage: appLang | Preferinta limba (RO/EN) | Permanent |
| localStorage: cookiesAccepted | Starea acceptarii cookie-urilor | Permanent |
| localStorage: activeTab | Tabul activ in aplicatie | Permanent |
Poti sterge oricand cookie-urile din setarile browserului. Cookie-urile de autentificare sunt necesare pentru functionarea aplicatiei — fara ele, nu te poti autentifica.
10. Contributii voluntare
Aplicatia ofera optiunea de a sustine dezvoltarea prin contributii voluntare procesate prin Revolut. In legatura cu aceasta functie:
- Nu colectam date financiare (numar card, IBAN, detalii cont bancar)
- Plata se efectueaza exclusiv pe platforma Revolut, sub politicile lor de confidentialitate
- Nu avem acces la detaliile cardului sau contului tau bancar
- Singurele date pe care le putem vedea sunt: numele afisat in Revolut si suma transferata
- Nu conditionam functionalitatile aplicatiei de efectuarea contributiilor
11. Notificari push
Daca activezi notificarile push, stocam urmatoarele date:
- Endpoint-ul dispozitivului — adresa tehnica necesara pentru trimiterea notificarilor
- Chei de criptare — pentru transmiterea securizata a notificarilor
- Preferinte — tipuri de notificari (apa, mese), intervale, ore programate
- Fus orar — pentru trimiterea notificarilor la ore locale corecte
Aceste date sunt stocate exclusiv pe serverul nostru si nu sunt partajate cu terti. Poti dezactiva notificarile oricand din setarile aplicatiei.
12. Minori
Aplicatia nu este destinata persoanelor sub 16 ani. Nu colectam intentionat date de la minori.
13. Modificari ale politicii
Ne rezervam dreptul de a actualiza aceasta politica. Modificarile semnificative vor fi comunicate in Aplicatie.
14. Autoritatea de supraveghere
Daca consideri ca datele tale sunt procesate incorect, poti depune o plangere la ANSPDCP (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal).
Website: www.dataprotection.ro
15. Contact
Pentru orice intrebari legate de confidentialitate sau pentru a-ti exercita drepturile GDPR, ne poti contacta prin pagina de Contact.
🛡 GDPR Compliant (EU Regulation 2016/679)
Last updated: February 2026
1. Who We Are
ViewCalor AI is a nutritional analysis application based on artificial intelligence. This policy explains how we collect, use and protect your personal data, in compliance with the General Data Protection Regulation (GDPR).
2. What Data We Collect
| Data Type | Examples | Purpose |
|---|
| Account data | Username, password (encrypted), name, email | Authentication, verification, password reset |
| Profile data | Age, weight, height, sex, activity level | Personalized recommendations and TDEE calculation |
| Food photographs | Photos uploaded for analysis | AI nutritional analysis |
| Nutritional data | Meal history, calories, macronutrients, daily journal | Statistics and progress |
| Water consumption data | Daily amount | Hydration tracker |
| Body measurements | Chest, arms, waist, hips, thighs, calves (cm) | Body progress tracking |
| Physical activity | Activity type, duration, calories burned | Movement and energy expenditure tracker |
| Weight goal | Target weight, pace, daily weight | Planning and progress tracking |
| Push notification data | Device endpoint, preferences (water, meals, intervals) | Sending personalized notifications |
| Reviews | Rating (1-5 stars), optional message | User feedback |
Sensitive data: Data about diet, weight and health are considered sensitive data under GDPR. We protect them with appropriate technical and organizational measures.
3. External AI Processing
Your food photographs are sent to Google Gemini AI for analysis. This means that:
- Photos are transmitted securely (HTTPS) to Google servers
- Google processes the images according to Google AI Terms
- We do not send personally identifiable data (name, email) to Google AI
- Photos are used exclusively to generate nutritional analysis
- We do not store photos long-term - they are processed and then deleted from the server
4. Legal Basis for Processing (Art. 6 GDPR)
- Consent (Art. 6.1.a) - You accepted this policy at registration
- Contract performance (Art. 6.1.b) - Processing is necessary to provide the service
- Legitimate interest (Art. 6.1.f) - Improving and securing the service
5. How We Protect Your Data
- Passwords are encrypted with a secure algorithm (hash + salt)
- Communication is protected via HTTPS
- Data is stored on secure servers
- Data access is restricted to authorized personnel
- We do not sell or share your data with third parties (except for AI processing)
6. Your Rights (GDPR)
Under GDPR, you have the following rights:
- Right of access - You can request a copy of your data
- Right to rectification - You can correct inaccurate data in your Profile
- Right to erasure - You can request deletion of your account and data
- Right to data portability - You can request export of your data
- Right to object - You can refuse certain types of processing
- Right to withdraw consent - You can withdraw consent at any time
To exercise your rights, you can contact us through our Contact page.
7. Data Storage
- Account data is stored as long as you have an active account
- Food history, body measurements, physical activities and goals are stored indefinitely (as long as you have an account)
- Photos are processed temporarily and are not permanently stored on the server
- Security logs (logins, failed attempts) are stored for account protection
- When you delete your account, all associated data is permanently removed (history, measurements, activities, goals, settings, push subscriptions, reviews)
8. Data Transfer Outside the EU
By using Google Gemini AI, photos may be processed on Google servers located outside the EU. Google has adequate protection measures in compliance with GDPR (Standard Contractual Clauses).
9. Cookies and Local Storage
The App uses strictly necessary cookies only for functionality. We do not use tracking, advertising, or analytics cookies.
| Cookie / Storage | Purpose | Duration |
|---|
| access_token | Authentication (JWT token) | 30 minutes |
| refresh_token | Session renewal | 7 days |
| csrf_token | CSRF attack protection | Browser session |
| session (Flask) | Server-side session | Browser session |
| localStorage: appTheme | Theme preference (light/dark) | Permanent |
| localStorage: appLang | Language preference (RO/EN) | Permanent |
| localStorage: cookiesAccepted | Cookie acceptance state | Permanent |
| localStorage: activeTab | Active tab in application | Permanent |
You can delete cookies at any time from your browser settings. Authentication cookies are required for the app to function — without them, you cannot log in.
10. Voluntary Contributions
The App offers the option to support development through voluntary contributions processed via Revolut. Regarding this feature:
- We do not collect financial data (card number, IBAN, bank account details)
- Payment is made exclusively on the Revolut platform, under their privacy policies
- We do not have access to your card or bank account details
- The only data we may see is: the name displayed in Revolut and the transferred amount
- App functionality is not conditioned on making contributions
11. Push Notifications
If you enable push notifications, we store the following data:
- Device endpoint — the technical address needed to send notifications
- Encryption keys — for secure notification delivery
- Preferences — notification types (water, meals), intervals, scheduled times
- Timezone — to send notifications at the correct local times
This data is stored exclusively on our server and is not shared with third parties. You can disable notifications at any time from the app settings.
12. Minors
The App is not intended for persons under 16 years of age. We do not intentionally collect data from minors.
13. Policy Changes
We reserve the right to update this policy. Significant changes will be communicated in the App.
14. Supervisory Authority
If you believe your data is being processed incorrectly, you can file a complaint with ANSPDCP (the Romanian National Supervisory Authority for Personal Data Processing).
Website: www.dataprotection.ro
15. Contact
For any questions about privacy or to exercise your GDPR rights, you can contact us through our Contact page.