Privacy Policy

Cysta: PCOS Weight Loss

Last updated: April 4, 2026

1. Introduction

Cysta (“we”, “our”, or “us”) is operated by Mael Halna, a micro-enterprise registered under RCS 891 414 138, located in France. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application Cysta: PCOS Weight Loss (the “App”). Please read this policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account information: When you create an account, we collect your email address and authentication credentials (Apple Sign-In and Google Sign-In).
  • Health and PCOS profile data: To personalize your experience, we collect information you provide such as your PCOS symptoms, diagnosis history, weight, age, dietary preferences, and activity level. This data is used to determine your PCOS profile type (insulin-resistant, inflammatory, adrenal, or post-pill) and tailor the app to your needs.
  • Meal photos and food logs: When you use our AI meal scanning feature, we process photos of your meals to identify foods, estimate nutritional content, and generate a PCOS score tailored to your profile.
  • Symptom check-in data: Daily symptom entries you log, including energy levels, bloating, cravings, and skin condition.
  • Weight entries: Weight data you optionally log to track your progress over time.

2.2 Information Collected Automatically

  • Step count data (HealthKit): With your permission, we read your step count data from Apple HealthKit to display your daily activity. We do not write data to HealthKit.
  • Usage data: We collect information about how you interact with the App, including features used, screens viewed, and actions taken.
  • Technical data: Device type, operating system version, app version, crash logs, and performance data.

3. How We Use Your Information

  • Determine your PCOS profile type and personalize your experience accordingly.
  • Analyze meal photos using AI to provide PCOS scores, macro estimates, and educational explanations.
  • Generate weekly meal suggestions tailored to your PCOS profile and dietary preferences.
  • Track and display symptom trends over time (energy, bloating, cravings, skin).
  • Display weight trends using a 7-day rolling average.
  • Show your daily step count from HealthKit.
  • Manage your account and authenticate your identity.
  • Process and manage your subscription.
  • Diagnose technical issues, improve performance, and fix bugs.
  • Improve the App and develop new features.

4. Apple HealthKit Data

We take your HealthKit data seriously. In accordance with Apple’s requirements:

  • HealthKit data (step count) is used solely within the App to display your daily activity.
  • HealthKit data is never shared with third parties.
  • HealthKit data is never used for advertising or marketing purposes.
  • HealthKit data is never sold to data brokers or any other third parties.
  • You can revoke HealthKit access at any time through your device’s Settings > Health > Data Access.

5. AI-Powered Food Analysis

Our food scanning feature uses OpenAI’s API to analyze meal photos and food names. When you scan a food, the following data is sent to OpenAI’s servers for processing:

  • The meal photo you capture, or the food name you type.
  • Any optional context or notes you add to the scan.
  • Your PCOS profile type (e.g. insulin-resistant) to tailor the analysis.

The following data is never sent to OpenAI:

  • Your name, email, or account information.
  • Your HealthKit data or health records.
  • Any personally identifiable information.

Food data sent to OpenAI is processed in real time and is not used by OpenAI to train or improve their AI models, in accordance with their API data usage policy. No food scan data is stored by OpenAI after processing.

6. Data Storage and Security

Your data is stored in Google Cloud Firestore. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law.

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate personal data.
  • Erasure: Request deletion of your personal data.
  • Restriction: Request restriction of processing of your personal data.
  • Portability: Request a portable copy of your personal data.
  • Objection: Object to processing of your personal data.

To exercise any of these rights, please contact us at contact@caloburner.app. We will respond to your request within 30 days.

9. Children’s Privacy

Cysta is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us: