CarbWise Privacy Policy
Last updated: May 27, 2025
Important: This policy may be updated from time to time. The Service is provided for informational purposes only and is not intended as medical advice. Always consult healthcare professionals for medical decisions.
1. Who We Are
Testimonio LLC ("CarbWise," "we," "our," or "us") operates the CarbWise mobile application and website (the "Service").
Email: privacy@carbwise.ai
For EU/UK users, we act as the data controller of your personal information.
2. Information We Collect
We may collect the following categories of information when you use our Service:
Category | Examples | When collected | Purpose* |
---|---|---|---|
Account Data | Email, display name, authentication identifiers | Registration / sign-in | A, B |
Profile Data | Profile images, preferences | Voluntary upload | A |
Usage Data | Food photos, estimated nutritional values, location data (if enabled) | Service usage | A, C, D |
Health Data (optional) | Health metrics from integrated platforms | When you authorize integration | A, C, D |
Technical Data | Device information, IP addresses, usage logs | Automatic | C |
Payment Data | Subscription status, transaction identifiers | Subscription purchase | B |
Communication Data | Support messages, feedback, survey responses | When you contact us | D |
Marketing Data | Email preferences, marketing identifiers | With consent | E |
*Purposes:
- A = Provide & secure Service
- B = Billing & subscriptions
- C = Analytics & diagnostics
- D = Improve features & support
- E = Marketing communications (with consent)
We do not collect: Social Security numbers, driver's license numbers, financial account numbers, medical record numbers, or insurance information.
3. How We Use Information
Purpose | Legal Basis (GDPR) |
---|---|
Operate, maintain & secure the Service | Contract performance; Legitimate interest |
Sync data across your devices | Contract performance |
Process payments & manage subscriptions | Contract performance; Legitimate interest |
Provide analytics & insights (with health data consent) | Legitimate interest; Consent (for health data) |
Improve our algorithms and features | Legitimate interest |
Send service-related communications | Contract performance; Legitimate interest |
Send marketing communications (opt-in only) | Consent |
Detect, prevent, or investigate violations | Legitimate interest |
Comply with legal obligations | Legal obligation |
3.1 Health Information Disclaimer
Important: We are not a healthcare provider or covered entity under HIPAA. The Service provides estimates for informational purposes only and should not be relied upon for medical decisions. We implement reasonable security measures but cannot guarantee complete security. Health data processing requires your explicit consent, which you may withdraw at any time.
4. Sharing & Disclosure
We do not sell your personal information. We may share information only in the following limited circumstances:
- Service Providers – Third-party vendors who assist with hosting, analytics, payments, and other business operations under contractual privacy obligations.
- Legal Compliance – When required by law, court order, or to protect rights, property, or safety.
- Business Transfers – In connection with merger, acquisition, or asset sale (with advance notice to users).
- With Your Consent – When you explicitly authorize sharing (e.g., exporting to other health apps).
- De-identified Data – Aggregated or de-identified information that cannot reasonably identify you.
We do not share identifiable health information with advertisers, insurers, employers, or marketing companies.
5. International Transfers
Your information may be processed and stored in the United States and other countries where our service providers operate. For transfers from the EU/UK, we implement appropriate safeguards including Standard Contractual Clauses and additional security measures as required by applicable law.
6. Data Retention
We retain information as necessary for business operations and legal compliance. Specific retention periods may vary based on data type and applicable requirements:
Data Type | Typical Retention |
---|---|
Account & usage data | While account is active plus up to 30 days, then deleted or anonymized |
Health data | While consent is active, deleted promptly upon withdrawal |
Financial records | As required by tax and accounting obligations (typically 7 years) |
Logs & analytics | Up to 13 months or as needed for security |
Marketing data | Until unsubscribe or 24 months of inactivity |
Note: Retention periods may be extended if required by legal obligations or legitimate business needs.
7. Your Rights
Jurisdiction | Your Rights |
---|---|
GDPR (EU/UK) | Access, rectification, erasure, restriction, portability, objection, withdrawal of consent |
CCPA/CPRA (California) | Know, delete, correct, opt-out of sale/sharing, non-discrimination |
Other Jurisdictions | Rights as provided under applicable local privacy laws |
To exercise your rights, email privacy@carbwise.ai with a clear description of your request. We may require identity verification and will respond within applicable timeframes.
EU/UK residents may also lodge complaints with their local data protection authority.
8. Security Measures
We implement reasonable administrative, technical, and physical safeguards, which may include:
- Encryption of data at rest and in transit
- Access controls and authentication measures
- Regular security monitoring and auditing
- Staff training on privacy and security practices
- Vendor security requirements and assessments
Important: No security system is completely secure. We cannot guarantee absolute security and are not liable for unauthorized access despite reasonable precautions. Use the Service at your own risk.
9. Children's Privacy
The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will take steps to delete the information.
10. Third-Party Services
Our Service may contain links to or integrate with third-party websites and services that have their own privacy practices. We are not responsible for the privacy practices of these third parties.
11. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
For material changes, we will provide notice through the Service or by email at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance.
12. Contact Information
Privacy Questions: privacy@carbwise.ai
Data Controller: Testimonio LLC
We aim to respond to privacy inquiries within 30 days (or as required by applicable law).
Disclaimer: This Privacy Policy is provided for informational purposes and does not constitute legal advice. Privacy laws vary by jurisdiction and change over time. For specific legal guidance, consult qualified legal counsel.