Legal

Privacy Policy.

Effective Date: April 14, 2026  ·  Last Updated: April 14, 2026

The short version: Orelo uses your iPhone camera to recognize food. Most scans stay on your device via Apple Vision and our custom Core ML model. When cloud AI is needed, photos go to Anthropic’s Claude API for analysis — they’re not used to train models or sold. Your meals sync through your own iCloud account, not our servers. We do not collect your location, contacts, or any other app data. No advertising. No selling. Your health data is yours.

Orelo (“we,” “our,” or “us”) respects your privacy. This Privacy Policy explains what information we collect when you use the Orelo iOS app, how we use it, who we share it with, and the choices you have.

By using Orelo, you agree to this policy. If you don’t agree, don’t use the app.

01 Information We Collect

Information You Provide

  • Health and nutrition preferences you enter in the app — dietary restrictions, fitness goals, weight, daily targets.
  • Meal descriptions, food photos, and barcodes you submit for analysis.
  • Workout data you log manually or via routines.
  • Support communications — if you email us at support@getorelo.com.

Information Collected Automatically

  • Camera images: When you scan a meal or a store shelf, Orelo captures a photo to perform nutritional analysis. Photos are processed as described in Section 2.
  • Photo library access: If you choose to analyze a photo already on your phone, Orelo reads only the photos you explicitly select.
  • Apple HealthKit data (with your permission): Orelo can read activity, weight, and related metrics, and can write nutrition, water, and workout data. You control this in iPhone Settings → Privacy → Health.
  • Device and usage data: Device model, iOS version, app version, crash logs, and in-app events such as which features you use. Collected via Google Firebase Analytics using pseudonymous identifiers.
  • Subscription and receipt data: Handled by Apple. We receive a transaction confirmation from Apple but do not see your payment details.

Information We Do Not Collect

  • Precise or approximate location. Orelo does not use location services.
  • Contacts, calendar, browsing history, or data from other apps.
  • Government identifiers, payment card numbers, or bank account information.
  • Biometric identifiers beyond what Apple HealthKit natively provides to you.

02 How We Process Your Images and Meal Data

Orelo uses three layers of AI to analyze what you scan:

On-Device AI (stays on your iPhone)

  • Apple Vision framework — runs image classification and OCR locally on your device.
  • Orelo’s custom Core ML food classifier — recognizes common foods entirely on-device.

Data processed by these layers never leaves your iPhone.

Cloud AI (sent off-device)

  • When on-device recognition is not sufficient, Orelo sends the photo and meal context to Anthropic’s Claude API via Orelo’s secure proxy server. Anthropic processes the image to return a nutritional analysis and ingredient breakdown.
  • Anthropic’s handling of this data is governed by Anthropic’s own privacy policy, available at anthropic.com/privacy.

Barcode Lookups

  • When you scan a barcode, Orelo may query the OpenFoodFacts public food database to retrieve product information. Barcodes are not personal data, but the request is sent to OpenFoodFacts servers.

We do not retain copies of your food photos on our own servers beyond what is required to deliver the AI response to your device.

03 How We Use Your Information

We use your information to:

  • Provide the core Orelo experience — scanning, scoring, logging, and analyzing meals and workouts.
  • Sync your data across your devices via Apple iCloud (see Section 4).
  • Improve app performance, diagnose crashes, and understand which features matter to users.
  • Respond to your support requests.
  • Comply with legal obligations.

We do not use your health data, meal data, or photos to serve advertising. We do not sell your personal information.

04 iCloud Sync

Your meals, water logs, and workouts sync through Apple iCloud using CloudKit. This data is stored in your personal iCloud account, not on Orelo’s servers. Orelo cannot read your synced data outside of the app running on your device. Apple’s handling of iCloud data is governed by Apple’s privacy policy.

If you sign out of iCloud or disable iCloud for Orelo in iPhone Settings, sync will stop and your data will remain only on the device where it was created.

