Privacy policy

1. Identity of the data controller

Data controller: Cavexo LLC Product: Dalia (iOS application, bundle identifier GetWellCo.Dalia) Official website: https://www.usedalia.com Privacy email: privacy@usedalia.com Legal email: legal@usedalia.com App support: support@usedalia.com Vulnerability reporting: security@usedalia.com Mailing address: [Cavexo LLC address to be completed]

For the purposes of the EU General Data Protection Regulation (GDPR), Cavexo LLC acts as the data controller in relation to the personal data described in this policy.

For the purposes of the California Consumer Privacy Act (CCPA/CPRA), Cavexo LLC acts as a business and the providers listed in section 5 act as service providers unless otherwise noted.

For the purposes of the Mexican Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP), Cavexo LLC acts as the responsable.

2. Executive summary (quick read)

In plain language:

Your health data is stored mainly on your iPhone, not on our servers. This includes glucose, insulin, meals, exercise, profile, and notes.
For food photo analysis and daily insights we use AI services: Google Cloud Vertex AI (Gemini model) and xAI (Grok model). We send the minimum necessary and request your explicit consent before first use.
We do not use your data for advertising. We do not sell information to third parties. We do not build marketing profiles.
Your Apple Health data never leaves your device. We only read it to display it back to you.
You can delete everything at any time from Settings → Privacy and security → Delete data.
We do not ask for email, password, or social media linking. Your account is anonymous.

This section is a friendly summary. The following sections contain the full legal and technical detail.

3. What data we collect

We split information into three blocks based on where it is stored and where it travels.

3.1 Data stored only on your device

This data lives in your iPhone's local database (Core Data) and the system keychain (Keychain). It is not synced with our servers.

3.1.1 Profile data

Name or nickname (optional)
Age or date of birth
Weight and height
Gender (optional)
Type of diabetes or metabolic condition (Type 1, Type 2, gestational, prediabetes, no diagnosis)
Approximate date of diagnosis
Treatment (insulin, oral medication, diet) and monitoring method (CGM, glucometer)
Personal glucose targets (minimum and maximum range)
Preferred meal times

3.1.2 Health and nutrition data

Glucose readings (manual, imported from Apple Health, optionally synced with LibreView or Nightscout)
Meal records: food photo (optional), name, ingredients, estimated macros, glycemic load, time
Insulin doses (manual)
Exercise sessions (manual or imported from Apple Health)
Free-form notes and observations
AI-generated daily insights stored locally
Day-closure history and aggregated metrics

3.1.3 Integration credentials (encrypted in Keychain)

If you connect LibreView: your Abbott account email and password
If you connect Nightscout: the base URL and API_SECRET of your instance
Anonymous Supabase session token

3.1.4 Configuration and preferences

Language (system, Spanish, English)
Visual theme and presentation preferences
Local notifications configuration
CGM sync frequency

3.2 Data collected in our backend (Supabase)

To operate the app and prevent abuse, we store a minimum of information in our backend, hosted by Supabase Inc. (United States).

3.2.1 Anonymous identification

A randomly generated UUID created on your device on first use
A short-lived session token (JWT) to authorize AI calls
We do not request email, password, phone number, or social network linking.

3.2.2 AI usage metadata (no content)

AI model invoked (e.g. gemini-2.5-flash)
Endpoint used and purpose (meal_analysis, day_closure)
Request size in bytes
HTTP response code, error code if applicable
Processing duration
Cryptographic hash of your IP address (not the IP itself, just a derived value)
Timestamp

Important: We do not store the photos sent, the texts, the prompts, or the AI responses. What we record is operational metadata to sustain quotas, offer support, and diagnose errors.

3.2.3 Consent records

Version of Privacy Policy and Terms accepted
Version of Medical Disclaimer acknowledged
Date and time of consent (server-side timestamp)
Consent withdrawal events

3.3 Data sent to third parties for specific functionality

Each of the following transmissions occurs only when you activate or use the corresponding feature and, in the case of artificial intelligence, only after you accept the explicit consent described in section 10.

