DefyCals (“the app”, “we”, “us”, “our”) is operated by Defycals Pty Ltd (ACN 699 740 246, ABN 99 699 740 246), a company registered in New South Wales, Australia. Defycals Pty Ltd is the entity responsible for your personal information and is bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This policy explains what personal information we collect, how we use and protect it, who we share it with, and how you can access, correct or complain about it. Our Privacy Officer can be reached at [email protected].
Some of the information above — including health and fitness data, weight, and information you record about what you eat — is “sensitive information” (health information) under the Privacy Act. We collect sensitive information only where it is reasonably necessary to provide the app’s features, and with your consent. You provide that consent by choosing to enter the information, by connecting Apple Health (which is also gated by Apple’s own permission prompt), and by using features such as meal-photo analysis. You can withdraw consent at any time by turning off the relevant feature, disconnecting Apple Health in your device settings, or deleting your account.
We use your information to:
Automated processing. Calorie and macronutrient figures are generated automatically by artificial intelligence from the meal photo you submit. These are estimates and may be inaccurate — they are a starting point for you to review and edit, not a health decision made about you. See our Terms of Service for more.
We do not sell your personal information. We share it only as described here:
If you sign up with a coach code, we share a summary of your progress with that coach so they can support you. You control how much detail is shared using the sharing settings in the app:
Your meal photos are never shared with your coach. If you switch to a different coach, your previous coach immediately loses access to your ongoing progress; messages and files already exchanged remain in your existing message history.
We use trusted service providers to run the app. They may access personal information only to perform services for us, under obligations of confidentiality and security:
| Provider role | What they handle |
|---|---|
| Cloud database, authentication & storage | Your account, synced app data and photos (hosted in Australia — see section 6) |
| AI processing infrastructure | Meal photos, at the moment of analysis, to generate an estimate |
| Diagnostics / crash reporting | Technical crash and error data (no health or meal content) |
| Product analytics | Anonymous usage events (not linked to your identity) |
| Payment processing (coaches only) | Coach subscription billing on our coach website; the app itself takes no payments |
We use trusted third-party AI infrastructure to process meal photos solely to estimate calories and macronutrients. Meal photos are sent only at the moment of analysis. We do not use your meal photos for advertising, and we do not use them to train our own models; we will not permit a third-party provider to use your personal or sensitive information to train its AI without your consent.
Your account, synced app data and photos are stored in Australia (Supabase, Sydney region).
Some of our service providers are located overseas, so providing the service involves disclosing limited personal information outside Australia. In particular, meal-photo AI processing, crash diagnostics and anonymous analytics may be handled by providers in the United States and the European Union, and our content-delivery and security provider operates a global network. Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles it consistently with the Australian Privacy Principles, and we remain accountable for that information. If you do not want your information disclosed overseas, please contact our Privacy Officer — though some features may not be available without it.
We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. These include encryption of data in transit, per-user access controls enforced at the database level, storing your data in Australia, and holding AI credentials only on our server rather than in the app. No system is completely secure, and you are responsible for keeping your device and sign-in access secure.
We keep your personal information only for as long as needed to provide the service and to meet legal obligations. You can delete your account at any time from Settings → Delete Account. When you do, we permanently delete your account and associated data — including synced data and stored photos — and revoke your session, except where we are required or permitted by law to retain certain records. Backups and diagnostic logs are cycled out on a rolling basis.
You can view and edit most of your information directly in the app, and export your data as a CSV file from Settings. You may also ask us to provide access to, or correct, the personal information we hold about you by emailing [email protected]. We may need to verify your identity first. We will respond within a reasonable time, and if we decline access or correction we will tell you why.
We may send you service messages about your account. We will only send you marketing or promotional messages where permitted, and every such message will identify us and include an easy way to opt out, consistent with the Spam Act 2003 (Cth). You can opt out at any time by using the unsubscribe link or by contacting us.
The DefyCals app uses only limited, anonymous product analytics and does not use advertising cookies. Our websites (including our coach billing site) may use cookies for essential functionality and basic analytics; you can control cookies through your browser settings.
DefyCals is intended for people aged 16 and over and is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us information, please contact us and we will delete it.
We maintain procedures to detect and respond to data breaches. If a breach occurs that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme under the Privacy Act.
If you have a privacy concern, please contact our Privacy Officer in writing at [email protected]. We will acknowledge your complaint and aim to resolve it promptly. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner: www.oaic.gov.au, GPO Box 5218, Sydney NSW 2001.
We may update this policy as the app evolves or as the law changes. We will update the “Last updated” date above and, for significant changes, take reasonable steps to notify you.
Defycals Pty Ltd — Privacy Officer
[email protected]