Privacy Policy

1. Information we collect

We collect the following information when you use ScanThat:

• Account data: name, email address, and profile photo (if you sign up with Google).
• Nutritional profile: dietary preferences, allergies, and goals that you configure voluntarily.
• Product images: the photos you take to scan products. These images are processed for analysis but are not permanently stored on our servers.
• Scan history: the results of your nutritional analyses, including product name, score, nutrients, and ingredients.
• Usage data: number of daily scans to track plan limits.
• Payment data: processed by Lemon Squeezy. We do not store credit card numbers or financial data on our servers.

2. How we use your information

• Provide and improve the nutritional analysis service.
• Personalize results based on your dietary profile.
• Manage your account and subscription.
• Send service-related communications (plan changes, important updates).
• Analyze usage trends in aggregate and anonymized form to improve the product.

3. Image processing

The photos you take are sent to our servers solely to be processed by Claude (Anthropic) for nutritional analysis. Images are processed in real time and are not permanently stored. We do not use your images to train artificial intelligence models.

4. Third-party data sharing

We share data with the following third parties solely for the operation of the service:

• Anthropic (Claude): receives product images for analysis. Subject to Anthropic's privacy policy.
• Supabase: stores account data, profile, and history. Cloud servers with encryption.
• Lemon Squeezy: processes Pro plan payments. We do not share nutritional data with them.
• Open Food Facts / USDA: we query these public databases using barcodes or product names. We do not send personal data to these services.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

5. Data security

We use industry-standard security measures to protect your information, including encryption in transit (HTTPS/TLS), secure authentication, and Row Level Security in the database to isolate each user's data. However, no system is 100% secure and we cannot guarantee absolute security.

6. Data retention

We retain your data as long as your account is active. If you delete your account, we will delete your personal data, profile, and scan history within 30 days. We may retain anonymized and aggregated data for analytical purposes.

7. Your rights

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your account and associated data.
• Export your data in a readable format.
• Withdraw your consent at any time.

To exercise these rights, contact us at hola@vellarin.ai.

8. Cookies and local storage

We use essential cookies for authentication and service operation. We do not use tracking or advertising cookies. User sessions are managed through secure Supabase Auth cookies.

9. Minors

ScanThat is not intended for children under 13 years of age. We do not intentionally collect information from children under 13. If we discover that we have collected data from a minor, we will delete it immediately. The profile feature for "child" or "baby" is designed for an adult to set up in order to analyze products for their children.

10. Changes to this policy

We may update this policy periodically. We will notify you of significant changes by email or through a notice in the app. We recommend reviewing this page periodically.

11. Contact

If you have questions about this privacy policy, contact us at hola@vellarin.ai.