Privacy Policy
Effective Date: June 30, 2026
Operator: Caliper is operated by Crex Labs LLC, a California limited liability company.
Contact:
1. Overview
Caliper is an iOS app that helps you estimate body composition and track your progress over time. Using photos you take during a guided scan, the app generates estimates of body fat percentage, lean mass, body measurements, and related wellness metrics.
Caliper is a general wellness app. It is not medical advice, a medical device, or a diagnostic or treatment tool. Estimates produced by Caliper are for informational and general wellness purposes only and should not be used as a substitute for professional medical advice, diagnosis, or treatment.
2. Information We Collect
Account and Contact Information
When you create an account, we collect the information needed to authenticate you:
- Email address (if you sign in with email)
- Phone number (if you sign in with phone)
- Apple Sign In identity (if you sign in with Apple; Apple may share your name and a relay email)
- Display name (if you choose to set one)
Profile and Demographic Information
To generate body composition estimates, we collect demographic inputs you provide during each scan:
- Age
- Sex/gender
- Height
- Weight
- Race/ethnicity
These values are used as inputs to our estimation models. Race/ethnicity is collected because body composition research shows it can improve estimate accuracy.
Scan and Body Composition Information
During a scan, the app captures:
- Front and side photos taken through the guided camera flow
- On-device silhouettes extracted from your photos using Apple Vision
- Capture quality signals such as pose scores, capture timing, and device camera capabilities
From your scans, we generate and store:
- Body fat percentage, lean mass percentage, and related composition estimates
- Body measurements (waist, hip, shoulder, arm, and others)
- Shape ratios (waist-to-hip, waist-to-height, shoulder-to-hip)
- Silhouette images used to display your scan results and track visual progress
- Contour data derived from scan masks for progress animation
We also store:
- Weight logs you enter manually or that are recorded during a scan
- Goals you set (such as target body fat percentage or target weight)
- Progress data including trend calculations, projections, and insight cards
- Scan history so you can review past results
Device and Security Information
To secure your account and authenticate API requests, we collect:
- Device fingerprint: a randomly generated, app-scoped identifier stored in your device Keychain. This is not a hardware identifier and cannot be used to identify your device outside of Caliper.
- Session tokens stored securely in your device Keychain for authentication.
Purchase and Subscription Information
Payments for Caliper subscriptions are processed by Apple through the App Store. We do not receive or store your payment card details.
We use RevenueCat to help manage your subscription status. RevenueCat receives your app user identifier and subscription entitlement information from Apple to determine whether you have access to premium features. We store your subscription status (active, expired, canceled) and renewal dates.
Analytics and Product Usage Information
We use Mixpanel for product analytics. Analytics events include actions such as screens viewed, buttons tapped, scan flow steps completed, goal and reminder interactions, and errors encountered. Each analytics event includes:
- A SHA-256 hashed version of your user identifier (not your raw email, name, or phone number)
- A session identifier
- A timestamp
- The event name and associated properties (such as screen name or action type)
Mixpanel automatic event collection is disabled. We do not send your name, email, phone number, or body composition data to Mixpanel.
Feedback and Support Information
If you submit feedback through the in-app feedback prompt, we collect your free-text feedback (up to 200 characters). Feedback is delivered to our team via email through Resend.
What We Do Not Collect
- We do not use a crash reporting SDK (such as Crashlytics, Sentry, or Bugsnag) in the app.
- We do not read from or write to Apple Health (HealthKit).
- We do not read from your photo library, contacts, precise location, or microphone. If you choose to save a generated share image, Caliper may request add-only access to save that image to your photo library. The app uses your device camera only during the guided scan flow to capture the front and side photos you choose to submit.
3. How We Use Information
We use the information we collect to:
- Provide scan analysis and results. Your photos and demographic inputs are sent to our servers, where they are processed by our machine learning pipeline to generate body composition estimates and measurements.
- Operate your account and authenticate you. We use your sign-in credentials, session tokens, and device fingerprint to verify your identity and secure your account.
- Save your scan history, weight logs, goals, and progress. We store your results so you can track changes over time, review past scans, set goals, and view progress insights.
- Manage subscription access. We use subscription status from RevenueCat and Apple to determine which features are available to you.
