Legal

Privacy Policy

This Privacy Policy explains how LupusDL Co. ("SimCalio", "we", "us", "our") collects, uses, and protects your personal data when you use the SimCalio platform.

Last updated: 19 February 2026 Jurisdiction: Cyprus / European Union (GDPR)

1. Data Controller

Controller Information

LupusDL Co.
Cyprus, European Union
Email: simcalio@dilegardia.com

We are the controller responsible for your personal data under the EU General Data Protection Regulation (GDPR).

2. Data We Collect

We collect only the data necessary to operate SimCalio.

Account data

Email address (authentication / recovery)
Username or identifier
Authentication tokens

Nutrition data

Food entries
Meal history
Macro and micronutrient tracking
Saved foods and favourites

Hydration data

Water intake logs
Hydration reminders (if enabled)

Fitness data

Workouts and exercise logs
Optional uploaded screenshots for OCR parsing

Optional body data

Weight
Body measurements
Fitness goals

Technical data

Device type
Browser type
Log data (security purposes)

3. Health-Related Data

Special category data (GDPR Article 9)

Nutrition and body data may qualify as health-related personal data under GDPR. We process this data only with your explicit consent, or to provide the service you requested.

4. Why We Process Your Data

We use your data to:

Provide nutrition tracking
Calculate macro and micronutrients
Save your history and preferences
Provide workout logging
Operate subscriptions
Maintain security
Improve the service

5. Legal Basis for Processing

Under GDPR, we rely on:

Contract performance — to operate SimCalio
Consent — for health-related data processing
Legal obligation — for billing compliance
Legitimate interests — security and fraud prevention

6. Processors and Third Parties

We use trusted processors:

Infrastructure

Firebase Authentication — login
Firestore Database — secure storage
Cloud hosting providers

Payments

Stripe — payment processing

AI providers

AI services to interpret meal text or images
AI services to generate nutrition summaries

We do not sell your personal data.

7. Data Retention

We retain data only as long as necessary. You can delete your account at any time.

After deletion:

Your personal data is deleted
Except where required for legal compliance (e.g. billing records)

8. Security

We use industry-standard protections:

Encrypted connections (HTTPS)
Secure authentication via Firebase
Access control and role-based security rules
Database security rules preventing cross-user data access

9. Your GDPR Rights

You have the right to:

Access your data
Correct your data
Delete your data
Restrict processing
Data portability
Withdraw consent
File a complaint with the Cyprus Data Protection Authority

To exercise any right, contact us at simcalio@dilegardia.com.

10. AI Processing

SimCalio may use AI to interpret:

Food entries and text descriptions
Images (optional features)

AI outputs may not be perfectly accurate. You remain responsible for decisions based on the data. We do not use your personal data to train external AI models.

11. International Transfers

Some providers may process data outside Cyprus/EU (e.g. Google infrastructure in the US). We use providers with GDPR-compliant safeguards (Standard Contractual Clauses or adequacy decisions).

12. Children

SimCalio is not intended for children under 16 without parental consent. If you believe a child has provided us data without consent, contact us and we will delete it promptly.

13. Contact

Contact

Email: simcalio@dilegardia.com
LupusDL Co., Cyprus, European Union