Authentication & Security

Authentication Flow

Landing Screen: Entry point for new users
OAuth Selection: Choose Google or Apple Sign-In
Account Creation: Automatic account setup
Onboarding: Collect health profile data
Data Sync: Upload onboarding data to Supabase
Main App: Access to full features

Authentication Methods

CalorieBeat supports multiple secure authentication options:

One-tap authentication with your Google account
Seamless OAuth integration
Automatic profile information sync
Cross-platform support

Native authentication for iOS users
Privacy-focused with Apple ID
Hide My Email support
Secure token management

Magic Link

Email-based passwordless authentication
No password to remember
Secure one-time login links
Ideal for quick access

Account Recovery

Easy account restoration process
Email verification
Secure data recovery
Multiple recovery options

Security Features

Secure Token Storage

Encrypted token management
Secure storage using platform keychain
Automatic token refresh
Session timeout handling

Row-Level Security (RLS)

Supabase RLS policies enforce data access
Users can only access their own data
Admin roles with elevated permissions
Audit logging for sensitive operations

Data Encryption

All data encrypted at rest
TLS/SSL encryption in transit
Secure API communication
Protected file uploads

Session Management

Automatic token refresh on expiry
Secure session persistence
Multi-device session handling
Remote logout capability

Account Deletion

Complete data removal option
GDPR-compliant deletion process
30-day grace period
Irreversible after confirmation

Privacy & Compliance

Data Protection

GDPR compliant
CCPA compliant
Privacy-by-design architecture
Transparent data handling

User Control

Full control over personal data
Export data functionality
Delete account option
Privacy settings customization

Third-Party Integrations

Minimal third-party data sharing
Explicit consent for integrations
Transparent privacy policies
Secure OAuth flows

📱 Screens & Navigation 💾 Data Management