CarbWise Privacy Policy

Last updated: May 27, 2025

Important: This policy may be updated from time to time. The Service is provided for informational purposes only and is not intended as medical advice. Always consult healthcare professionals for medical decisions.

1. Who We Are

Testimonio LLC ("CarbWise," "we," "our," or "us") operates the CarbWise mobile application and website (the "Service").

Email: privacy@carbwise.ai

For EU/UK users, we act as the data controller of your personal information.

2. Information We Collect

We may collect the following categories of information when you use our Service:

CategoryExamplesWhen collectedPurpose*
Account DataEmail, display name, authentication identifiersRegistration / sign-inA, B
Profile DataProfile images, preferencesVoluntary uploadA
Usage DataFood photos, estimated nutritional values, location data (if enabled)Service usageA, C, D
Health Data (optional)Health metrics from integrated platformsWhen you authorize integrationA, C, D
Technical DataDevice information, IP addresses, usage logsAutomaticC
Payment DataSubscription status, transaction identifiersSubscription purchaseB
Communication DataSupport messages, feedback, survey responsesWhen you contact usD
Marketing DataEmail preferences, marketing identifiersWith consentE

*Purposes:

  • A = Provide & secure Service
  • B = Billing & subscriptions
  • C = Analytics & diagnostics
  • D = Improve features & support
  • E = Marketing communications (with consent)

We do not collect: Social Security numbers, driver's license numbers, financial account numbers, medical record numbers, or insurance information.

3. How We Use Information

PurposeLegal Basis (GDPR)
Operate, maintain & secure the ServiceContract performance; Legitimate interest
Sync data across your devicesContract performance
Process payments & manage subscriptionsContract performance; Legitimate interest
Provide analytics & insights (with health data consent)Legitimate interest; Consent (for health data)
Improve our algorithms and featuresLegitimate interest
Send service-related communicationsContract performance; Legitimate interest
Send marketing communications (opt-in only)Consent
Detect, prevent, or investigate violationsLegitimate interest
Comply with legal obligationsLegal obligation

3.1 Health Information Disclaimer

Important: We are not a healthcare provider or covered entity under HIPAA. The Service provides estimates for informational purposes only and should not be relied upon for medical decisions. We implement reasonable security measures but cannot guarantee complete security. Health data processing requires your explicit consent, which you may withdraw at any time.

4. Sharing & Disclosure

We do not sell your personal information. We may share information only in the following limited circumstances:

  • Service Providers – Third-party vendors who assist with hosting, analytics, payments, and other business operations under contractual privacy obligations.
  • Legal Compliance – When required by law, court order, or to protect rights, property, or safety.
  • Business Transfers – In connection with merger, acquisition, or asset sale (with advance notice to users).
  • With Your Consent – When you explicitly authorize sharing (e.g., exporting to other health apps).
  • De-identified Data – Aggregated or de-identified information that cannot reasonably identify you.

We do not share identifiable health information with advertisers, insurers, employers, or marketing companies.

5. International Transfers

Your information may be processed and stored in the United States and other countries where our service providers operate. For transfers from the EU/UK, we implement appropriate safeguards including Standard Contractual Clauses and additional security measures as required by applicable law.

6. Data Retention

We retain information as necessary for business operations and legal compliance. Specific retention periods may vary based on data type and applicable requirements:

Data TypeTypical Retention
Account & usage dataWhile account is active plus up to 30 days, then deleted or anonymized
Health dataWhile consent is active, deleted promptly upon withdrawal
Financial recordsAs required by tax and accounting obligations (typically 7 years)
Logs & analyticsUp to 13 months or as needed for security
Marketing dataUntil unsubscribe or 24 months of inactivity

Note: Retention periods may be extended if required by legal obligations or legitimate business needs.

7. Your Rights

JurisdictionYour Rights
GDPR (EU/UK)Access, rectification, erasure, restriction, portability, objection, withdrawal of consent
CCPA/CPRA (California)Know, delete, correct, opt-out of sale/sharing, non-discrimination
Other JurisdictionsRights as provided under applicable local privacy laws

To exercise your rights, email privacy@carbwise.ai with a clear description of your request. We may require identity verification and will respond within applicable timeframes.

EU/UK residents may also lodge complaints with their local data protection authority.

8. Security Measures

We implement reasonable administrative, technical, and physical safeguards, which may include:

  • Encryption of data at rest and in transit
  • Access controls and authentication measures
  • Regular security monitoring and auditing
  • Staff training on privacy and security practices
  • Vendor security requirements and assessments

Important: No security system is completely secure. We cannot guarantee absolute security and are not liable for unauthorized access despite reasonable precautions. Use the Service at your own risk.

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will take steps to delete the information.

10. Third-Party Services

Our Service may contain links to or integrate with third-party websites and services that have their own privacy practices. We are not responsible for the privacy practices of these third parties.

11. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

For material changes, we will provide notice through the Service or by email at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance.

12. Contact Information

Privacy Questions: privacy@carbwise.ai

Data Controller: Testimonio LLC

We aim to respond to privacy inquiries within 30 days (or as required by applicable law).

Disclaimer: This Privacy Policy is provided for informational purposes and does not constitute legal advice. Privacy laws vary by jurisdiction and change over time. For specific legal guidance, consult qualified legal counsel.