SagePlate AI is built on a Privacy-First principle. Your health data is processed locally on your device whenever possible and is never sold to third parties. This policy explains exactly what data we collect, why, and how you can control it.
This Privacy Policy applies to the SagePlate AI mobile application ("App") and related services operated by Canto ("we," "us," or "our"), available at www.canto.ai.kr. By using our App, you agree to the practices described in this Policy.
This Policy is also available in Korean at privacy-policy-ko.html. The Korean version is the authoritative original. In the event of any conflict between the English and Korean versions, the Korean version shall prevail.
Information We Collect
1.1 Information You Provide Directly
- Profile data: Name (optional), date of birth, gender, height, current weight, goal weight, activity level
- Weight records: Weight measurements, date/time, optional notes
- Food diary: Food names, meal types (breakfast/lunch/dinner/snack), portion sizes, calorie and macronutrient data
- Water intake: Daily water consumption records
- Progress photos: Body progress photographs stored exclusively on your device
1.2 Data from Health Platforms (Optional)
With your explicit consent, we may read data from:
- Apple HealthKit (iOS): Body weight records, step count
- Google Health Connect (Android): Body weight records, step count
Integration with health platforms is entirely opt-in. You may disconnect at any time via Settings > Health Integration.
1.3 Data Collected Automatically
- Device information: Device model, operating system version, app version, language/locale setting
- Usage data: Feature interaction logs (anonymized)
- Step count: Pedometer data collected via on-device sensors (not uploaded to our servers)
1.4 Information We Do NOT Collect
- We do not collect your email address or require account registration
- We do not access your contacts, photos library (beyond selected progress photos), microphone, or location
- We do not collect or store food photos on our servers — AI processing is described in Section 4
- We do not collect financial information directly — payments are processed by Apple App Store or Google Play
How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide core app functionality (weight tracking, food diary, charts) | Weight, food, water records; profile data | Explicit Consent (GDPR Art. 9(2)(a)) — health-adjacent data; in-app consent obtained at onboarding |
| AI food recognition and nutritional estimation | Food photos (processed and deleted immediately) | Explicit Consent (GDPR Art. 9(2)(a)) — health-adjacent data requiring separate opt-in |
| Display personalized charts and statistics | Weight and food entry history | Explicit Consent (GDPR Art. 9(2)(a)) — health data; consent obtained at onboarding |
| Health platform synchronization | Weight data from HealthKit / Health Connect | Explicit Consent (GDPR Art. 9(2)(a)) — opt-in required before any health data access |
| Subscription management | Purchase records via RevenueCat | Contract performance |
| Non-personalized advertising (Free tier only) | Device advertising ID (frequency control only) | Legitimate interest |
Health Data — Special Notice
We do not sell, rent, or share your health data with third parties for advertising, marketing, or any commercial purpose.
Health and body data (weight, food intake, progress photos, step count) constitutes sensitive personal information. We apply the following protections:
- All health data is stored locally on your device using an encrypted SQLite database
- Data obtained from Apple HealthKit or Google Health Connect is not used for advertising purposes and is not shared with third parties, consistent with Apple HealthKit guidelines and Google Health Connect policies
- Progress photos are stored exclusively in your device's private app directory; they are never uploaded to our servers
Advertising & Health Data Separation
SagePlate AI displays non-personalized banner advertisements on the Free tier via Google AdMob. The following technical guarantee applies:
Device Advertising IDs collected by Google AdMob are strictly isolated from, and never combined with, any data obtained from Apple HealthKit or Google Health Connect. This separation is enforced at the code level: AdMob is initialized independently of all health platform APIs, and no health metrics, identifiers, or usage patterns derived from health data are passed to AdMob or any advertising service.
This guarantee is consistent with Apple App Store Review Guideline 5.1.1(v) and Google Play Health Connect Permission Policy (Limited Use Policy).
Medical Disclaimer
SagePlate AI is a personal wellness tool and is not a medical device. Nutritional information, calorie estimates, and BMI calculations provided by the App are for informational purposes only and do not constitute medical advice. Always consult a qualified healthcare professional before making significant changes to your diet or exercise routine.
AI Food Recognition
When you use the AI Camera feature to photograph food, the following process occurs:
- Your food photo is temporarily encoded and transmitted to Google's Gemini Vision API for food identification and nutritional estimation
- Google's API returns the food name and estimated nutritional data; the image is not stored by Google beyond the processing request
- The recognized food name and nutritional data are stored locally on your device
- The temporary image file is deleted from your device immediately after processing
Food photos are never stored on our servers. Only the resulting nutritional text data (food name, calories, macronutrients) is saved to your local diary.
Accuracy Notice
AI-generated nutritional estimates are approximations based on visual analysis. Actual caloric and macronutrient content may vary based on preparation method, portion size, and recipe variation. We recommend verifying estimates for foods requiring precise tracking.
Google Gemini API — Data Usage Policy
Food image analysis is performed by Google LLC's Gemini Vision API. SagePlate AI uses the Gemini API under a paid billing plan (Tier 1).
Under Google's paid service terms, Google does not use your data — including food images submitted for recognition — to train, fine-tune, or improve its AI/ML models. This is confirmed by Google's Gemini API Additional Terms of Service, which states that data submitted through paid services is not used for model training purposes.
For abuse monitoring purposes only, Google retains API input and output data for 55 days solely to detect and prevent policy violations. This data is not used for AI model training. For further details, see the Google Privacy Policy and Gemini API Terms of Service.
Third-Party Services
We use the following third-party services to operate the App:
| Service | Provider | Purpose | Data Shared |
|---|---|---|---|
| Gemini Vision API | Google LLC (USA) | AI food recognition | Food photos (transient, not stored) |
| USDA FoodData Central | U.S. Dept. of Agriculture (USA) | Nutritional database — Latin-script foods (online) | Search query text only |
| BLS 4.0 (Bundeslebensmittelschlüssel) |
BfR — Federal Institute for Risk Assessment (Germany) | Nutritional database — Latin-script foods (offline, bundled local DB) | None — local database, no network request |
| Open Food Facts API | Open Food Facts (France, open-source community) | Fallback nutritional database — Latin-script foods (online) | Search query text only |
| 식품안전나라 API | Korean Ministry of Food & Drug Safety (Korea) | Korean food nutritional database | Search query text only |
| RevenueCat | RevenueCat Inc. (USA) | Subscription management | Device ID, purchase records |
| Google AdMob | Google LLC (USA) | Non-personalized advertising (Free tier only) | Device advertising ID (frequency control only; no behavioral targeting) |
| Apple HealthKit | Apple Inc. (USA) | Health data sync (opt-in) | Weight, steps data (read/write) |
| Google Health Connect | Google LLC (USA) | Health data sync (opt-in) | Weight, steps data (read/write) |
Each third-party provider is subject to its own privacy policy. We are not responsible for the privacy practices of third-party services. We recommend reviewing their policies for complete information.
Data Sharing & Disclosure
We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:
6.1 Service Providers
We share data with third-party providers listed in Section 5 solely to the extent necessary to operate the App. All providers are contractually required to protect your data and may not use it for their own purposes beyond the services provided to us.
6.2 Legal Compliance
We may disclose personal information when required by law, court order, or government authority, or when necessary to protect the rights, property, or safety of our users or the public.
6.3 Business Transfers
In the event of a merger, acquisition, or sale of all or substantially all of our assets, user data may be transferred as part of the transaction. We will notify users of any such change via the App or email (if provided) and inform them of their options.
6.4 With Your Consent
We may share data for purposes not described in this Policy with your explicit consent.
Data Retention
| Data Type | Retention Period | Notes |
|---|---|---|
| Weight records, food diary, water intake | Until user deletion or account closure | User controls all records; no automatic deletion |
| Progress photos | Until user deletion | Stored locally on device only |
| Food photos (AI processing) | Deleted immediately after AI processing | Never stored on our servers |
| AI inference logs | 90 days, then auto-deleted | For debugging and service improvement only |
| Inactive accounts | Data remains on your device until you delete it | SagePlate AI stores all data locally on your device. No server-side account deletion applies. |
You may delete your data at any time via Settings > Privacy > Delete All Data. Upon deletion, local data is permanently and irreversibly removed from your device.
