CHONK app icon Albor Apps · CHONK

Privacy Policy

Effective date: June 22, 2026  ·  Last updated: July 2, 2026

1Who we are

CHONK ("CHONK," the "App") is a voice-first calorie and nutrition tracking app for iOS. The App is published and operated by Albor Apps, the trade name of Bruno Osório Gonçalves, an individual microentrepreneur (MEI) registered in Brazil under CNPJ 66.709.390/0001-81 ("Albor," "we," "us," or "our").

This Privacy Policy explains what information we collect when you use the App, how and why we use it, who we share it with, and the choices and rights you have. It applies to the CHONK iOS app and any related websites, support channels, and services that link to it.

Albor operates from Brazil. The best way to reach us is by email: alborapps@gmail.com.

2Scope of this policy

The App is offered in English and Brazilian Portuguese, primarily to users in the United States and Brazil. It is intended for users 17 years of age or older. The App is not directed to children under 13, and we do not knowingly collect personal information from children under 13. See Children's privacy.

This policy describes how the App handles your information, including data kept locally on your device and data synced to your account in the cloud.

3Information we collect

We collect only the information needed to make the App work and to personalize your experience. We do not require you to provide your name, and we do not ask for your real-world identity to use the core features.

a. Voice & speech

When you tap to talk, the App accesses your device microphone and captures audio so you can describe what you ate. That audio is converted to text using Apple's Speech Recognition. Depending on your device and settings, Apple may process some audio on its servers to perform this conversion, subject to Apple's own terms and privacy policy. The App uses the resulting text transcript — it does not store your raw audio recordings.

b. Meal & health inputs you provide

You provide information so the App can estimate nutrition and build a plan for you, including:

  • Meal descriptions — what you tell CHONK you ate or drank (by voice or text).
  • Onboarding profile — sex, age, height, current weight, goal weight, activity level, diet preference, and a self-identified "weak spot."
  • Weigh-ins over time — weight entries you log so the App can track progress.

Some of this information (for example, weight, and inputs related to diet or body) may be considered health-related information. We treat it with care and use it only for the purposes described in this policy.

c. Derived data

From your inputs, the App generates and stores data about you, including estimated calories and macronutrients, food-quality scores (a 0–100 score shown as an A–F grade), streaks, daily logs and history, your personalized targets, and the AI-generated "roast" text.

d. Subscription status

Purchases are processed by Apple through the App Store using StoreKit. Albor does not receive or store your payment-card number or billing details. We receive only your entitlement / subscription status (for example, whether you have an active subscription and which tier) so the App can unlock paid features.

e. Device & notification data

The App schedules local notifications on your device to deliver meal-time reminders and the "call" feature. These are generated on-device. We may also process limited technical information necessary to operate the App, such as app version and basic device/OS information for compatibility and troubleshooting.

f. Analytics

We use PostHog to understand how people use the App — for example, which features are used, onboarding completion, and retention — primarily through aggregated and de-identified usage events. We aim to keep analytics data aggregate rather than tied to your real-world identity.

g. Crash & diagnostic data

We use Sentry to capture crash reports and technical error diagnostics so we can find and fix bugs. These reports include technical information such as the error, app version, and device/OS details, and are used only to keep the App stable.

h. Communications & feedback

If you contact us for support, or send in-app feedback (a rating and a message), we receive the information you choose to share, such as your message contents and, where applicable, your email address. In-app feedback is delivered to us by email through Resend, our transactional email provider.

i. Location (nearby food)

If you ask the Don to find food near you, the App requests "When In Use" location access so it can suggest nearby places to eat. We use Apple's frameworks (Core Location and Apple Maps / MapKit local search) to do this on your device. Your coordinates stay on your device: we do not store your location, and we do not send your latitude/longitude to our servers or to any third party other than Apple's on-device map search. You can grant or revoke location access at any time in iOS Settings → Privacy → Location Services → CHONK. The feature only runs when you ask for a nearby recommendation; the rest of the App works without location.