Function	Provider	What is sent
Food photo analysis	Google Cloud Vertex AI	The JPEG photo and a text prompt
Daily insight generation	xAI Grok	Aggregated figures and JSON context of the day (no photos)
Barcode lookup	Open Food Facts	The scanned barcode number
LibreView sync	Abbott	Your LibreView email and password (directly from your device to Abbott)
Nightscout sync	Your Nightscout instance	URL and `API_SECRET` (directly from your device to your Nightscout)
Apple Health read	Apple Inc.	Local read request; data does not leave the device

The full details of each provider are in section 5.

3.4 Data we do NOT collect

For transparency, we let you know what we never collect:

Advertising identifiers (IDFA)
Precise or approximate geolocation
Contact list
Calendar or reminders
Browsing or search history
Financial information (payments are handled by Apple)
Biometric identifiers
Audio or video recordings
Information about other apps installed on your device
Device fingerprinting

4. How we use your data and legal bases

We process each category of data with an explicit purpose and a specific legal basis under the GDPR.

Data	Purpose	Legal basis (GDPR)
Profile and goals	Personalize the experience, calculate ranges and metrics	Performance of the contract (Art. 6.1.b)
Glucose, insulin, exercise, meals	Show your metabolic day, calculate trends and glycemic load	Explicit consent (Art. 9.2.a, health data)
Food photo	Nutritional analysis via AI when you request it	Explicit consent (Art. 9.2.a)
Aggregated day figures	Generate day-closure narrative	Explicit consent
Anonymous ID and JWT token	Authorize calls and prevent abuse	Legitimate interest (Art. 6.1.f)
AI metadata (model, bytes, status)	Quotas, diagnosis, support	Legitimate interest
IP hash	Abuse detection and per-origin quotas	Legitimate interest
LibreView/Nightscout credentials	Sync the readings you authorize	Explicit consent
Apple Health (read)	Show your metrics in Dalia	Explicit consent
Consent logs	Regulatory compliance	Legal obligation (Art. 7.1 GDPR)

4.1 What we do NOT do with your data

We do not use your data for personalized advertising
We do not sell or rent information to third parties
We do not build marketing profiles
We do not perform reversible "anonymization" to resell
We do not reuse health data for other purposes
We do not train public AI models with your information
We do not combine your information with external databases
We do not transfer your information to affiliated companies for purposes other than those described here

5. Third-party services and artificial intelligence

This section describes in detail each provider with whom we share data to deliver the Service. For each one we indicate: what exact data is sent, where it is processed, for how long, and whether they train models with your information.

5.1 Google Cloud Vertex AI (Gemini model)

Field	Detail
Provider	Google LLC, subsidiary of Alphabet Inc. (United States)
Function in Dalia	Multimodal analysis of food photos to estimate carbs, macros, and glycemic load
What we send	The JPEG photo of the food and a text prompt describing the task
When we send	Only when you confirm the analysis after accepting AI consent
Processing region	`us-central1` or `global` depending on the model (Vertex AI multi-region)
How it is authorized	Service account managed by Cavexo in Supabase Edge Functions; no Google token is exposed in the app
Training policy	Under our Vertex AI Enterprise contract, Google does not use your data to train public models
Retention by Google	Requests may be temporarily stored (typically <30 days) for abuse detection and then deleted; they do not remain in persistent logs for training
Applicable policy	https://cloud.google.com/terms/data-processing-addendum
Transfer mechanism (EU→US)	SCC + EU-US Data Privacy Framework

5.2 xAI (Grok model)

Field	Detail
Provider	X.AI Corp. (United States)
Function in Dalia	Generation of the daily narrative ("day closure") and personalized insight messages
What we send	A JSON object with aggregated daily figures (glucose averages, time in range, number of logged meals, accumulated glycemic load). We do not send photos. We do not send personal identifiers. We do not send credentials.
When we send	Only if you accepted AI consent and requested an insight
How it is authorized	API key managed by Cavexo in Supabase Edge Functions; no secret leaves the client
Training policy	Under our enterprise API account, xAI does not use inputs to train public models
Retention by xAI	Per the enterprise API policy, no content is retained for training
Applicable policy	https://x.ai/legal/privacy-policy
Transfer mechanism (EU→US)	SCC

