**Effective Date:** 21 February 2026
**Last Updated:** 28 March 2026
—
## 1. Who We Are
CalmBite is developed and operated by **Yeap Digital**, a company registered in Edinburgh, United Kingdom.
If you have any questions about this Privacy Policy or your personal data, you can contact us at:
**Email:** yeap@yeapdigital.co.uk
**Location:** Edinburgh, United Kingdom
—
## 2. Overview
CalmBite is a mindful eating timer app designed to help you slow down and eat more intentionally. We are committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how we handle it.
**In short:** We collect minimal data. Your meal history stays on your device. We use anonymous analytics to improve the app and third-party services to manage subscriptions. We do not sell your data to anyone.
—
## 3. Data We Collect
### 3.1 Data Stored Locally on Your Device
The following data is stored **only on your device** using local storage and is never transmitted to our servers:
– Meal session history (duration, timestamps, pause counts)
– Pre-meal check-in data (hunger level, current emotion, eating intent)
– Post-meal reflections (eating speed, satisfaction, mood, pace feedback)
– Onboarding profile data (quiz answers, primary goal, age range, current and target weight, meals-per-day commitment)
– Weight tracking log (historical weight entries, if provided)
– App settings and preferences (meal duration, reminder times, haptic and sound preferences)
– Onboarding completion status
– Streak and progress data
This data is not backed up to any cloud service by CalmBite. If you delete the app, this data is permanently removed.
### 3.2 Anonymous Authentication
We use **Firebase Authentication** (by Google) to create an anonymous, randomly generated user identifier when you first open the app. This identifier:
– Contains no personal information (no name, email, phone number, or password)
– Is used solely to link your analytics data and subscription status
– Cannot be used to identify you personally
### 3.3 Analytics and Conversion Tracking Data
We use **Firebase Analytics** (by Google) to collect anonymised usage data, including:
– App opens and screen views
– Feature usage events (e.g., session started, session completed, milestone reached)
– Subscription events (e.g., paywall viewed, purchase completed)
– Settings changes
– Device type, operating system version, and app version
This data is collected in aggregate and cannot be used to personally identify you. We use it solely to understand how the app is used and to improve the experience.
We also attach anonymised profile attributes to your anonymous user identifier for analytics segmentation. These include: identity type (e.g., “fast finisher”), mindful meal score, primary goal, age range, meals-per-day commitment, total meals completed, premium status, and current plan day. **Actual weight values are never sent** — we only record whether the weight fields were filled in (as a yes/no value).
We also use the **Meta (Facebook) SDK** to send anonymised app events (such as app opens, onboarding completion, meal sessions, and subscription purchases) to Meta for the purpose of measuring and optimising our advertising campaigns. When you grant App Tracking Transparency (ATT) permission, Meta may use your device’s advertising identifier (IDFA) to attribute app installs and conversions to specific ad campaigns. If you decline ATT, events are still logged but in an aggregated, anonymous mode and Meta cannot link them to your identity across other apps or websites. No personal information (name, email, etc.) is ever shared with Meta.
### 3.4 Subscription Data
We use **RevenueCat** to manage subscriptions and in-app purchases. When you subscribe to CalmBite Premium, RevenueCat processes your transaction through Apple’s App Store. RevenueCat receives:
– Your anonymous user identifier (from Firebase Authentication)
– Purchase and subscription status (active, expired, trial)
– Transaction receipts (provided by Apple)
– Product identifiers and pricing
RevenueCat does **not** receive your name, email address, or Apple ID. All payment processing is handled by Apple. We do not have access to your payment details (credit card number, billing address, etc.).
For more information, see [RevenueCat’s Privacy Policy](https://www.revenuecat.com/privacy/).
### 3.5 Notifications
CalmBite uses **local notifications** (via Expo Notifications) to send you optional daily meal reminders and post-meal check-ins. These notifications are:
– Scheduled and delivered entirely on your device
– Not sent through any external push notification server
– Fully optional — you can enable or disable them in Settings at any time
We do not collect or store notification tokens, and no notification data is transmitted off your device.
### 3.6 Live Activities
CalmBite uses **iOS Live Activities** to display your meal timer on the Lock Screen and Dynamic Island during an active session. Live Activity data:
– Is processed entirely on your device by iOS
– Is not transmitted to any server
– Is automatically removed when the session ends or the app is closed
### 3.7 App Tracking Transparency (ATT)
After your third completed meal, CalmBite will ask for your permission to track activity across other companies’ apps and websites via Apple’s App Tracking Transparency framework. This is used solely to allow Meta to measure the effectiveness of our advertising campaigns. You can grant or deny this permission at any time. If denied, no advertising identifier is shared, and all analytics continue to function in anonymous/aggregated mode. You can change this setting later in your device’s Settings → Privacy & Security → Tracking.
—
## 4. Data We Do NOT Collect
– **Personal information:** We do not collect your name, email address, phone number, date of birth, or any other personally identifiable information.
– **Health or medical data:** CalmBite is a behavioural wellness tool, not a medical or health app. We do not collect, store, or process health data as defined under Apple’s HealthKit guidelines or applicable health data regulations.
