FoodReveal LogoFoodReveal

Privacy Policy - Mobile App

Published: 30-01-2025

FoodReveal (“we”, “us”, “our”) takes the protection of users' personal data very seriously and is committed to handling it with the utmost care and in compliance with applicable regulations, in particular the General Data Protection Regulation (GDPR). This Privacy Policy aims to clarify how we collect, use, and protect users' personal data on our website and app.

1. Who is the Data Controller?

The Data Controller is FoodReveal, the developer of the FoodReveal app. For any information regarding this Privacy Policy, you can contact us via our official email address: [Luminatens@mail.com]. The Data Protection Officer (DPO) is the data controller and can be contacted at the same email address.

2. What Data is Collected and How?

We limit data collection to what is strictly necessary and collect the following personal data from users:

  • Contact data: Name, email.

  • Navigation data: IP address, geolocation data (approximate location derived from IP), information about the device used to access the website/app, and network connection status. Specifically, we collect the following device information: device model, operating system, and unique device identifiers. This data is collected via Google Analytics. To ensure the proper functioning of the app and to provide essential features, we also check the status of your network connection using the ACCESS_NETWORK_STATE permission.

  • Behavioral data (collected only with explicit consent): Interactions with the website/app, such as clicks, time spent on pages, taps, and other interactions. This data is collected via Microsoft Clarity.

  • Account data: Email and password (hashed and salted) for account management. This data is collected via Firebase Authentication.

  • Crash reporting data (collected automatically for legitimate interest via Firebase Crashlytics to monitor app stability):

    • Crash traces
    • Device state at the time of the crash
    • Stack trace
    • Device model/operating system version
    • Installation UUID

  • Security data: To ensure account security and prevent abuse, we use the following types of data, mainly collected automatically by the Firebase SDKs we use:

    • Device identifiers: These include device metadata such as operating system version, name, model, brand, and device type, as well as a Firebase Installation ID (FID) unique per app-installation. This data is automatically collected by the Firebase SDKs to provide, maintain, and improve Firebase services, and for security purposes such as device verification during authentication and prevention of abusive activities. Please note that the Firebase Installation ID (FID) does not uniquely identify a user or a physical device.
    • Network connection type: The type of network connection (e.g., Wi-Fi, cellular) is automatically collected by the Firebase Sessions SDK, transitively included in the Firebase libraries, to provide application performance and stability metrics and for security purposes.
    • Device blacklist status: To prevent fraudulent account creation and service abuse, our backend (Cloud Functions and Firebase infrastructure) maintains a "blacklist status" of devices. This status is not collected by the app on the user's device but is determined server-side by analyzing device and account activity information to identify potential abusive behavior. If a device is identified as abusive, it may be blacklisted to protect our service and other users.

  • Subscription data: Information related to subscription status, including subscription plan, start date, end date, and transaction details. This data is collected to manage subscriptions and provide access to premium features.

  • Images:

    • Images of nutrition labels (scanned): When you use the scanning feature, the app uses the CAMERA permission to use your device's camera. This permission is used to capture images of nutrition labels in order to extract and analyze nutritional data. These images are processed for analysis and are subsequently saved in digital form in the app's history, within the user's Firebase Realtime database, to allow later viewing on the "History" page. Images of nutrition labels are also uploaded to Firebase Storage for efficient storage and to be retrieved when the user views the scan history. Although the images are stored, they are not shared externally outside of the Firebase services necessary for the app's operation and to provide the user with the history functionality.
    • Profile images (uploaded by the user): If you choose to upload a photo from your gallery for your profile picture, we access your media image library (READ_MEDIA_IMAGES permission). Profile images uploaded by users are stored in Firebase Storage to be used to personalize the user account and displayed on the profile page.

  • Images of nutrition labels and profile pictures are stored in Firebase Storage to enable features within the app, such as viewing scan history and profile customization.

Anonymization and Pseudonymization: We are committed to protecting your privacy through data anonymization and pseudonymization. For research and development purposes, we use irreversible anonymization techniques, including hashing and aggregation thresholds, particularly for food scan data. This ensures that anonymized data cannot be re-identified, in line with Recital 26 of the GDPR, which clarifies that anonymization renders data unrelated to an identifiable person, thus falling outside the scope of the GDPR.

Specifically, for research and development, we collect anonymized food scan data (category, base score, score, diet type, nutritional values, and consumptions), which are anonymized and aggregated and do not include personal identifiers or images of nutrition labels.