5.3 Supabase Inc.

Field	Detail
Provider	Supabase Inc. (United States)
Function in Dalia	Complete backend: anonymous authentication, database, edge functions
What we send	Anonymous UUID, AI usage metadata (no payloads), consent logs
Applicable policy	https://supabase.com/privacy
Transfer mechanism (EU→US)	SCC + EU-US Data Privacy Framework

5.4 Apple Inc.

Field	Detail
Function in Dalia	App Store and payment processing (App Store, In-App Purchase), local read of health data (HealthKit), local notifications (UNUserNotificationCenter)
What they receive	Only what Apple manages as part of the platform (purchase data, OS-level device identifiers)
Health data	Apple does not receive your health data from Dalia: HealthKit is a local OS API and the data never leaves your device
Applicable policy	https://www.apple.com/legal/privacy/

5.5 Abbott LibreView (optional integration)

Field	Detail
Provider	Abbott Diabetes Care, Inc.
Activation	Only if you decide to connect your LibreView account from Settings
What we send	Your LibreView email and password, directly from your iPhone to Abbott's API, without passing through our servers
Credential storage	Encrypted in iOS Keychain; they do not leave the device
Known risk	LibreView's API is not officially documented by Abbott. Availability may change without notice. You assume the use of this integration at your own responsibility. This warning is shown explicitly in the app before asking for credentials
Applicable policy	https://www.libreview.com/privacy-policy

5.6 Nightscout (optional integration)

Field	Detail
Nature	Nightscout is an open-source project that you instance yourself on your own infrastructure
What we send	The base URL of your instance and the `API_SECRET`, directly from your iPhone to your Nightscout
Storage	Credentials encrypted in Keychain
Responsibility	The security and availability of your Nightscout instance depends exclusively on you

5.7 Open Food Facts

Field	Detail
Provider	Open Food Facts (nonprofit organization, public database)
Function in Dalia	Lookup of nutritional information by barcode
What we send	The scanned barcode number; no personal or health data
Applicable policy	https://world.openfoodfacts.org/cgi/privacy.pl

5.8 Visual summary of the data flow

   ┌─────────────────┐
   │ Your iPhone     │
   │ • Food photo    │ ── consent accepted ──▶ Supabase Edge Function
   └─────────────────┘                                 │
                                                       ├─▶ Vertex AI (Gemini)
                                                       └─▶ xAI (Grok)
                                                       │
   ┌─────────────────┐                                 │
   │ Your iPhone     │ ◀───── nutritional analysis ────┘
   │ Local Core Data │
   └─────────────────┘

   ┌─────────────────┐ ──── local read ──── ▶ Apple HealthKit
   │ Your iPhone     │                       (does not leave the device)
   │                 │
   │                 │ ─ your credentials ──▶ Abbott LibreView (optional)
   │                 │ ─ your credentials ──▶ Your Nightscout (optional)
   │                 │ ─ barcode ─────────▶ Open Food Facts (optional)
   └─────────────────┘

5.9 No other third parties

To confirm the full list: Dalia does not integrate any other third-party SDK. Specifically, it does not use:

Firebase, Mixpanel, Amplitude, PostHog, Sentry, Crashlytics, or other analytics
Google AdMob, Meta Audience Network, AppLovin, or other ad networks
AppsFlyer, Branch, Adjust, or other Mobile Measurement Partners
Facebook SDK, Google Sign-In, or other social login SDKs
TrueCaller, Twilio, or other communications SDKs

6. Health data and Apple HealthKit

Health data receives reinforced protection in Dalia.

