Privacy policy

1. Identity of the data controller

Data controller: Cavexo LLC State of formation: Florida, United States Legal address: 6809 Mentone St, Coral Gables, FL 33146, United States Product: Dalia (iOS application) Official website: https://www.usedalia.com Contact email: dalia@cavexo.com

For the purposes of the EU General Data Protection Regulation (GDPR), Cavexo LLC acts as the data controller in relation to the personal data described in this policy.

For the purposes of the California Consumer Privacy Act (CCPA/CPRA), Cavexo LLC acts as a business and the providers listed in section 5 act as service providers unless otherwise noted.

For the purposes of the Mexican Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP), Cavexo LLC acts as the responsable.

2. Executive summary (quick read)

In plain language:

Your health data is stored mainly on your iPhone, not on our servers. This includes glucose, insulin, meals, exercise, profile, and notes.
For food photo analysis and daily summaries we use external artificial intelligence providers under contract. We send only what is necessary to provide the feature and request your explicit consent before first use.
We do not use your data for advertising. We do not sell information to third parties. We do not build marketing profiles.
Your Apple Health data never leaves your device. We only read it to display it back to you.
You can delete everything at any time from Settings → Privacy and security → Delete data.
We do not ask for email, password, or social media linking. Your account is anonymous.

This section is a friendly summary. The following sections contain the full legal and technical detail.

3. What data we collect

We split information into three blocks based on where it is stored and where it travels.

3.1 Data stored only on your device

This data lives in your iPhone's local database (Core Data) and the system keychain (Keychain). It is not synced with our servers.

3.1.1 Profile data

Name or nickname (optional)
Age or date of birth
Weight and height
Gender (optional)
Type of diabetes or metabolic condition (Type 1, Type 2, gestational, prediabetes, no diagnosis)
Approximate date of diagnosis
Treatment (insulin, oral medication, diet) and monitoring method (CGM, glucometer)
Personal glucose targets (minimum and maximum range)
Preferred meal times

3.1.2 Health and nutrition data

Glucose readings (manual, imported from Apple Health, or optionally synced from external glucose sources you voluntarily connect)
Meal records: food photo (optional), name, ingredients, estimated macros, glycemic load, time
Insulin doses (manual)
Exercise sessions (manual or imported from Apple Health)
Free-form notes and observations
AI-generated daily insights stored locally
Day-closure history and aggregated metrics

3.1.3 Integration credentials (encrypted in Keychain)

If you connect a compatible external glucose source: the credentials or technical parameters needed to sync it
Anonymous session token to authorize service features

3.1.4 Configuration and preferences

Language (system, Spanish, English)
Visual theme and presentation preferences
Local notifications configuration
Sync frequency for external glucose sources, if configured

3.2 Data collected in our backend

To operate the app and prevent abuse, we store a minimum of information in our backend, managed by infrastructure providers under contract.

3.2.1 Anonymous identification

A randomly generated UUID created on your device on first use
A short-lived session token (JWT) to authorize AI calls
We do not request email, password, phone number, or social network linking.

3.2.2 AI usage metadata (no content)

Type of feature requested (for example, meal analysis or daily summary)
Request size in bytes
HTTP response code, error code if applicable
Processing duration
Cryptographic hash of your IP address (not the IP itself, just a derived value)
Timestamp

Important: We do not store the photos sent, input texts, or AI responses. What we record is operational metadata to sustain quotas, offer support, and diagnose errors.

3.2.3 Consent records

Version of Privacy Policy and Terms accepted
Version of Medical Disclaimer acknowledged
Date and time of consent (server-side timestamp)
Consent withdrawal events

3.3 Data sent to third parties for specific functionality

Each of the following transmissions occurs only when you activate or use the corresponding feature and, in the case of artificial intelligence, only after you accept the explicit consent described in section 10.

Function	Provider	What is sent
Food photo analysis	External AI providers under contract	The food photo and minimum context needed to analyze it
Daily summary generation	External AI providers under contract	Aggregated figures and day context, without photos
Barcode lookup	Public nutrition information database	The scanned barcode number
External glucose source sync	External service you voluntarily connect	Credentials or parameters needed to sync the source, sent according to the integration type
Apple Health read	Apple Health on your device	Local read request; data does not leave the device

Provider categories and flows are described in section 5.