4How and why we use information

We use the information described above to:

  • Convert your speech to text and estimate the calories and macronutrients of what you ate.
  • Calculate food-quality scores and A–F grades, streaks, and your logs.
  • Build and adjust a personalized nutrition plan and targets, and recommend foods ("what do I eat?").
  • Generate the comedic "roast" and synthesize it as spoken audio.
  • Send meal-time reminders and "calls" via local notifications.
  • Generate shareable image "receipt" cards at your request.
  • Provide, maintain, secure, debug, and improve the App.
  • Process subscriptions and unlock paid features.
  • Respond to your support requests and communicate with you about the App.
  • Comply with law and enforce our Terms of Use.

Legal bases & notice

In the United States, we process your information to provide the service you request, with your consent (for example, microphone access), for our legitimate business interests in operating and improving the App, and to comply with law. If you are in the EU/UK or Brazil, see the GDPR & LGPD section for the legal bases we rely on.

5AI processing of your meal text, photos & voice

The App relies on third-party artificial-intelligence providers to deliver its core features. When you describe a meal, the text of what you said (your meal description / utterance), and relevant profile context, is sent to an AI provider to estimate nutrition and to generate the roast. If you choose to log a meal with a photo, that photo of your plate is sent for the same purpose.

  • OpenAI — meal/utterance text is sent to OpenAI's API (including GPT-4o models) to estimate calories and macronutrients and to generate the roast text. This request is routed through a server-side function we operate (hosted on Supabase). Your meal/utterance text is transmitted to and processed by the AI provider for these purposes.
  • Meal photos (optional). If you log a meal by photo, the image is downscaled on your device and sent through the same server-side function to OpenAI's vision models to identify the foods and estimate portions. Photos are processed transiently to produce the estimate: we do not store your meal photos in our database, and photo requests are excluded from our server-side meal cache.
  • ElevenLabs — the generated roast text is sent to ElevenLabs to synthesize the spoken voice you hear.

We send these providers the text needed to perform the task; we do not send them your real-world identity or payment information. These providers process the data as our service providers and under their own terms. We do not permit our AI service providers to use your meal/utterance content to train their general-purpose models where such a setting is available to us, and we configure our integrations to limit retention where possible.

In short: to estimate your nutrition and create the roast, the things you tell CHONK you ate — and any meal photos you choose to submit — are sent to AI providers (OpenAI and ElevenLabs) for processing. If you do not want your meal descriptions or photos processed by these providers, do not submit them.

6Apple's role: speech & payments

Speech. The App uses Apple's Speech Recognition to turn your spoken meal descriptions into text. Some audio may be processed by Apple to perform this conversion, governed by Apple's terms and privacy policy. We receive the resulting text, not stored raw audio.

Payments. All purchases and subscriptions are handled by Apple through the App Store. Payment information is collected and processed by Apple, not by us. We never see or store your card number. We receive only your subscription/entitlement status. Apple's handling of your payment information is governed by Apple's terms and privacy policy.

Notifications and Sign in with Apple. Local and push notifications rely on Apple's operating-system features. We offer Sign in with Apple for account creation; if you use it, Apple shares with us the limited information you authorize (such as a name you choose to share and a relay or real email address).

7Local storage vs. cloud sync

Today, your data is primarily stored locally on your device. Your logs, profile inputs, derived scores, and history live on the device, except for the text transmitted to AI providers to perform the features described above and information processed by Apple for speech and payments.

Account-based cloud sync. We use Supabase to provide a backend database and authentication so you can create an account (via Sign in with Apple) and sync your data across sessions and devices. Your profile, logs, and derived data are stored in our Supabase-hosted database, protected with row-level security ("RLS") scoped so that your records are accessible only to your account.