6.1 Apple HealthKit

Dalia requests read-only access to Apple Health for the following types: blood glucose, energy expended, and workouts
Dalia never writes data to Apple Health
Data read from Apple Health never leaves your device. It is not sent to our backend, to Vertex AI, to xAI, or to any third party
You can revoke access at any time from iOS Settings → Privacy → Health → Dalia

6.2 Compliance with Apple guidelines

We comply with App Store guidelines sections 5.1.2(vi) and 5.1.3:

We do not use HealthKit data for advertising or marketing
We do not store personal health information in iCloud
We do not write false or inaccurate data to HealthKit
We do not perform medical research with your data (if we did in the future, it would be under explicit consent and with ethics committee approval)

6.3 Special-category sensitive data

Under Art. 9 of the GDPR, health data is a special category of personal data. We process it exclusively with your explicit consent (Art. 9.2.a) and with the reinforced technical and organizational measures described in section 7.

7. Storage, encryption, and security

7.1 On your device

Database: local Core Data, protected by iOS Data Protection (AES encryption with key derived from your device passcode)
Credentials: system Keychain with class kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
Image cache: local, deleted on data wipe
Process isolation: the app runs in iOS sandbox without access to other apps

7.2 In transit

All calls to our services and to third parties use HTTPS with TLS 1.2 or higher
Active certificate validation
No unencrypted HTTP connections allowed
App Transport Security (ATS) enabled in Info.plist

7.3 In our backend

Encryption at rest managed by Supabase (AES-256)
Database access restricted by Row Level Security (RLS)
Cavexo personnel access limited by roles, audit log enabled
Secrets (API keys for Google, xAI) stored in Supabase Secrets, never in client code
Periodic secret rotation (at least every 12 months)

7.4 OWASP commitment

We strive to mitigate OWASP Mobile Top 10 vulnerabilities. If you discover a vulnerability, contact us at security@usedalia.com. Our responsible disclosure program guarantees:

Acknowledgment within 72 hours
Diagnosis and remediation timeline within 14 days
Recognition of the researcher (with their consent) after the fix is published
We will not initiate legal action against researchers acting in good faith within standard responsible-disclosure rules

7.5 Breach notification

In case of a security breach affecting your personal data:

We will notify you in the app and by email (if you provided one) without undue delay
Under the GDPR, we will notify the competent supervisory authority within 72 hours if the breach poses a risk to your rights
Under CCPA/CPRA, we will comply with applicable notification requirements

8. Retention and deletion

8.1 Data on your device

Data stored on your iPhone remains while the app is installed or until you delete it. When you uninstall the app, iOS automatically removes all local data and associated Keychain credentials.

8.2 Data in our backend

Category	Retention
`ai_request_events` metadata	Maximum 90 days, then deleted automatically
Supabase anonymous account	Active while you use the app
Consent records	5 years (legal obligation to prove consent)
Security and audit logs	12 months

8.3 Deletion on request

You can request the complete deletion of your data at any time from Settings → Privacy and security → Delete data. This action:

Erases all Core Data entities (profile, glucose, meals, insulin, exercise, insights)
Cleans the Keychain (LibreView, Nightscout, Supabase session)
Cleans caches (URLCache, image cache, file cache)
Deletes the anonymous account in Supabase and all associated rows in ai_request_events
Retains only consent records during the minimum legal period, anonymized so they cannot be linked to you

Compliance timeline: local deletion is immediate. Backend deletion completes in less than 30 calendar days from the request.

8.4 Deletion after inactivity

If you do not use Dalia for 24 consecutive months and do not have an active subscription, we may delete your anonymous account and associated metadata. We will notify you in the app before proceeding, with at least 30 days' notice.

8.5 Legal exceptions

We may retain certain information after your deletion request when there is:

A legal obligation to retain (e.g. tax records associated with a purchase)
An active dispute requiring evidence preservation
A need to prevent fraud or misuse

In these cases, we will retain only what is strictly necessary and for the minimum required time.

