Privacy Policy

Last updated: May 29, 2026

App: あと何kcal (How many kcal can you still have)

Operator: HOKKALON Inc.

HOKKALON Inc. (the “Company”) respects the privacy of users of the “あと何kcal / How many kcal can you still have” app (the “App”). The App is account-less and local-first by design; as a rule, no personally identifiable information is stored on our servers.

1. Information We Handle

Stored on your device: meal records (meal name, AI-estimated or manually entered kcal, timestamp), weight entries, target values, Pro purchase state, and app settings. These are stored locally (IndexedDB / Preferences) and are not sent to our servers.
Sent for AI calorie estimation: when you use the AI estimation feature, the meal description you enter (free text), the number of servings, and the locale code (e.g. ja, en) are sent through our Cloudflare Workers API to OpenAI’s API. No name, email, or device identifier is included.
Purchase information: when you subscribe, App Store / Google Play and RevenueCat handle the purchase receipt and subscription state. The Company only references active/inactive status and an anonymous user ID; we never receive your credit card information.
Usage analytics: we may collect anonymous usage events (screen transitions, feature usage, errors) via Mixpanel to improve the App. No name, email, or contact information is sent.
Automatically collected at the API: when calling the API, your IP address and access timestamp are temporarily processed by Cloudflare for rate-limiting and DDoS protection.

2. Purposes of Use

To provide, operate, and improve the App (AI calorie estimation, widgets, long-term trend charts, etc.)
To process subscription billing and purchase restoration (via App Store / Google Play / RevenueCat)
To detect and prevent abuse and API misuse
To respond to support inquiries and deliver important notices
To improve service quality through aggregated, anonymous analytics

3. Third-Party Services

The App uses the following third-party services. Their respective privacy policies apply.

Cloudflare (Workers / Workers AI): API delivery, rate limiting, edge compute
OpenAI: AI calorie estimation (gpt-4o-mini)
RevenueCat: subscription management
Apple App Store / Google Play: app distribution and billing
Mixpanel: anonymous usage analytics (designed to be opt-out friendly)

4. Retention and Deletion

On-device data: fully deleted when the user uninstalls the App or uses the “Delete data” option in settings.
AI estimation API logs: request bodies are not permanently stored server-side. Short-lived error logs are deleted within 30 days.
Purchase information: retained by the stores and RevenueCat to the extent required by accounting and tax laws.

5. Your Rights

You may request access, correction, or deletion of data related to your use of the App by contacting y-ishiba@hokkalon.com. On-device data can be deleted at any time by the user.

6. Security

All API traffic is encrypted with TLS. On Cloudflare Workers we enforce rate limiting and a shared client token to prevent abuse.

7. International Transfers

Servers operated by Cloudflare and OpenAI are also located outside of Japan (primarily in the United States). When you use the AI estimation feature, the meal description you enter may be transferred to these servers, which are subject to appropriate safeguards.

8. Children’s Privacy

The App is not directed to children under 13. Minors should use the App only with parental consent.

9. Changes

We may update this Policy as needed. Material changes will be announced via in-app notifications or on this page.

10. Contact

For questions about this Policy, contact y-ishiba@hokkalon.com.