  • Aggregation Thresholds: For aggregated statistics, we ensure that data is sufficiently aggregated to prevent individual user identification. Reports are generated based on group data, making it impossible to single out an individual user's data.
  • Data Minimization: We collect only the minimum data necessary for each specific purpose, reducing the risk of accidental identification and enhancing overall privacy.

These measures are designed to minimize privacy risks and ensure that data used for service improvement and research cannot be linked back to individual users, thereby upholding user privacy and complying with GDPR principles.

This data is collected through:

  • Registration forms filled out by users.
  • Analytics tools (Google Analytics and Microsoft Clarity) to improve user experience and optimize our services (collected only with explicit consent).
  • Crash reporting tools (Firebase Crashlytics), but only if the user explicitly gives consent in the app settings.
  • Tracking technologies such as device identifiers and session tokens.
  • Security mechanisms to prevent fraud and abuse.
  • Device permissions, specifically CAMERA, INTERNET, ACCESS_NETWORK_STATE, and READ_MEDIA_IMAGES permissions to enable core app functionalities.
  • Third parties when we provide integrated services that require such information (e.g., Firebase Authentication).

2.1. Use of Tracking Technologies (Device Identifiers and Session Tokens)

Our mobile app does not use cookies in the traditional browser sense. However, we use device identifiers (unique IDs assigned to your device) and session tokens to enhance user experience, ensure security, and prevent abuse. These technologies perform functions similar to cookies in web browsers, allowing us to maintain user sessions and recognize devices for security purposes.

3. What is the Legal Basis for Collection?

The collection of personal data is based on the following legal bases:

  • User consent: Explicitly requested for certain processing activities, such as data analysis to improve user experience, non-essential crash reporting, and research and development. For Clarity, Analytics, Crashlytics, and Research and Development, consent is obtained when you agree to tracking in the app settings.
  • Performance of a contract: When data is necessary for the provision of services requested by the user (e.g., account creation and management, image processing for nutritional analysis). The use of CAMERA and READ_MEDIA_IMAGES permissions is essential to provide the food scanning functionality, a core feature of our service.
  • Legitimate interest of the Data Controller: To improve our services and user experience and to ensure the security and integrity of our app. We analyze anonymously how users interact with the app (via Google Analytics and Microsoft Clarity) to understand which features are most useful and how we can make the app even more intuitive and performant. We believe that this processing is proportionate and necessary to improve our services and user experience, as the data is aggregated and anonymized to minimize the impact on privacy and helps us improve the app for all users.
  • Crash reporting (Crashlytics):
    • Legal basis: User consent.
    • Disabled by default until explicit user consent.
    • Users can enable/disable this option in the Profile Settings at any time.
  • Research and Development:
    • Legal basis: User consent.
    • Optional and disabled by default until explicit user consent.
    • Users can enable/disable and withdraw consent at any time in the Profile Settings.
  • Fraud Prevention and Security: The legal basis for processing security data, including device fingerprints and network identifiers, and device blacklist status, is the legitimate interest of the Data Controller in preventing fraud, abuse, and ensuring the security and integrity of the service and user accounts. This processing is considered proportionate and necessary to protect our service and users, and we implement measures such as hash identifiers and data minimization to reduce the impact on privacy. We have conducted a balancing test to ensure that our legitimate interest in fraud prevention does not disproportionately affect users' privacy rights. We believe that the security measures implemented are proportionate and necessary to protect the service and its users.

Specific examples:

  • Account creation and management: The legal basis is the performance of the contract.
  • Analysis of user behavior with Google Analytics and Microsoft Clarity: The legal basis is the legitimate interest of the Data Controller to improve the app and user experience, based on User Consent. We have carried out a balancing test and believe that this processing is proportionate, as the data is aggregated and anonymized to minimize the impact on privacy and helps us improve the app for all users.
  • Processing of data for security purposes: The legal basis is the legitimate interest of the Data Controller to ensure the security of the app and prevent fraud. We have carried out a balancing test and believe that this processing is proportionate and necessary to protect our service and users, and we implement measures such as hash identifiers and data minimization to reduce the impact on privacy.
  • Crashlytics data collection: The legal basis for crash reporting is User Consent, as this feature is disabled by default and requires explicit user consent.
  • Security data for fraud prevention: The legal basis is the legitimate interest in protecting our service from abuse and unauthorized account creation and maintaining the integrity of the service.
  • Camera Access and Image Upload: The legal basis for accessing the camera and photo library via the CAMERA and READ_MEDIA_IMAGES permissions is the performance of the contract, as these permissions are necessary to provide the core food scanning service requested by the user.
  • Network State Access: The legal basis for ACCESS_NETWORK_STATE is legitimate interest, as checking network status is essential to ensure the app functions correctly and can connect to necessary services. We have balanced this interest with user privacy and believe it is proportionate as network status data is minimal and essential for the core functionality of the app.
  • Data collection for Research and Development: The legal basis for collecting data for research and development is User Consent, as this feature is optional, disabled by default and requires explicit user consent.

4. For What Specific Purposes is the Data Collected?

The collected data is used for the following purposes:

  • To provide and manage the services requested by the user (e.g., account creation, access to app features, food scanning and analysis).
  • To improve the user experience on the website/app.
  • To analyze user behavior (via Google Analytics and Microsoft Clarity) in order to optimize our services and understand how users interact with the app.
  • To respond to requests for support or information.
  • To monitor and ensure the security of our systems.
  • To collect anonymous statistics for internal purposes.
  • Crash reporting: When you consent, we collect crash reports to help us diagnose and resolve app stability issues (using Firebase Crashlytics).
  • Research and Development: When you consent, we collect anonymized food scan data (nutritional values, category, score, and diet type) to improve our services, refine the nutritional scoring algorithm, and for internal statistical analysis to understand user preferences and trends in food scanning and nutritional analysis.
  • Use of the CAMERA Permission: The FoodReveal app requires the CAMERA permission to use the device's camera. This permission is used exclusively for the functionality of scanning nutrition labels. When the user uses the scanning feature, the camera captures images of nutrition labels to extract and analyze nutritional data. The images captured by the camera are processed for nutritional data analysis and are not stored or shared outside of the analysis process. FoodReveal is committed to ensuring the privacy and security of the data acquired through the camera and will use this data solely to provide the app's features.
  • Enable core app functionalities: The use of CAMERA, INTERNET, ACCESS_NETWORK_STATE, and READ_MEDIA_IMAGES permissions is essential for features such as scanning food labels, uploading images, online data processing, and ensuring the app works under various network conditions.
  • Implement device blacklisting to prevent fraudulent account creation and service abuse.
  • Prevent multiple account creation and fraudulent registrations
  • Monitor and block abusive devices
  • Maintain the security and integrity of the service

5. From What Categories of Sources Do You Collect Personal Information?

Personal information is collected:

  • Directly from users through the website/app (e.g., registration forms).
  • Automatically through analytics tools (Google Analytics and Microsoft Clarity) and tracking technologies (e.g., device identifiers).
  • Through crash reporting tools (Firebase Crashlytics) if you have provided explicit consent.
  • Through security measures implemented to prevent fraud and abuse.
  • From device permissions, specifically data accessible through CAMERA, INTERNET, ACCESS_NETWORK_STATE, and READ_MEDIA_IMAGES permissions.
  • Third parties when we provide integrated services that require such information (e.g., Firebase Authentication).

6. Which Third Parties Will Have Access to the Information?

We share personal data with the following third parties:

  • Google Firebase: Used for hosting, authentication (Firebase Authentication), analytics (Google Analytics), crash reporting (Firebase Crashlytics), database functionalities (Realtime Database and Firestore), storage (Firebase Storage). Firebase is also used to store aggregated and anonymized statistics.

    • Google Analytics: We use Google Analytics to analyze user behavior and improve our app. Google Analytics retains data according to the configured settings, which we have set to the following retention periods:

  • Microsoft Clarity: Used for behavioral analysis.

    • Microsoft Clarity: We use Microsoft Clarity to understand how users interact with our app through session recordings and heatmaps. Microsoft Clarity retains data according to the following schedule:

  • Google Play Billing: For payment processing and subscription management. When you subscribe to premium features, transaction data is processed by Google Play Billing. We do not directly collect or store your payment information (e.g., credit card details).

  • Data Processing Agreements (DPAs): We ensure that all third-party processors, including Google and Microsoft, are contractually bound by Data Processing Agreements (DPAs) compliant with the GDPR. These DPAs ensure that data processing is carried out in accordance with GDPR requirements, providing adequate safeguards for your personal data.

Special Note on Crashlytics:

  • Crash reporting remains disabled until explicit user consent.
  • No crash data leaves the device before consent is given.
  • Consent can be revoked at any time via the app settings. Special Note on Research and Development:
  • Data collection for research and development remains disabled until explicit user consent.
  • Only anonymized food scan data is used for research and development if consent is given.
  • No images of nutrition labels are used or stored for research and development purposes.
  • Consent can be enabled/disabled and withdrawn at any time via the app settings.