8Service providers / sub-processors

We use the following third parties to provide the App. They process information on our behalf or in their own role as described, and only as needed for the stated purpose:

  • Apple — Speech Recognition, Sign in with Apple, App Store / StoreKit payments and subscription status, push/local notifications, and Apple Maps (on-device nearby search).
  • OpenAI — receives meal/utterance text to estimate nutrition and generate the roast text.
  • ElevenLabs — receives roast text to synthesize spoken voice.
  • Supabase — backend database, authentication, and server functions for account sync; data stored with per-user row-level security.
  • RevenueCat — manages subscriptions and entitlements on top of Apple's payments; receives your subscription status and an app-specific user identifier (no payment-card data).
  • PostHog — product analytics (usage events, funnels, retention), used in aggregate/de-identified form where possible.
  • Sentry — crash reporting and error diagnostics to keep the App stable.
  • Resend — transactional email delivery (for example, your in-app feedback and account-related emails).

We may update this list as our service evolves. Material changes will be reflected here.

9How we share information

We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under California law. We disclose information only as follows:

  • Service providers / sub-processors — as listed in Section 8, to operate the App.
  • At your direction — for example, when you generate and choose to share a "receipt" card, you control where you send it.
  • Legal & safety — to comply with applicable law, regulation, legal process, or governmental request, and to protect the rights, property, or safety of our users, the public, or us.
  • Business transfers — in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to this policy.

10Data retention

We keep information for as long as needed to provide the App and for the purposes described in this policy. Locally stored data remains on your device until you delete it or uninstall the App. When cloud sync is enabled, account data is retained while your account is active; if you delete your account, we delete or de-identify the associated personal data within a commercially reasonable period, except where we must retain certain records to comply with law, resolve disputes, or enforce our agreements. Our AI and infrastructure providers retain transmitted data according to their own retention terms; we configure integrations to limit retention where that option is available to us.

11Security

We use reasonable technical and organizational measures designed to protect your information, including encryption in transit, platform security features provided by Apple, and per-user access controls (row-level security) for cloud-synced data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your device and any account credentials secure.

12Children's privacy

The App is rated for users 17+ and is not directed to children under 13. We do not knowingly collect personal information from children under 13, consistent with the U.S. Children's Online Privacy Protection Act ("COPPA"). If you believe a child under 13 has provided us with personal information, please contact us at alborapps@gmail.com and we will take steps to delete it.

13Your privacy rights

Depending on where you live, you may have rights over your personal information, including to access, correct, delete, or obtain a copy of it, and to object to or restrict certain processing. Because much of your data is stored locally, you can often exercise these rights directly in the App — for example, by editing your profile, deleting individual logs, or uninstalling the App to remove local data.

To make a request that we act on data we hold (including cloud-synced data) or to request deletion of your account and associated data, contact us at alborapps@gmail.com. We will verify your request as required by law and respond within the timeframes the law provides. We will not discriminate against you for exercising your rights.

14California privacy rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you the following rights:

  • Know / access — the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties to whom it is disclosed.
  • Delete — request deletion of personal information we have collected, subject to legal exceptions.
  • Correct — request correction of inaccurate personal information.
  • Opt out of sale/sharing — we do not sell or share your personal information for cross-context behavioral advertising, so there is nothing to opt out of.
  • Limit use of sensitive personal information — we use sensitive information (such as health-related inputs) only to provide the App and as otherwise permitted, not to infer characteristics for advertising.
  • Non-discrimination — we will not discriminate against you for exercising your rights.

The categories of personal information we may collect include identifiers (e.g., email if you contact us or create an account), health-related and characteristics information you provide (sex, age, height, weight, goals, diet preference), audio/voice converted to text, commercial information (subscription status), internet/app usage (analytics), and inferences (scores, plans). To exercise your rights, contact us at alborapps@gmail.com. You may use an authorized agent, and we will verify requests as required by law.

15EU / UK / Brazil privacy rights (GDPR & LGPD)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the GDPR / UK GDPR applies. Albor is the controller of your personal data for the App. The legal bases on which we rely are:

  • Performance of a contract — to provide the App's features you request.
  • Consent — for microphone access, optional analytics, and processing of health-related data; you may withdraw consent at any time.
  • Legitimate interests — to secure, maintain, and improve the App, where not overridden by your rights.
  • Legal obligation — to comply with applicable law.