3.4 Data we do NOT collect

For transparency, we let you know what we never collect:

Advertising identifiers (IDFA)
Precise or approximate geolocation
Contact list
Calendar or reminders
Browsing or search history
Financial information (payments are handled by Apple)
Biometric identifiers
Audio or video recordings
Information about other apps installed on your device
Device fingerprinting

4. How we use your data and legal bases

We process each category of data with an explicit purpose and a specific legal basis under the GDPR.

Data	Purpose	Legal basis (GDPR)
Profile and goals	Personalize the experience, calculate ranges and metrics	Performance of the contract (Art. 6.1.b)
Glucose, insulin, exercise, meals	Show your metabolic day, calculate trends and glycemic load	Explicit consent (Art. 9.2.a, health data)
Food photo	Nutritional analysis via AI when you request it	Explicit consent (Art. 9.2.a)
Aggregated day figures	Generate day-closure narrative	Explicit consent
Anonymous ID and JWT token	Authorize calls and prevent abuse	Legitimate interest (Art. 6.1.f)
AI metadata (feature type, size, status)	Quotas, diagnosis, support	Legitimate interest
IP hash	Abuse detection and per-origin quotas	Legitimate interest
External glucose source credentials	Sync the readings you authorize	Explicit consent
Apple Health (read)	Show your metrics in Dalia	Explicit consent
Consent logs	Regulatory compliance	Legal obligation (Art. 7.1 GDPR)

4.1 What we do NOT do with your data

We do not use your data for personalized advertising
We do not sell or rent information to third parties
We do not build marketing profiles
We do not perform reversible "anonymization" to resell
We do not reuse health data for other purposes
We do not train public AI models with your information
We do not combine your information with external databases
We do not transfer your information to affiliated companies for purposes other than those described here

5. Third-party services and artificial intelligence

Dalia uses external providers under contract to operate specific features, such as secure infrastructure, AI-assisted analysis, and lookups in public nutrition information databases. We share only the information needed to provide the feature you activate or use. We do not use these providers for advertising or to sell your data.

5.1 Artificial intelligence providers

Field	Detail
Function in Dalia	Analyze food photos, estimate nutrition context, and generate explanations or daily summaries when you request them
What we send	The photo or minimum context needed for the feature. For daily summaries, we send aggregated data and day context, not photos
When we send	Only when you use an AI feature and after you accept the corresponding consent
Prohibited use	We do not authorize the use of your data for advertising, sale of data, or training public models
Retention	Providers may process or temporarily retain data to provide the service, security, and abuse prevention, according to their contracts and applicable policies

5.2 Infrastructure providers

Field	Detail
Function in Dalia	Anonymous authentication, backend functions, abuse prevention, consent records, and operational metadata
What we send	Anonymous identifier, operational metadata without detailed health content, consent records, and security logs
Prohibited use	We do not authorize the use of your data for advertising, sale of data, or marketing profiles

5.3 Apple Health and Apple services

Field	Detail
Function in Dalia	App Store, in-app purchases, local health-data read through Apple Health, and local notifications
What they receive	Only what Apple manages as part of its platform, such as purchase data or operating-system identifiers
Health data	Data read from Apple Health does not leave your device because of Dalia. We do not send it to our backend or external AI providers
Control	You can revoke access from iOS Settings

5.4 External glucose sources (optional)

Field	Detail
Activation	Only if you decide to connect a compatible external source from the app
What is used	Credentials or technical parameters needed to sync the source you authorize
Storage	When applicable, stored encrypted in the iOS Keychain
Responsibility	Availability, accuracy, and terms of use of each external source depend on its provider or on the configuration you maintain
Control	You can disconnect the source from the app; doing so removes credentials or parameters saved for that connection

5.5 Public nutrition information databases

Field	Detail
Function in Dalia	Look up nutrition information by barcode
What we send	The scanned barcode number
Limitation	Results may be inaccurate, incomplete, or outdated; always verify package information

5.6 Visual summary of the data flow

   ┌─────────────────┐
   │ Your iPhone     │
   │ • Food photo    │ ── consent accepted ──▶ External AI provider
   └─────────────────┘                                 │
   ┌─────────────────┐                                 │
   │ Your iPhone     │ ◀───── nutritional analysis ────┘
   │ Local Core Data │
   └─────────────────┘