All third parties with whom we share data are bound by agreements that guarantee their security and compliance with applicable privacy regulations.

7. Do We Transfer Data Abroad and, if so, What Measures Have Been Taken to Ensure Secure and Compliant Transfers?

Personal data collected through our app may be transferred and stored on servers located outside the European Union, particularly in the United States, where Google Firebase and Microsoft Clarity servers are located. This includes data processed by Firebase Crashlytics and security-related data, only if consent is provided for Crashlytics, as well as aggregated and anonymized statistics and anonymized food scan data for research and development purposes, only if consent is provided for Research and Development.

To ensure that such transfers comply with data protection regulations, we adopt the following measures:

  • Standard Contractual Clauses (SCCs): We rely on the Standard Contractual Clauses approved by the European Commission, provided by Google and Microsoft, to ensure that transfers of personal data to the United States are carried out securely and in compliance with the GDPR. These contractual clauses establish specific obligations for Google and Microsoft as data importers, ensuring an adequate level of protection for the transferred personal data.
  • Supplementary Measures: In addition to the SCCs, we have implemented supplementary measures to further protect data during transfer and storage, including:
    • Data Minimization: We collect and transfer only the minimum data necessary for the specific purpose.
    • Anonymization/Pseudonymization: Where possible, data is anonymized or pseudonymized before transfer. Crash reports collected by Crashlytics are by default stripped of direct personal identifiers, such as usernames or email addresses. This means that, without your consent, crash reports do not contain information that directly identifies you. However, if you provide consent for crash analysis, we may collect more detailed reports. These reports, while still not including direct personal identifiers, may contain additional technical data related to the app and device at the time of the crash (such as app state or breadcrumb logs if enabled). This additional data helps us diagnose and resolve issues more effectively, improving app stability for all users. Aggregated statistics and food scan data are designed to be anonymous and non-reidentifiable.
    • Security Audits: We regularly review the security practices of our third-party providers.
  • Technical and Organizational Security Measures: In addition to the SCCs and supplementary measures, we adopt appropriate technical and organizational security measures to protect personal data during transfer and storage, as described in Section 13 of this Privacy Policy.

Google's Standard Contractual Clauses are available for consultation [https://cloud.google.com/security/compliance/eu-scc?hl=en]. Microsoft's Standard Contractual Clauses are available for consultation [https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses].

We are committed to ensuring that transfers of personal data outside the European Union are always carried out in accordance with applicable regulations and with an adequate level of protection.

8. What are the Users' Rights?

Users have the right to:

  • Access their personal data.
  • Rectify or update their personal data.
  • Delete their personal data.
  • Restrict the processing of their personal data.
  • Request data portability.
  • Object to processing for legitimate reasons.
  • Withdraw consent at any time.
  • Lodge a complaint with a supervisory authority.
  • Right to Data Deletion and Anonymization:
    • Data Anonymization: We anonymize personal data to ensure that it can no longer be associated with a specific individual, in accordance with GDPR standards and Recital 26.
    • When you delete your account, your identifiable personal data is immediately removed from our real-time database. However, for technical and security reasons (e.g., to ensure the ability to restore the account in case of error or to prevent abuse), data present in our main storage systems, including data in Firestore and images in Firebase Storage, is retained for a maximum period of 15 days before permanent deletion.
    • With your consent for Research and Development, we only retain anonymized and aggregated statistics, such as food category counts and anonymized food scan data (category, base score, score, diet type, nutritional values, and consumptions), which are no longer considered personal data and are used to improve our services and for internal statistical analysis to understand user preferences and trends in food scanning and nutritional analysis. Anonymized food scan data cannot be linked back to individual users. We do not store images of nutrition labels in anonymized form for research and development purposes.
  • Withdrawal of consent to Crashlytics:
    • Immediately stops all crash reporting.
    • Deletes any pending crash reports from the device.
    • Does not affect previously transmitted reports (managed by Firebase retention policies).
  • Withdrawal of consent for Research and Development:
    • Immediately stops the collection of anonymized food scan data for research and development purposes.
    • Does not affect previously transmitted anonymized food scan data (managed by Firebase retention policies).

To exercise these rights, users can contact us at the email address [Luminatens@mail.com]. We will respond to requests within one month, as required by the GDPR.