Your Rights
Regardless of your location, you have the following rights with respect to your personal data:
- Access: View all data we hold about you via Settings > Export Data
- Correction: Edit any data record you entered directly within the App (weight logs, food diary, profile). Data synchronized read-only from Apple HealthKit or Google Health Connect (e.g. step count) must be corrected within those platforms.
- Deletion: Delete all data via Settings > Privacy > Delete All Data
- Export (Portability): Export your data in CSV format via Settings > Export Data. Free tier users may export the most recent 30 days of data. Subscribers can export all data without date restrictions.
- Advertising: SagePlate AI always displays non-personalized ads only. Your data is never used for ad targeting — this is enforced at the code level, not a setting you need to manage.
- Withdraw consent: Disconnect health platform integration at any time via Settings > Health Integration
To exercise any rights not directly available in the App, contact us at bacio0215@gmail.com. We will respond within 30 days.
GDPR — European Union Users
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and applicable national laws apply to your data.
Legal Bases for Processing
We process your data on the following legal bases as outlined in Section 2. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
Your GDPR Rights
- Right to Access (Article 15): All your data is stored locally on your device. You may access it directly within the App at any time.
- Right to Rectification (Article 16): Correct any data you have entered via Settings or directly within the App. Data synchronized read-only from Apple HealthKit or Google Health Connect must be corrected within those platforms.
- Right to Erasure (Article 17): Permanently delete all your data via Settings > Privacy > Delete All Data.
- Right to Data Portability (Article 20): Export your data in CSV format via Settings > Export. EU/EEA users may export all data regardless of subscription tier, in accordance with Article 20.
- Right to Restriction (Article 18): SagePlate AI uses a local-first architecture — your data is not processed on our servers. This right is therefore not applicable in practice. For any concerns, contact us at bacio0215@gmail.com.
- Right to Object (Article 21): The only processing based on legitimate interest is non-personalized advertising (Free tier). SagePlate AI displays non-personalized ads only and never uses your data for behavioral targeting — no further action is required on your part. You may upgrade to a paid subscription to remove ads entirely.
- Right to Lodge a Complaint: You may file a complaint with your national data protection authority (DPA). A list of EU DPAs is available at edpb.europa.eu.
EU Data Transfers
Some of our service providers (Google, RevenueCat) are located in the United States. Data transfers are made pursuant to Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an equivalent level of data protection.
Data Protection Representative
For GDPR inquiries, contact our Data Protection contact at bacio0215@gmail.com.
CCPA — California Users
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you additional rights.
Categories of Personal Information Disclosed to Third Parties (CCPA disclosure requirement — past 12 months)
SagePlate AI stores all health and usage data locally on your device only. Canto does not hold or access this data on any server. The only information transmitted externally is:
- Advertising ID — Device advertising ID transmitted to Google AdMob for frequency control only. No behavioral targeting.
- Subscription & purchase records — Subscription status and purchase receipts transmitted to RevenueCat for subscription validation only.
- Food search query text — Search text only (no personal identifiers) transmitted to USDA FoodData Central API and Open Food Facts API. Transmitted only when searching online.
- Food photos — Transmitted transiently to Google Gemini API for AI food recognition only. Not stored by Google or Canto; immediately discarded after recognition.
Do Not Sell or Share My Personal Information
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
SagePlate AI displays non-personalized ads only. Your data is never used for ad targeting or shared with advertisers for behavioral profiling.This is enforced at the code level — no opt-out action is required on your part.
Your CCPA Rights
- Right to Know: The categories and specific data we transmit to third parties are listed above. All health and usage data remains on your device — Canto does not hold it on any server.
- Right to Delete: Permanently delete all your data via Settings > Privacy > Delete All Data.
- Right to Correct: Edit your data directly within the App (Settings or individual records).
- Right to Opt Out of Sale or Sharing: We do not sell your data. No opt-out action is required — see Do Not Sell or Share My Personal Information above.