   ┌─────────────────┐ ──── local read ──── ▶ Apple HealthKit
   │ Your iPhone     │                       (does not leave the device)
   │                 │
   │                 │ ─ voluntary connection ──▶ External glucose source (optional)
   │                 │ ─ barcode ───────────────▶ Public nutrition database (optional)
   └─────────────────┘

5.7 No other third parties

To confirm scope: Dalia does not integrate analytics SDKs, ad networks, advertising measurement SDKs, social login SDKs, or external communication SDKs to profile you or show ads.

6. Health data and Apple HealthKit

Health data receives reinforced protection in Dalia.

6.1 Apple HealthKit

Dalia requests read-only access to Apple Health for the following types: blood glucose, energy expended, and workouts
Dalia never writes data to Apple Health
Data read from Apple Health never leaves your device because of Dalia. It is not sent to our backend or to external AI providers
You can revoke access at any time from iOS Settings → Privacy → Health → Dalia

6.2 Compliance with Apple guidelines

We comply with App Store guidelines sections 5.1.2(vi) and 5.1.3:

We do not use HealthKit data for advertising or marketing
We do not store personal health information in iCloud
We do not write false or inaccurate data to HealthKit
We do not perform medical research with your data (if we did in the future, it would be under explicit consent and with ethics committee approval)

6.3 Special-category sensitive data

Under Art. 9 of the GDPR, health data is a special category of personal data. We process it exclusively with your explicit consent (Art. 9.2.a) and with the reinforced technical and organizational measures described in section 7.

7. Storage, encryption, and security

7.1 On your device

Database: local Core Data, protected by iOS Data Protection (AES encryption with key derived from your device passcode)
Credentials: system Keychain with class kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
Image cache: local, deleted on data wipe
Process isolation: the app runs in iOS sandbox without access to other apps

7.2 In transit

All calls to our services and to third parties use HTTPS with TLS 1.2 or higher
Active certificate validation
No unencrypted HTTP connections allowed
App Transport Security (ATS) enabled in Info.plist

7.3 In our backend

Encryption at rest managed by our infrastructure providers
Database access restricted by Row Level Security (RLS)
Cavexo personnel access limited by roles, audit log enabled
External provider secrets stored securely, never in client code
Periodic secret rotation (at least every 12 months)

7.4 OWASP commitment

We strive to mitigate OWASP Mobile Top 10 vulnerabilities. If you discover a vulnerability, contact us at dalia@cavexo.com. Our responsible disclosure program guarantees:

Acknowledgment within 72 hours
Diagnosis and remediation timeline within 14 days
Recognition of the researcher (with their consent) after the fix is published
We will not initiate legal action against researchers acting in good faith within standard responsible-disclosure rules

7.5 Breach notification

In case of a security breach affecting your personal data:

We will notify you in the app and by email (if you provided one) without undue delay
Under the GDPR, we will notify the competent supervisory authority within 72 hours if the breach poses a risk to your rights
Under CCPA/CPRA, we will comply with applicable notification requirements

8. Retention and deletion

8.1 Data on your device

Data stored on your iPhone remains while the app is installed or until you delete it. When you uninstall the app, iOS automatically removes all local data and associated Keychain credentials.

8.2 Data in our backend

Category	Retention
`ai_request_events` metadata	Maximum 90 days, then deleted automatically
Anonymous service account	Active while you use the app
Consent records	5 years (legal obligation to prove consent)
Security and audit logs	12 months

8.3 Deletion on request

You can request the complete deletion of your data at any time from Settings → Privacy and security → Delete data. This action:

Erases all Core Data entities (profile, glucose, meals, insulin, exercise, insights)
Cleans the Keychain (external-source credentials and anonymous session)
Cleans caches (URLCache, image cache, file cache)
Deletes the anonymous service account and associated operational metadata
Retains only consent records during the minimum legal period, anonymized so they cannot be linked to you

Compliance timeline: local deletion is immediate. Backend deletion completes in less than 30 calendar days from the request.