Procedure for exercising rights:

To exercise any of the rights listed above, users must send a written request to [Luminatens@mail.com], specifying the right they wish to exercise and providing sufficient information to allow us to identify them and process the request. We may request additional information to verify the user's identity before fulfilling the request. Requests related to security data must include device details (model, approximate registration date of the app) for verification. We may request additional information to verify the user's identity before fulfilling the request.

Optional Nature of Crash Reporting:

  • Crash reporting is entirely optional.
  • Disabling it will not affect the app's functionality.
  • We never condition features on accepting crash reporting.

Optional Nature of Data Collection for Research and Development:

  • Data collection for research and development is entirely optional.
  • Disabling it will not affect the app's functionality.
  • We never condition features on accepting data collection for research and development.

Supervisory Authority:

Users also have the right to lodge a complaint with the Data Protection Authority if they believe that the processing of their personal data violates the GDPR.

9. Data Retention After Account Deletion

When a user deletes their account, their personal data will be retained for a period of 15 days for security and audit reasons. After this period, all identifiable personal data, including the history of scanned foods and images, is permanently deleted.

We only retain anonymized and aggregated statistics, such as food category counts and anonymized food scan data (category, base score, score, diet type, nutritional values, and consumptions), which are no longer considered personal data and are used to improve our services and for internal statistical analysis to understand user preferences and trends in food scanning and nutritional analysis. Images of nutrition labels are not retained in anonymized form and are deleted.

Data retention for other purposes:

  • Data collected for analytics and service improvement: This data is managed automatically by Firebase Analytics and Microsoft Clarity. We do not have direct control over the retention period of this data. However, we have configured the settings to minimize data retention where possible. You can find more information on data retention in Firebase Analytics here: https://support.google.com/analytics/answer/7667196?hl=en and in Microsoft Clarity here: https://learn.microsoft.com/en-us/clarity/faq#data-retention-.
  • Crashlytics data:
    • Collected only when consent is active.
    • Stored for 90 days in Firebase systems after collection.
  • Network identifiers: Automatically deleted after 30 days
    • Account-device associations: Maintained while the account is active + 1 year after deletion
  • Backups: We perform a local backup of the data once a month. These backups are deleted after 15 days and do not include Crashlytics data.
  • Subscription data: Subscription data is retained as long as the user maintains an active subscription and for a period of 10 years after the subscription expires or is canceled, for accounting, tax, and compliance purposes.

10. How Will You Notify Users and Visitors of Changes or Updates to the Privacy Policy?

Any changes to this Privacy Policy will be posted on this page. Registered users will be informed of significant changes via email. We recommend that you periodically review this page to stay up-to-date on how we handle data.

11. What is the Effective Date of the Privacy Policy?

This Privacy Policy is effective as of 2025-01-30.

12. No Automated Decision-Making

We do not use automated decision-making processes, including profiling, that produce legal effects concerning users or similarly significantly affect them.

13. Data Security

We adopt technical and organizational measures to protect users' personal data. We use Firebase as a backend, which offers several security measures, including:

  • Data Encryption: Data is encrypted both in transit and at rest.

  • Authentication and Authorization: We use Firebase Authentication to ensure that only authorized users can access data.

  • Monitoring and Auditing: We constantly monitor data access and conduct regular audits to ensure security.

  • Backup and Recovery: We adopt different backup strategies to ensure data resilience and recovery capability in case of accidental loss:

    • Firebase Realtime Database: For the Realtime database, we manually export data in JSON format every 15 days. These JSON backups are stored locally on a secure PC, protected by encryption, restricted access, and physical security measures. These local backups are kept for a maximum of 15 days and then deleted.
    • Firestore: For the Firestore database, we use the Point-in-Time Recovery (PITR) feature. We have enabled point-in-time recovery with a retention period of 7 days. This feature allows restoring the database to its state at any point in time within the last 7 days, offering continuous protection against data loss.
    • General Backup and Recovery: We maintain regular data backups (local JSON exports for Realtime Database and PITR for Firestore) to ensure recovery in case of data loss. Backups are stored in secure and encrypted environments to protect users' personal data.

  • Crashlytics Protections: Crash reports are stripped of personal identifiers unless consent is given for analysis, further protecting user privacy in error reporting. Crash reporting data is only transmitted if explicit user consent is provided.

  • Justification of Permissions: We only request essential permissions (CAMERA, INTERNET, ACCESS_NETWORK_STATE, READ_MEDIA_IMAGES) that are strictly necessary for the core functionalities of the app, as detailed in Sections 3 and 4. We are committed to using these permissions responsibly and solely for the purposes described in this policy.

For more details on Firebase security measures, you can consult the official Firebase documentation.