05 Analytics

Orelo uses Google Firebase Analytics to understand how users interact with the app. Firebase collects:

  • Pseudonymous device identifiers
  • In-app events (e.g., “meal scanned,” “paywall shown”)
  • Crash reports and performance diagnostics
  • Device type, OS version, country, and language

Firebase data is governed by Google’s privacy policy (policies.google.com/privacy). We configure Firebase not to use collected data for advertising.

06 Subscriptions and Purchases

Orelo offers an auto-renewing subscription (“Orelo Pro”) through Apple’s App Store.

  • Payment is charged to your Apple ID at confirmation of purchase.
  • Subscriptions renew automatically at the end of each period at the then-current price unless you cancel at least 24 hours before renewal.
  • You can manage and cancel subscriptions in iPhone Settings → your Apple ID → Subscriptions.
  • Apple processes all payments. Orelo does not receive or store your payment card information.

Full subscription terms are available in our Terms of Use at getorelo.com/terms.

07 Data Sharing

We do not sell, rent, or trade your personal information. We share data only as follows:

  • Apple — iCloud sync, HealthKit, App Store subscriptions.
  • Anthropic — images and meal context sent for AI analysis (see Section 2).
  • Google — anonymized analytics and crash data via Firebase (see Section 5).
  • OpenFoodFacts — barcode lookups when you scan a product (see Section 2).
  • Legal requirements — if compelled by subpoena, court order, or law enforcement request, or to protect the safety, rights, or property of Orelo, our users, or the public.

Each of these providers is bound by their own privacy policies and, where applicable, data-processing agreements with us.

08 Data Retention and Deletion

  • Data on your device is controlled entirely by you. Delete the app or use Settings → Reset to remove it.
  • iCloud-synced data lives in your iCloud account and is managed by Apple. Deleting the app or resetting from Settings clears Orelo’s iCloud records.
  • Firebase Analytics data is retained by Google on our behalf for the Firebase-default retention period (14 months at the time of writing) and then automatically deleted.
  • Anthropic may retain transiently processed images per their own retention policy. We do not control Anthropic’s retention.

Because Orelo does not require an account, there is no user profile to delete on our side. Removing the app and signing out of iCloud removes all of your Orelo data.

09 Your Rights

Regardless of where you live, you have the right to:

  • Access, correct, and delete your Orelo data using the app’s built-in controls.
  • Revoke camera, photo library, microphone, Siri, and HealthKit permissions at any time in iPhone Settings.
  • Contact us at support@getorelo.com with any privacy question or request.

California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used.
  • Request deletion of your personal information.
  • Correct inaccurate personal information.
  • Opt out of the “sale” or “sharing” of your personal information. We do not sell or share personal information for cross-context behavioral advertising.
  • Non-discrimination for exercising these rights.

To exercise California rights, email support@getorelo.com.

Canadian Residents (PIPEDA)

If you reside in Canada, you have the rights provided under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws. You acknowledge that your information may be processed in the United States (by Anthropic, Google Firebase, and Apple’s global infrastructure) under the protections described in this policy.

Other U.S. States

If you reside in Virginia, Colorado, Connecticut, Texas, Oregon, or another U.S. state with a comprehensive privacy law, you have substantially similar rights to those listed above. Contact us at support@getorelo.com to exercise them.

10 Children’s Privacy

Orelo is not directed at children under 13, and we do not knowingly collect information from children under 13. If you believe a child under 13 has used Orelo, contact support@getorelo.com and we will delete the information.

Users between 13 and 18 should have a parent or guardian review this policy and our Terms of Use.

11 Security

We take reasonable steps to protect your information, including:

  • Encryption in transit (HTTPS / TLS) for all data sent off-device.
  • Secure storage via Apple’s Keychain for sensitive credentials.
  • No transmission of health or meal photos to our own servers beyond the AI analysis pipeline described in Section 2.

No system is perfectly secure. We cannot guarantee absolute security.

12 Changes to This Policy

We may update this policy from time to time. When we do, we will update the “Last Updated” date at the top of this page. For material changes, we will notify users inside the app. Continued use of Orelo after changes means you accept the updated policy.

13 Contact

Questions or requests about this policy:

Orelo
Email: support@getorelo.com
Website: getorelo.com

This Privacy Policy governs the Orelo iOS application and the website at getorelo.com.