- Right to Limit Use of Sensitive Information: Your health data (weight, food intake, body measurements) is stored locally on your device only and is never used for advertising or sold to third parties.
- Right to Non-Discrimination: Exercising any of these rights will not affect your access to the App or subscription pricing.
For questions about this Privacy Policy or to submit a formal CCPA request, contact bacio0215@gmail.com. We will respond within 45 days as required by CCPA.
California "Shine the Light" Law
California Civil Code Section 1798.83 permits users who are California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for direct marketing purposes.
International Data Transfers
SagePlate AI is operated from the Republic of Korea and serves users globally. When you use our App, your data may be transferred to and processed in the United States or other countries where our service providers are located.
Such transfers occur in the following contexts:
- Google Services (Gemini API, AdMob): Data processed in the United States under Google's standard contractual clauses
- RevenueCat: Subscription data processed in the United States
- USDA API: Query text transmitted to U.S. government servers
Korea — Cross-Border Transfer Notice (PIPA Article 28-8)
For Korean users, the following overseas transfer information is provided pursuant to the Personal Information Protection Act (PIPA):
| Recipient | Country | Purpose | Data Items | Transfer Method | Overseas Contact | Retention |
|---|---|---|---|---|---|---|
| Google LLC | United States | AI food recognition, advertising | Food photos (transient), device ID | Encrypted API call via HTTPS/TLS 1.3, triggered at time of user photo submission | privacy@google.com | Immediately deleted after processing |
| RevenueCat Inc. | United States | Subscription management | Device ID, purchase records | Encrypted API call via HTTPS/TLS 1.3, triggered at subscription event | privacy@revenuecat.com | Duration of subscription + 1 year |
Children's Privacy
SagePlate AI is intended for users aged 18 and older across all markets. We apply a uniform minimum age of 18 to ensure compliance with the most protective standard across our target jurisdictions. The following regional legal thresholds apply:
- United States (COPPA): Collection of personal information from users under 13 is strictly prohibited without verifiable parental consent.
- South Korea (PIPA Article 22(5)): Collection of personal information from users under 14 requires mandatory legal guardian consent.
- European Union (GDPR Article 8): The age of digital consent varies by member state (13–16). Users under 16 in applicable EU member states require parental or guardian consent for data processing.
Our uniform 18+ requirement exceeds all of the above thresholds. Age verification is presented during onboarding. If you are under 18, please do not use this App.
If you are a parent or guardian and believe your child has installed the App, please have them delete the App and all associated data via Settings > Privacy > Delete All Data. For further questions, contact bacio0215@gmail.com.
In accordance with COPPA (Children's Online Privacy Protection Act), we do not knowingly collect personal information from any person under the age of 13. If we become aware that a user is under 13, we will take immediate steps to block access and delete any associated data.
Security
We implement the following technical and organizational measures to protect your data:
- Local encryption: Health data stored in an AES-256 encrypted local database (SQLCipher)
- Progress photo encryption: Body progress photos encrypted at the file level using AES-256 with keys stored in iOS Keychain / Android KeyStore
- Secure transmission: All data transmitted to third-party services uses TLS 1.3 encryption
- App-private storage: All local files are stored in the app's private directory, inaccessible to other apps without device root access
- API key protection: Third-party API keys are never embedded in the app binary; they are injected at build time and protected via obfuscation
- Temporary file deletion: Camera-captured food photos are permanently deleted immediately after AI processing
No method of data transmission or storage is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security. In the event of a data breach affecting your rights and freedoms, we will notify you and applicable authorities as required by law.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Display an in-app notification describing the changes
- For significant changes affecting your rights, request your renewed consent where required by law
Your continued use of the App after the effective date of any changes constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically.
Contact Us
Privacy Inquiries
For any questions, requests, or complaints regarding this Privacy Policy or our data practices, please contact us:
Email: bacio0215@gmail.com
Website: www.canto.ai.kr
Response Time: We will respond to all privacy-related inquiries within 30 days (45 days for CCPA requests).
Controller: Canto
Service: SagePlate AI
Package: com.canto.sageplateai