Privacy Policy

Effective Date: December 6, 2024

Last Updated: December 6, 2024

Welcome to Ingredly ("we," "our," or "us"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information. This Privacy Policy explains our data practices for the Ingredly mobile application (the "App").

Quick Summary: We prioritize your privacy. We only collect essential information needed to provide our food scanning and nutrition analysis services. We never sell your personal data to third parties, and you maintain full control over your information.

1. Information We Collect

1.1 Information You Provide Directly

Account Information: When you create an account, we collect your name, email address, and password (encrypted).
Profile Information: Dietary preferences (e.g., Vegan, Keto, Gluten-Free), allergen information, health goals, age, gender, height, weight, and activity level.
Nutrition Goals: Your personalized calorie and macro targets based on your profile.
Social Sign-In: If you sign in via Google or Apple, we receive your name, email address, and profile picture from these providers.

1.2 Information Collected Automatically

Scan Data: Images of food labels and products you scan (processed for ingredient and nutrition analysis).
Meal Tracking: Food items you log, meal history, and nutrition summaries.
Usage Data: App features you use, scan frequency, and in-app interactions.
Device Information: Device type, operating system version, unique device identifiers, mobile network information.
Log Data: IP address, app crashes, performance data, and diagnostic information.

1.3 Camera and Photo Library Access

Camera: We access your camera to scan food labels and ingredients in real-time.
Photo Library: We access your photo library (only when you grant permission) to analyze food images you select.
Important: Images are processed immediately and are not permanently stored on our servers unless you save them as part of your meal history.

2. How We Use Your Information

We use the information we collect to:

Provide Core Services: Scan and analyze food labels, identify ingredients, detect allergens, and calculate nutrition scores.
Personalization: Provide tailored dietary recommendations based on your preferences and goals.
Meal Tracking: Help you track your nutrition intake over time and monitor progress toward your goals.
Product Recommendations: Suggest healthier alternatives to scanned products.
Account Management: Create and maintain your account, authenticate your identity, and provide customer support.
Service Improvement: Analyze usage patterns to improve our AI models, expand our ingredient database, and enhance user experience.
Communications: Send you important updates about our service, respond to your inquiries, and provide customer support.
Security: Detect and prevent fraud, abuse, and security incidents.
Subscription Management: Process payments, manage subscriptions, and provide access to premium features.
Legal Compliance: Comply with legal obligations and enforce our Terms of Service.

3. Data Sharing and Disclosure

We do NOT sell your personal data to third parties. We may share your information only in the following limited circumstances:

3.1 Service Providers

We work with trusted third-party service providers who assist us in operating our App:

Cloud Infrastructure: MongoDB Atlas (database hosting), Railway (backend hosting)
AI and Image Processing: OpenAI (GPT-4 Vision for food label analysis), Google Cloud Vision API
Payment Processing: Stripe (subscription payments)
Authentication: Google Sign-In, Apple Sign In
Email Services: SendGrid (transactional emails)

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

3.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

Comply with legal obligations
Protect our rights, property, or safety
Prevent fraud or security threats
Respond to lawful requests from public authorities

3.3 Business Transfers

If Ingredly is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice in the App before your data is transferred and becomes subject to a different privacy policy.

4. Data Security

We implement industry-standard security measures to protect your personal information:

Encryption: All data transmitted between the App and our servers is encrypted using HTTPS/TLS.
Password Security: User passwords are hashed using bcrypt before storage.
Token-Based Authentication: We use JWT (JSON Web Tokens) with refresh tokens stored securely.
Secure Storage: Sensitive data on your device is stored using iOS Keychain / Android Keystore.
Access Controls: Access to user data is restricted to authorized personnel only.
Security Reviews: We regularly review and update our security practices.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy:

Active Accounts: We retain your data while your account is active.
Deleted Accounts: When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are legally required to retain it.
Scan Images: Images are processed in real-time and deleted immediately after analysis unless you save them to your meal history.
Meal History: Retained until you delete individual entries or your entire account.
Legal Retention: Some data may be retained longer if required by law or for legitimate business purposes (e.g., fraud prevention, legal disputes).

6. Your Rights and Choices

You have the following rights regarding your personal information:

6.1 Access and Portability

Request a copy of your personal data in a portable format
Access your account information, meal history, and preferences through the App

6.2 Correction

Update your profile, dietary preferences, and goals directly in the App
Request correction of inaccurate or incomplete data

6.3 Deletion

Delete your account and associated data at any time through App Settings > Account > Delete Account
Delete individual meal entries or scan history
Request complete data deletion by contacting us at info@ingredlyapp.com

6.4 Opt-Out

Marketing Emails: Unsubscribe from promotional emails via the link in each email
Push Notifications: Disable in your device settings or in-app notification preferences

6.5 Subscription Management

Manage or cancel your subscription through your Apple App Store or Google Play Store account settings

7. Children's Privacy

Ingredly is not intended for children under 13 years of age (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If we discover that we have collected data from a child under 13, we will delete it immediately. If you believe we have collected information from a child, please contact us at info@ingredlyapp.com.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request details about the personal information we collect, use, and share
Right to Delete: Request deletion of your personal information
Right to Opt-Out: We do not sell personal information
Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at info@ingredlyapp.com.

10. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

Right to access your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent
Right to lodge a complaint with a supervisory authority

11. Third-Party Links and Services

The App may contain links to third-party websites, products, or services (e.g., product retailer websites). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

Posting the updated policy in the App with a new "Last Updated" date
Sending you an email notification (for significant changes)
Displaying an in-app notification

Your continued use of the App after changes become effective constitutes your acceptance of the revised Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: info@ingredlyapp.com
Developer Contact: shahzi113awan@gmail.com
App Name: Ingredly
Response Time: We aim to respond within 48 hours