8.4 Deletion after inactivity

If you do not use Dalia for 24 consecutive months and do not have an active subscription, we may delete your anonymous account and associated metadata. We will notify you in the app before proceeding, with at least 30 days' notice.

8.5 Legal exceptions

We may retain certain information after your deletion request when there is:

A legal obligation to retain (e.g. tax records associated with a purchase)
An active dispute requiring evidence preservation
A need to prevent fraud or misuse

In these cases, we will retain only what is strictly necessary and for the minimum required time.

9. Your rights

We recognize the following rights based on your jurisdiction:

Access (Art. 15): obtain a copy of the data we have about you
Rectification (Art. 16): correct inaccurate or incomplete information
Erasure (Art. 17, "right to be forgotten"): request deletion
Restriction of processing (Art. 18)
Portability (Art. 20): receive your data in structured JSON format
Objection (Art. 21): object to processing based on legitimate interest
Withdrawal of consent (Art. 7.3) at any time, without affecting the legality of prior processing
Not to be subject to automated decisions producing significant legal effects (Art. 22). AI estimates in Dalia do not produce legal decisions; they are informational
Complaint with a supervisory authority: AEPD (Spain), CNIL (France), ICO (UK), Garante (Italy), BfDI (Germany), or your national authority

9.2 Rights under CCPA/CPRA (California, United States)

Right to know what personal information we collect
Right to delete personal information
Right to correct inaccurate information
Right not to be subject to discrimination for exercising your rights
Right to limit the use of sensitive personal information
We do not sell personal information and we never will, so the opt-out-of-sale right does not apply

9.3 Rights under LFPDPPP (Mexico)

ARCO rights: Access, Rectification, Cancellation, and Opposition. Additionally:

Withdraw consent
Limit use or disclosure
Appeal to INAI for unanswered requests

9.4 Rights in other jurisdictions

We recognize analogous rights under local legislations: LGPD (Brazil), Law 19.628 (Chile), Law 1581 of 2012 (Colombia), PDPA (Singapore), Privacy Act (Australia), among others. If you reside in a jurisdiction not mentioned and want to exercise analogous rights, contact us.

9.5 How to exercise your rights

Send an email to dalia@cavexo.com indicating:

The right you want to exercise
Your Dalia anonymous identifier (Settings → Privacy and security → Support ID)
A description of the request
If applicable, evidence supporting your identity (in some cases we may require it to avoid unauthorized access)

We will respond within 30 calendar days. If we need more time (complex cases), we will notify you with a maximum extension of an additional 60 days.

We will not charge you for exercising your rights, except for manifestly unfounded or excessive requests, in which case we could charge a reasonable cost or refuse to act.

9.6 Authorized person

You may designate an authorized person to exercise rights on your behalf. We will ask for verification of authorization.

Dalia lets you manage consent per feature independently. You can enable and disable each from Settings → Privacy and security without affecting others:

Functionality	How to control	Effect if disabled
AI analysis	Toggle in app	The app keeps working with manual analysis
Apple Health	iOS Settings	Data is not imported automatically; you can still log manually
External glucose sources	"Disconnect" button in app	Stored credentials or parameters are wiped, no more sync
Operational telemetry	Toggle in app	No `ai_request_events` are sent
Local notifications	iOS Settings	No reminders are scheduled

10.1 Required acceptances

Three consents are actively requested in the app:

Acceptance of Privacy Policy and Terms of Service during onboarding (one time, with re-acceptance if there are material changes)
Acknowledgment of the Medical Disclaimer during onboarding
AI consent the first time you use a feature that processes data with external artificial intelligence providers (separate and independent, with explicit modal)

Each consent is recorded with its version and timestamp, and can be withdrawn at any time.

10.2 Re-acceptance with material changes

If we publish a material new version of this policy, we will notify you in the app and request re-acceptance before continuing to use the affected features.

11. Minors

11.1 Children under 13

Dalia is not directed at children under 13 and we do not knowingly collect data from minors under 13. If we discover that we have received data from a minor under 13 without verifiable parental consent, we will delete it immediately.

If you are a parent or guardian and you believe your child under 13 has provided data to Dalia, contact us at dalia@cavexo.com for immediate deletion.

We comply with the U.S. Children's Online Privacy Protection Act (COPPA) and equivalent norms in other jurisdictions.