- Improve app functionality and reliability. We use analytics to understand how the app is used, identify issues, and improve the product.
- Respond to your feedback and support requests.
- Protect against abuse, fraud, or unauthorized access. We use device fingerprints and session validation to secure API requests.
- Comply with legal obligations where applicable.
4. Scan Data and Image Handling
What is captured: During a scan, the app uses your device camera to take a front photo and a side photo. On your device, the app uses Apple Vision to extract a silhouette (person segmentation mask) from each photo. The app also records capture quality signals (pose evaluation scores, timing, device capabilities).
What is uploaded: Your front and side photos, silhouettes, demographic inputs (age, sex, height, weight, race/ethnicity), and capture quality signals are uploaded to our servers for analysis.
How photos are processed: Your photos are sent to our analysis pipeline, which extracts body measurements and generates body composition estimates. In the primary scan flow, your raw photos are processed in memory by our measurement extraction service and are not persisted to long-term storage. Only the resulting measurements, composition estimates, and silhouettes are stored.
Asynchronous processing: After your scan results are returned, our servers may run additional processing (morphology analysis) in the background. For this step, your raw photos are temporarily staged in cloud storage, processed, and then deleted upon completion. The outputs of this processing are derived artifacts (not your original photos) and are stored in your account's cloud storage.
What is stored long-term:
- Silhouette images (stored in cloud storage and used for progress visualization)
- Derived morphology artifacts (not your original photos)
- Body measurements, composition estimates, and scan metadata
- Contour polygon data extracted from scan masks
On your device: The scan SDK does not save your photos, silhouettes, or scan data to your device's local storage. Scan images exist in device memory only during the active scan flow. Silhouette images may be cached temporarily on your device for display purposes.
5. How We Share Information
We share information with the following service providers and partners to operate the app:
| Service Provider | What They Receive | Purpose |
|---|---|---|
| Apple / App Store | Purchase and subscription transaction data | Payment processing and subscription management |
| RevenueCat | App user identifier, subscription entitlement status | Subscription status tracking and premium feature gating |
| Mixpanel | Hashed user identifier, session identifier, product usage events | Product analytics |
| Firebase / Google | Phone number (for phone sign-in), authentication credentials | Phone number verification and authentication |
| Resend | Email address (for email sign-in OTP delivery), feedback text | Email delivery for OTP codes and user feedback |
| Google Cloud Platform | All data processed by our backend services | Cloud infrastructure (compute, storage, database) |
We do not sell your personal information.
We do not share your personal information for cross-context behavioral advertising.
We do not use your information to track you across apps or websites owned by other companies. Both our app manifest and our scan SDK manifest declare NSPrivacyTracking = false and no tracking domains.
6. Analytics and Tracking
We use Mixpanel for product analytics to understand how people use the app and to improve the experience. Analytics events record actions you take in the app (such as screens viewed, scan flow steps, and feature interactions) along with a hashed user identifier and session identifier.
Analytics data is associated with your account through a SHA-256 hash of your user identifier. We do not send your name, email, phone number, body composition results, or photos to our analytics provider.
We do not use analytics data to track you across other apps or websites. We do not use Apple's advertising identifier (IDFA) or participate in cross-app tracking under Apple's App Tracking Transparency framework.
7. Purchases and Subscriptions
Caliper offers a premium subscription that unlocks additional features such as detailed progress insights and data export.
- Payments are processed entirely by Apple through the App Store. We never receive or store your payment card number, billing address, or other payment details.
- RevenueCat helps us manage your subscription entitlement status. RevenueCat receives your app user identifier and subscription event data from Apple (purchase, renewal, cancellation, expiration) so we can determine your access level.
- To manage or cancel your subscription, go to Settings > [your name] > Subscriptions on your iPhone, or visit the App Store. Refund requests are handled by Apple.
8. Data Retention
We retain your information as follows:
| Data Category | Retention |
|---|---|
| Account information (email, phone, name) | Retained while your account is active. Removed (set to NULL) upon account deletion. |
| Scan history, body composition results, measurements, silhouette images, derived artifacts, weight logs, goals, progress data, and related scan/body data | Retained while your account exists. After account deletion, this data may be retained in de-identified form for as long as reasonably necessary for the purposes described in this Privacy Policy. |
| Subscription status | Retained for access control and accounting purposes. |
| Analytics events | Retained by Mixpanel according to Mixpanel's retention policies. |
| Session tokens and authentication state | Invalidated upon sign-out or account deletion. |
9. Account Deletion and Your Choices
Delete Your Account
You can delete your account from within the app: go to the Profile tab and tap "Delete Account." You will be asked to confirm twice before deletion proceeds.