You have the right to access, rectify, erase ("right to be forgotten"), restrict, and object to processing, the right to data portability, and the right to withdraw consent. You also have the right to lodge a complaint with your local supervisory authority. To exercise these rights — including to request deletion of your account and data — contact us at alborapps@gmail.com. Where we transfer data outside your region (for example to the U.S. for AI processing), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses. See also International data transfers.

Brazil (LGPD)

Because Albor operates from Brazil, the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados, Law No. 13.709/2018, "LGPD") may apply to your data. Albor acts as the controller (controlador). We process personal data on legal bases that include performing a contract with you, your consent (for example, for microphone access and health-related data), our legitimate interests, and compliance with legal obligations.

Under the LGPD you may request: confirmation that we process your data; access to it; correction of incomplete or inaccurate data; anonymization, blocking, or deletion of unnecessary or excessive data; portability; deletion of data processed with your consent; information about the entities we share data with; and to withdraw consent. To make a request — including to delete your account and data — contact us at alborapps@gmail.com. You may also petition the Brazilian National Data Protection Authority (ANPD).

16Push-notification & call choices

The App uses local notifications for meal-time reminders, and the Don's "call" feature uses an incoming-call style delivery (Apple's PushKit/CallKit). If you opt in to the call feature, we store a device push token together with your meal-time schedule on our server (Supabase) so our scheduler can ring your device at meal time. The token identifies your device for this delivery only; it stops being used when you turn the feature off, and it is deleted when you delete your account.

You control all of this in two ways: within the App's settings (where you set or turn off reminders and the Don's calls) and in your device's iOS Settings under Notifications for CHONK, where you can disable notifications entirely. The call feature respects your device's Focus and Do Not Disturb settings. Turning off notifications or calls does not delete your data or change your subscription.

17International data transfers

We operate from Brazil, and our service providers (including Apple, OpenAI, and ElevenLabs) may process information in the United States and other countries. This means your information may be transferred to and processed in countries whose data-protection laws may differ from those of your country. Where required, we use appropriate safeguards for such transfers — for example, the European Commission's Standard Contractual Clauses for EU/UK data, and the international-transfer bases permitted under the LGPD for data subject to Brazilian law. See the GDPR & LGPD section.

18Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will change the "Last updated" date above and, for material changes, provide a more prominent notice (such as in-app notice) where appropriate. Your continued use of the App after an update means you accept the revised policy.

19App Store data-disclosure summary

The table below summarizes the data types the App handles and why, to align with Apple's App Privacy disclosures. It is a summary; the sections above control.

Data typeExamplesPurposeLinked to you?
Health & fitnessWeight, goal weight, height, activity level, diet preference, "weak spot," meal logs, calories/macros, scoresApp functionality; personalizationYes (account/local)
Audio / voiceMicrophone input converted to text (raw audio not stored by us)App functionality (speech-to-text)Not stored as audio
User contentMeal descriptions, generated roast text, shareable receipt cardsApp functionality; AI processingYes
PhotosOptional meal photos (processed transiently for AI food identification; not stored in our database)App functionality (photo logging)Not stored
Contact infoEmail (if you contact support or create an account)Support; account; communicationsYes
PurchasesSubscription / entitlement status (no card data)Unlock paid featuresYes
LocationCoarse/precise location, only when you ask for nearby food (processed on device, not stored)App functionality (nearby suggestions)No
Usage dataFeature usage, funnels, retention eventsAnalytics; product improvementAggregate where possible
DiagnosticsCrash logs, error reports, app version, device/OSApp stability; troubleshootingNo
IdentifiersAccount identifier for cloud syncAccount syncYes

We do not use your data for third-party advertising or tracking, and we do not sell personal information.

20Contact us

If you have questions about this Privacy Policy or want to exercise your rights, contact us:

  • Albor Apps — trade name of Bruno Osório Gonçalves, individual microentrepreneur (MEI), CNPJ 66.709.390/0001-81, Brazil
  • Email: alborapps@gmail.com

CHONK provides estimates and entertainment and is not medical advice. If you are struggling with food or your body, support is available — in the U.S., call or text 988 (Suicide & Crisis Lifeline). The pig roasts the food, never the person.