Last updated: January 24, 2026

Privacy Policy

At Valeo Expert, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our health and nutrition tracking service. Please read this policy carefully. By using Valeo Expert, you consent to the data practices described in this policy.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Name
  • Password (stored in encrypted, hashed form)

Health Profile Data

During onboarding and throughout your use of the service, we collect health-related information including:

  • Date of birth and age
  • Gender
  • Height and weight
  • Body fat percentage (optional)
  • Activity level
  • Health and fitness goals
  • Dietary preferences (e.g., vegetarian, vegan, keto)
  • Food allergies and restrictions

Nutrition Data

When you log food, we collect and store:

  • Food descriptions you provide
  • Photos of meals (processed for nutritional analysis)
  • Calculated nutritional values (calories, protein, carbs, fat, fiber, sugar, sodium, water)
  • Meal type and timing
  • Weight tracking logs

WHOOP Integration Data

If you connect your WHOOP account, we receive and store:

  • Sleep data (total sleep, REM, deep sleep, light sleep, sleep efficiency)
  • Recovery scores and metrics
  • Heart rate variability (HRV) and resting heart rate
  • Strain scores and workout data
  • Respiratory rate and skin temperature

Telegram Integration Data

If you connect Telegram for notifications, we collect:

  • Telegram user ID and chat ID
  • Telegram username and display name
  • Notification preferences

Technical Data

We automatically collect certain technical information:

  • Browser timezone
  • Theme and display preferences
  • Session information

2. How We Use Your Information

We use the information we collect to:

  • Provide nutrition tracking and health monitoring services
  • Analyze food photos and descriptions using AI to estimate nutritional content
  • Generate personalized daily insights and recommendations
  • Calculate health metrics such as BMI, BMR, and caloric needs
  • Track your progress toward health and fitness goals
  • Send notifications and summaries via Telegram (if enabled)
  • Improve our AI models and service quality
  • Respond to your inquiries and support requests
  • Comply with legal obligations and protect our legal rights

3. Third-Party Services

We share your data with the following third-party services to provide our features:

OpenAI / OpenRouter

Food descriptions and photos you submit are sent to AI services (OpenAI GPT-4o via OpenRouter) for nutritional analysis. This data is processed to estimate calories, macronutrients, and food items. OpenAI may retain this data according to their own privacy policy.

WHOOP

If you connect your WHOOP account, we use OAuth 2.0 to securely access your health metrics. Your WHOOP access tokens are encrypted at rest. WHOOP data is subject to WHOOP's privacy policy.

Telegram

If you enable Telegram notifications, we send your daily summaries, progress updates, and alerts via the Telegram Bot API. Your Telegram data is subject to Telegram's privacy policy.

Stripe (Future)

When we implement premium subscriptions, payment processing will be handled by Stripe. We will not store your full payment card details on our servers. Stripe's handling of your data is subject to their privacy policy.

4. Data Security

We implement appropriate technical and organizational security measures to protect your personal data, including:

  • Encryption of sensitive data at rest (OAuth tokens, two-factor secrets)
  • Password hashing using industry-standard bcrypt algorithm
  • HTTPS encryption for all data in transit
  • CSRF protection on all forms
  • Regular security updates and monitoring

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. Specifically:

  • Account and profile data is retained until you delete your account
  • Food entries and nutrition data are retained for historical tracking and trend analysis
  • WHOOP data is synced and retained to provide health insights
  • Deleted food entries are soft-deleted initially and may be retained for a limited period for recovery purposes

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

6. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal data:

California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect about you
  • Request deletion of your personal information
  • Opt-out of the sale of your personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

European Residents (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access your personal data
  • Rectify inaccurate personal data
  • Request erasure of your personal data ("right to be forgotten")
  • Restrict processing of your personal data
  • Data portability
  • Object to processing of your personal data
  • Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, please contact us at [email protected]. You can also delete your account directly from your account settings.

7. Cookies and Local Storage

We use cookies and similar technologies for the following purposes:

  • Session Cookies: Essential for authentication and maintaining your logged-in state
  • Preference Cookies: Remember your theme preference (light/dark mode) and UI settings

We do not use third-party tracking cookies, advertising cookies, or analytics services that track your behavior across websites.

8. Health Data Sensitivity

We understand that health and nutrition data is sensitive personal information. We are committed to:

  • Never selling your health data to third parties for marketing or advertising purposes
  • Only sharing health data with service providers essential to our core functionality
  • Providing you full control over your data, including the ability to delete it at any time
  • Being transparent about how your health data is processed

9. Children's Privacy

Valeo Expert is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure your personal data remains protected in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification.

We encourage you to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy, your personal data, or would like to exercise your privacy rights, please contact us at:

Valeo Expert

Email: [email protected]