When you delete your account:
- Your personal identity information (email, phone number, Apple identity, display name) is removed from our database.
- Your authentication credentials and active sessions are deleted or invalidated where applicable.
- Your local session and tokens are cleared from your device.
- Your scan history, body composition results, silhouette images, derived artifacts, measurements, weight logs, goals, progress data, and related scan/body data may be retained after account deletion in de-identified form. We may keep an internal record ID with the retained records so we can manage them, but they will no longer be linked to your name, email address, phone number, Apple identity, or active account.
- We may use retained de-identified data for product improvement, model evaluation, safety, abuse prevention, research and development, and improving Caliper's models and services.
- We may retain de-identified scan/body data for as long as reasonably necessary for the purposes described in this Privacy Policy. This is disclosed to you in the app's deletion confirmation dialog before you proceed.
Data Export
Premium subscribers can export their scan history as a CSV file from the Profile tab. Exports are limited to three requests per 24-hour period.
User-Initiated Sharing and Saving
Caliper may allow you to generate shareable images from your scan reports or progress screens. These images are created from information already available in the app and may include Caliper branding, scan dates or comparison date ranges, body composition estimates, weight, body measurements, progress changes, and scan-derived silhouettes, outlines, or contours depending on the options you choose.
Raw scan photos are not included in these share images. Generated share images are created locally for your user-initiated share or save action. Caliper does not upload these generated share images to our backend, host public share links, or automatically post them anywhere.
If you choose to share or save an image using the iOS share sheet, you control the destination. The destination you choose, such as Messages, Mail, AirDrop, Photos, or another installed app or service, may be operated by Apple or a third party and may process the image according to its own terms and privacy policy.
Manage Subscriptions
You can manage or cancel your subscription through Apple's App Store settings on your device.
Contact Us
For any privacy request, including requests to access, correct, or delete your data, contact us at privacy@caliperscan.com.
10. Security
We use reasonable administrative, technical, and physical safeguards to protect your information, including:
- Authentication: Account access is protected by email OTP, Apple Sign In, or phone verification. Session tokens are stored in your device Keychain.
- Device binding: API requests are validated against a device fingerprint tied to your session to prevent unauthorized access.
- Encryption in transit: All communication between the app and our servers uses HTTPS. The app enforces HTTPS in release builds.
- Server infrastructure: Our backend runs on Google Cloud Platform with access controls, IAM policies, and private networking between internal services.
No system is perfectly secure. We cannot guarantee the absolute security of your information, but we are committed to protecting it with industry-standard practices.
11. Children's Privacy
Caliper is intended for adults 18 and older. Our scan flow requires users to provide an age of at least 18 before completing a scan. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly.
12. Data Processing Location
Your information is processed in the United States on Google Cloud Platform infrastructure (primarily the us-west1 region). Our service providers (Apple, RevenueCat, Mixpanel, Firebase, Resend) may process data in their own facilities, which may be located in the United States or other countries. By using the app, you acknowledge that your information may be transferred to and processed in the United States.
13. California and U.S. Privacy Rights
To the extent applicable under the California Consumer Privacy Act (CCPA) or California Privacy Rights Act (CPRA), California residents may have the right to:
- Know what personal information we collect, use, and disclose.
- Delete personal information we hold (subject to certain legal exceptions).
- Opt out of the sale of personal information. We do not sell your personal information.
- Non-discrimination for exercising your privacy rights.
To make a privacy request, contact us at privacy@caliperscan.com. We will verify your identity before processing your request.
We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the Effective Date at the top of this page. If we make material changes, we may also notify you through the app. We encourage you to review this policy periodically.
15. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Privacy inquiries: privacy@caliperscan.com
- General support: support@caliperscan.com
- Address: Crex Labs LLC, 2108 N ST STE N, Sacramento, CA 95816, United States