9. Your rights

We recognize the following rights based on your jurisdiction:

Access (Art. 15): obtain a copy of the data we have about you
Rectification (Art. 16): correct inaccurate or incomplete information
Erasure (Art. 17, "right to be forgotten"): request deletion
Restriction of processing (Art. 18)
Portability (Art. 20): receive your data in structured JSON format
Objection (Art. 21): object to processing based on legitimate interest
Withdrawal of consent (Art. 7.3) at any time, without affecting the legality of prior processing
Not to be subject to automated decisions producing significant legal effects (Art. 22). AI estimates in Dalia do not produce legal decisions; they are informational
Complaint with a supervisory authority: AEPD (Spain), CNIL (France), ICO (UK), Garante (Italy), BfDI (Germany), or your national authority

9.2 Rights under CCPA/CPRA (California, United States)

Right to know what personal information we collect
Right to delete personal information
Right to correct inaccurate information
Right not to be subject to discrimination for exercising your rights
Right to limit the use of sensitive personal information
We do not sell personal information and we never will, so the opt-out-of-sale right does not apply

9.3 Rights under LFPDPPP (Mexico)

ARCO rights: Access, Rectification, Cancellation, and Opposition. Additionally:

Withdraw consent
Limit use or disclosure
Appeal to INAI for unanswered requests

9.4 Rights in other jurisdictions

We recognize analogous rights under local legislations: LGPD (Brazil), Law 19.628 (Chile), Law 1581 of 2012 (Colombia), PDPA (Singapore), Privacy Act (Australia), among others. If you reside in a jurisdiction not mentioned and want to exercise analogous rights, contact us.

9.5 How to exercise your rights

Send an email to privacy@usedalia.com indicating:

The right you want to exercise
Your Dalia anonymous identifier (Settings → Privacy and security → Support ID)
A description of the request
If applicable, evidence supporting your identity (in some cases we may require it to avoid unauthorized access)

We will respond within 30 calendar days. If we need more time (complex cases), we will notify you with a maximum extension of an additional 60 days.

We will not charge you for exercising your rights, except for manifestly unfounded or excessive requests, in which case we could charge a reasonable cost or refuse to act.

9.6 Authorized person

You may designate an authorized person to exercise rights on your behalf. We will ask for verification of authorization.

Dalia lets you manage consent per feature independently. You can enable and disable each from Settings → Privacy and security without affecting others:

Functionality	How to control	Effect if disabled
AI analysis (Vertex + Grok)	Toggle in app	The app keeps working with manual analysis
Apple Health	iOS Settings	Data is not imported automatically; you can still log manually
LibreView	"Disconnect" button in app	Credentials are wiped, no more sync
Nightscout	"Disconnect" button in app	URL/SECRET is wiped, no more sync
Operational telemetry	Toggle in app	No `ai_request_events` are sent
Local notifications	iOS Settings	No reminders are scheduled

10.1 Required acceptances

Three consents are actively requested in the app:

Acceptance of Privacy Policy and Terms of Service during onboarding (one time, with re-acceptance if there are material changes)
Acknowledgment of the Medical Disclaimer during onboarding
AI consent the first time you use a feature that invokes Vertex AI or xAI Grok (separate and independent, with explicit modal)

Each consent is recorded with its version and timestamp, and can be withdrawn at any time.

10.2 Re-acceptance with material changes

If we publish a material new version of this policy, we will notify you in the app and request re-acceptance before continuing to use the affected features.

11. Minors

11.1 Children under 13

Dalia is not directed at children under 13 and we do not knowingly collect data from minors under 13. If we discover that we have received data from a minor under 13 without verifiable parental consent, we will delete it immediately.

If you are a parent or guardian and you believe your child under 13 has provided data to Dalia, contact us at privacy@usedalia.com for immediate deletion.

We comply with the U.S. Children's Online Privacy Protection Act (COPPA) and equivalent norms in other jurisdictions.

11.2 Adolescents 13 to 17

For adolescents between 13 and 17, parental or legal guardian consent is required. The parent or guardian must contact us at privacy@usedalia.com to authorize the use in writing.

Minors' health data receives reinforced protection under Art. 8 of the GDPR: mandatory parental consent, strict minimum retention, and privacy-oriented default configuration options.