11.2 Adolescents 13 to 17

For adolescents between 13 and 17, parental or legal guardian consent is required. The parent or guardian must contact us at dalia@cavexo.com to authorize the use in writing.

Minors' health data receives reinforced protection under Art. 8 of the GDPR: mandatory parental consent, strict minimum retention, and privacy-oriented default configuration options.

11.3 If you are a parent or guardian

To manage data of a minor in your care, write to dalia@cavexo.com attaching a document proving the relationship. You can:

Access the minor's data
Request rectification or deletion
Withdraw consent
Receive periodic usage reports (on request)

11.4 Special ages by jurisdiction

Some jurisdictions define different digital consent ages (e.g., 14 in Spain and Italy, 16 in Germany). We apply the most protective age in case of doubt.

12. International transfers

Some of our infrastructure and artificial intelligence providers are in the United States or other jurisdictions outside the European Economic Area. When your data leaves the European Economic Area, we protect it through:

Standard Contractual Clauses (SCC) of the European Commission, in their most recent versions
EU-US Data Privacy Framework when the provider is certified
Schrems II analysis documented for each transfer, with assessment of the destination country's legal framework
Encryption in transit and at rest
Minimization: only strictly necessary data is transferred

If you would like a copy of the applicable SCCs or the Schrems II analysis, write to dalia@cavexo.com.

13. Cookies and similar technologies

13.1 In the mobile application

The native app does not use cookies. It uses only iOS local storage (Core Data, UserDefaults, Keychain) described in previous sections.

13.2 On the `usedalia.com` website

Our web uses:

Strictly necessary cookies for the site to function (session, language, cookie banner)
Anonymous analytics cookies (without personal identifiers) to understand aggregate use, only if you accept in the banner

We do not use:

Marketing or advertising cookies
Remarketing pixels
Cross-site trackers
Fingerprinting

You can manage cookies from the consent banner or from your browser configuration.

14. Changes to this policy

When we update this privacy policy:

We will change the "Last updated" date and the semantic version
If changes are material (they affect processing, your rights, or introduce a new provider), we will notify you in the app at least 30 days in advance
We will request express re-acceptance within the app before applying material changes
Minor changes (wording corrections, clarifications) will take effect from the publication date

Active Premium subscribers who do not accept a new version will retain the right of portability access (Art. 20 GDPR) during a reasonable transition period and will be allowed to export their data before any service limitation.

Version history is maintained at https://www.usedalia.com/privacy/history.

15. Contact

Cavexo LLC

Florida limited liability company. Legal address: 6809 Mentone St, Coral Gables, FL 33146, United States.

Contact	Email
Privacy, rights, support, legal matters, and security	dalia@cavexo.com

Website: https://www.usedalia.com

16. Medical disclaimer (reference)

Dalia is an educational metabolic and nutritional self-tracking application. Dalia is not a medical device, does not diagnose, treat, prevent, or cure diseases, and does not replace the opinion, diagnosis, or treatment of a healthcare professional.

AI-generated estimates (glycemic load, macros, daily insights) are informational and must be verified against your treatment plan. Never change your medication, insulin doses, or dietary regime without consulting your treating physician first. In case of hypoglycemia, severe hyperglycemia, or emergency, follow your medical plan and contact local emergency services.

The full detail of medical limitations is available in our Medical Disclaimer: https://www.usedalia.com/en/medical-disclaimer

17. Final provisions

17.1 Controlling language

This policy may be available in several languages. In case of conflict between versions, the Spanish version published at https://www.usedalia.com/es/privacy will prevail, except where the imperative law of your jurisdiction requires otherwise.

17.2 Severability

If any provision of this policy is declared invalid, illegal, or unenforceable in any jurisdiction, that provision will not affect the validity of the rest of the document.

17.3 Relationship with other documents

This policy must be read together with:

Terms of Service of Dalia: https://www.usedalia.com/en/terms
Medical Disclaimer of Dalia: https://www.usedalia.com/en/medical-disclaimer

In case of conflict between this Privacy Policy and the Terms of Service regarding the processing of personal data, this Privacy Policy will prevail.

This policy is in effect since May 14, 2026. Version 1.0.1 — Cavexo LLC