– **Location data:** We do not access or collect your location.
– **Contacts, photos, or files:** We do not access your contacts, camera, photo library, or file system.
– **Advertising identifiers:** If you grant App Tracking Transparency (ATT) permission, we share your device’s advertising identifier (IDFA) with Meta for ad campaign measurement only. We do not serve ads within the app. If you decline ATT, no advertising identifier is shared.
– **User-generated content:** We do not collect or transmit any text, images, or other content you create within the app.
—
## 5. How We Use Your Data
We use the data described above for the following purposes:
| Purpose | Data Used | Legal Basis (GDPR) |
|—|—|—|
| Provide core app functionality | Locally stored meal data | Contract performance |
| Manage your subscription | Anonymous ID, purchase status | Contract performance |
| Improve the app experience | Anonymised analytics events | Legitimate interest |
| Measure ad campaign performance | Anonymised app events, IDFA (if ATT granted) | Consent (ATT) / Legitimate interest (aggregated) |
| Send meal reminders | Local notification preferences | Consent |
| Display session on Lock Screen | Live Activity session data | Contract performance |
—
## 6. Third-Party Services
CalmBite uses the following third-party services, each with their own privacy policies:
| Service | Provider | Purpose | Privacy Policy |
|—|—|—|—|
| Firebase Authentication | Google LLC | Anonymous user identification | [Firebase Privacy](https://firebase.google.com/support/privacy) |
| Firebase Analytics | Google LLC | Anonymised usage analytics | [Firebase Privacy](https://firebase.google.com/support/privacy) |
| RevenueCat | RevenueCat Inc. | Subscription management | [RevenueCat Privacy](https://www.revenuecat.com/privacy/) |
| Meta SDK | Meta Platforms Inc. | Ad conversion tracking and campaign measurement | [Meta Privacy](https://www.facebook.com/privacy/policy/) |
| Expo | Expo (650 Industries) | App framework and notifications | [Expo Privacy](https://expo.dev/privacy) |
| Apple App Store | Apple Inc. | Payment processing | [Apple Privacy](https://www.apple.com/legal/privacy/) |
We do not sell your data to anyone.
—
## 7. Data Retention
– **Local data** (meal history, settings): Retained on your device until you delete the app or reset your data within the app’s Settings screen.
– **Anonymous analytics**: Retained by Firebase for up to 14 months, after which it is automatically deleted. This data cannot be linked to you personally.
– **Ad conversion data**: Retained by Meta in accordance with their data retention policies. This data is anonymised and cannot be linked to you personally unless you granted ATT permission, in which case Meta’s standard retention periods apply.
– **Subscription data**: Retained by RevenueCat and Apple for as long as necessary to manage your subscription and comply with financial record-keeping obligations.
—
## 8. Data Transfers
Your anonymised analytics data may be processed by Google (Firebase) and RevenueCat in the United States. These transfers are protected by:
– **Google:** Standard Contractual Clauses (SCCs) and compliance with the EU-US Data Privacy Framework.
– **RevenueCat:** Standard Contractual Clauses (SCCs).
– **Meta:** Standard Contractual Clauses (SCCs) and compliance with the EU-US Data Privacy Framework.
No personal data (as defined by GDPR) is transferred, as we only transmit anonymous identifiers and aggregated usage events.
—
## 9. Your Rights (UK GDPR & EU GDPR)
As a user in the United Kingdom or European Economic Area, you have the following rights regarding your personal data:
– **Right of access:** Request a copy of any data we hold about you.
– **Right to erasure:** Request deletion of your data.
– **Right to restriction:** Request that we limit how we use your data.
– **Right to object:** Object to our processing of your data based on legitimate interest.
– **Right to data portability:** Receive your data in a portable format.
Since we do not collect personal data that can identify you, most of these rights are satisfied by design. If you wish to exercise any of these rights, or if you have concerns, please contact us at **yeap@yeapdigital.co.uk**.
You also have the right to lodge a complaint with the **Information Commissioner’s Office (ICO)**, the UK’s data protection authority:
– Website: [ico.org.uk](https://ico.org.uk)
– Phone: 0303 123 1113
—
## 10. Children’s Privacy
CalmBite is not directed at children under the age of 13 (or 16 in the UK/EEA). We do not knowingly collect data from children. If you believe a child has used the app and you have concerns, please contact us at **yeap@yeapdigital.co.uk**.
—
## 11. Security
We take reasonable measures to protect your data:
– All meal data is stored locally on your device and is protected by your device’s own security (passcode, Face ID, Touch ID).
– All network communications with third-party services (Firebase, RevenueCat) use industry-standard TLS encryption.
– We do not operate our own servers or databases — there is no central server to breach.
—
## 12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the “Last Updated” date at the top of this policy and, where appropriate, through an in-app notice.
We encourage you to review this policy periodically.
—
## 13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:
**Yeap Digital**
Edinburgh, United Kingdom
**Email:** yeap@yeapdigital.co.uk
—
*This Privacy Policy applies to the CalmBite iOS app published on the Apple App Store by Yeap Digital.*