11.3 If you are a parent or guardian

To manage data of a minor in your care, write to privacy@usedalia.com attaching a document proving the relationship. You can:

Access the minor's data
Request rectification or deletion
Withdraw consent
Receive periodic usage reports (on request)

11.4 Special ages by jurisdiction

Some jurisdictions define different digital consent ages (e.g., 14 in Spain and Italy, 16 in Germany). We apply the most protective age in case of doubt.

12. International transfers

Some of our providers (Supabase, Google, xAI) are in the United States. When your data leaves the European Economic Area, we protect it through:

Standard Contractual Clauses (SCC) of the European Commission, in their most recent versions
EU-US Data Privacy Framework when the provider is certified
Schrems II analysis documented for each transfer, with assessment of the destination country's legal framework
Encryption in transit and at rest
Minimization: only strictly necessary data is transferred

If you would like a copy of the applicable SCCs or the Schrems II analysis, write to privacy@usedalia.com.

13. Cookies and similar technologies

13.1 In the mobile application

The native app does not use cookies. It uses only iOS local storage (Core Data, UserDefaults, Keychain) described in previous sections.

13.2 On the `usedalia.com` website

Our web uses:

Strictly necessary cookies for the site to function (session, language, cookie banner)
Anonymous analytics cookies (without personal identifiers) to understand aggregate use, only if you accept in the banner

We do not use:

Marketing or advertising cookies
Remarketing pixels
Cross-site trackers
Fingerprinting

You can manage cookies from the consent banner or from your browser configuration.

14. Changes to this policy

When we update this privacy policy:

We will change the "Last updated" date and the semantic version
If changes are material (they affect processing, your rights, or introduce a new provider), we will notify you in the app at least 30 days in advance
We will request express re-acceptance within the app before applying material changes
Minor changes (wording corrections, clarifications) will take effect from the publication date

Active Premium subscribers who do not accept a new version will retain the right of portability access (Art. 20 GDPR) during a reasonable transition period and will be allowed to export their data before any service limitation.

Version history is maintained at https://www.usedalia.com/privacy/history.

15. Contact

Cavexo LLC

Subject	Email
Privacy and rights	privacy@usedalia.com
Legal matters	legal@usedalia.com
App support	support@usedalia.com
Security vulnerabilities	security@usedalia.com

Website: https://www.usedalia.com Mailing address: [Cavexo LLC address to be completed]

Data Protection Officer (DPO): If we are required to designate a DPO under the GDPR or other equivalent norms, their contact will be published in this section. In the meantime, all privacy queries can be directed to privacy@usedalia.com.

16. Medical disclaimer (reference)

Dalia is an educational metabolic and nutritional self-tracking application. Dalia is not a medical device, does not diagnose, treat, prevent, or cure diseases, and does not replace the opinion, diagnosis, or treatment of a healthcare professional.

AI-generated estimates (glycemic load, macros, daily insights) are informational and must be verified against your treatment plan. Never change your medication, insulin doses, or dietary regime without consulting your treating physician first. In case of hypoglycemia, severe hyperglycemia, or emergency, follow your medical plan and contact local emergency services.

The full detail of medical limitations is available in our Medical Disclaimer: https://www.usedalia.com/en/medical-disclaimer

17. Final provisions

17.1 Controlling language

This policy may be available in several languages. In case of conflict between versions, the Spanish version published at https://www.usedalia.com/es/privacy will prevail, except where the imperative law of your jurisdiction requires otherwise.

17.2 Severability

If any provision of this policy is declared invalid, illegal, or unenforceable in any jurisdiction, that provision will not affect the validity of the rest of the document.

17.3 Relationship with other documents

This policy must be read together with:

Terms of Service of Dalia: https://www.usedalia.com/en/terms
Medical Disclaimer of Dalia: https://www.usedalia.com/en/medical-disclaimer

In case of conflict between this Privacy Policy and the Terms of Service regarding the processing of personal data, this Privacy Policy will prevail.

This policy is in effect since May 8, 2026. Version 1.0.0 — Cavexo LLC