Privacy Policy.

01 Preamble & scope

The Application enables you to compile and manage a personal grocery list, search a shared catalogue of food products, consult culinary recipes and schedule cooking timers, scan product barcodes, and, at your discretion, share a list with other persons for a limited period of time. This Policy applies to all personal data processed through your use of the Application and describes, in a comprehensive manner, the categories of data concerned, the purposes and legal bases of their processing, the recipients thereof, the applicable retention periods, and the rights afforded to you by law.

02 Identity of the data controller

The controller responsible for the processing of your personal data, within the meaning of Article 4(7) GDPR, is:

Maftei Retegan
Romania
Electronic mail: maftei.retegan@gmail.com

Any request, enquiry, or notification relating to this Policy or to the processing of your personal data may be addressed to the electronic mail address set out above.

03 Principles governing our processing

We process personal data in accordance with the principles enshrined in Article 5 GDPR, namely lawfulness, fairness, and transparency; purpose limitation; data minimisation; accuracy; storage limitation; and integrity and confidentiality. We collect only such data as is strictly necessary for the purposes described herein, and we do not subject you to advertising, behavioural profiling, or automated decision-making producing legal or similarly significant effects.

04 Categories of personal data processed

4.1 Identification and account data

Upon first launch, an anonymous authentication session is established, generating a randomised technical identifier that is not associated with your name, electronic mail address, telephone number, or any other real-world identity. A randomly generated ten-digit account number is created and displayed within the Application’s settings. You are further requested to provide a first name and a surname, together with which the date of account creation is recorded.

4.2 Grocery list data

For each article you add we process: the article title, its category, an associated emoji and colour, the quantity, optional nutritional values (energy, protein, fat, carbohydrates, and sugar), an optional barcode, the date of addition, the checked status, and any free-text annotations you elect to record, with their timestamps.

4.3 Shared list data

Should you create or join a shared list, the following is processed: the identifier of the creator, a share code, the members of the list (each member’s anonymous identifier, account number, and the name provided), the times of creation and expiry, and a copy of the articles contained therein. Shared lists are temporary and expire automatically approximately ten minutes after their creation, unless rendered permanent.

4.4 Camera data

Access to the device camera is requested solely to scan product barcodes. Camera frames are processed locally on your device in real time for the sole purpose of decoding a barcode. No photographs or video recordings are captured, stored, or transmitted. Only the decoded barcode number is subsequently used.

4.5 Catalogue search & recipe browsing

The Application provides a search interface over a shared, non-personal catalogue of food products stored within our database, together with a collection of static culinary recipes embedded within the Application. When you type a search query or open a recipe, the query text or the titles of the recipe’s ingredients are transmitted to our database for the sole purpose of returning matching catalogue entries; such queries are not associated with your identifier, are not retained beyond the duration of the request, and are not used for profiling. Recipes themselves are static content provided by the Application and contain no personal data.

4.6 Notification data

Permission to display local notifications is requested for the exclusive purpose of alerting you upon the expiry of a recipe cooking timer. Such notifications are generated and scheduled entirely upon your device. The Application operates no push-notification server.

4.7 Data stored exclusively upon your device

Your local account record (account number, first name, surname, creation date) and your active recipe cooking timers are retained locally by means of Apple’s SwiftData framework. A small number of preferences (haptic feedback toggle, appearance preference) are stored by means of the standard iOS user defaults mechanism. Such data is erased upon deletion of your account or removal of the Application.

4.8 Diagnostic information

The Application records elementary technical messages within the local device console during operation. Such records remain upon the device and are neither collected nor transmitted to us.

We do not knowingly process location data, contact lists, photographs, health or biometric data, advertising identifiers, browsing history, or device usage analytics. The Application contains no third-party software development kits for the purposes of advertising, attribution, or behavioural analytics.

05 Purposes & legal bases of processing

• (a) To establish and maintain your account, authenticate you on each launch, store and display your grocery list, provide the catalogue-search and recipe functionality, and provide the shared-list functionality. Legal basis: performance of a contract — Article 6(1)(b) GDPR.
• (b) To access the device camera and display local notifications. Legal basis: your consent — Article 6(1)(a) GDPR, revocable at any time.
• (c) To preserve the security and integrity of the service and remove unused or orphaned anonymous accounts. Legal basis: our legitimate interests — Article 6(1)(f) GDPR.

06 Recipients & disclosure

6.1 Google Firebase. We employ Firebase Authentication and Cloud Firestore to provide anonymous authentication and to store your account, grocery list, and shared-list data, acting as our processor pursuant to Article 28 GDPR. See firebase.google.com/support/privacy.

6.2 Open Food Facts. When you scan a barcode, the Application transmits exclusively the numeric barcode to Open Food Facts to retrieve product information, including the product name, brand, category hierarchy, ingredient list, labels, declared quantity, and nutritional information per one hundred grams or millilitres of product. No account information, name, account number, anonymous identifier, or other personal data is included, and no element of your grocery list is transmitted. See world.openfoodfacts.org/privacy.

6.3 Maintenance function. At most once per hour per device, the Application contacts our own backend maintenance function, transmitting solely your current anonymous authentication token so the server may delete unused or orphaned anonymous authentication accounts older than two hours that have never produced a user record. No list content, recipe state, name, or other personal data is transmitted.

We do not sell personal data, and we do not transfer it to any party for advertising purposes.

07 International transfers

Our processors, in particular Google Firebase, may process and store data upon servers situated outside the European Economic Area, including within the United States. Where such transfers occur, they are governed by the appropriate safeguards contemplated by Chapter V GDPR, including standard contractual clauses adopted by the European Commission.

08 Retention periods

Account and grocery list data are retained until you delete your account. Shared lists expire automatically approximately ten minutes after creation unless rendered permanent; expired or orphaned shared lists and unused anonymous accounts are removed automatically. Data stored exclusively upon your device is retained until you delete your account or uninstall the Application. Search queries directed at our catalogue are not retained beyond the duration of the request.

09 Rights of the data subject

Subject to the conditions and limitations provided by the GDPR, you are entitled to: the right of access (Art. 15); rectification (Art. 16); erasure (Art. 17); restriction of processing (Art. 18); data portability (Art. 20); and to object to processing (Art. 21). Where processing is founded upon consent, you may withdraw it at any time.

The principal means of exercising your right to erasure is the “Delete Account” function within the Application’s settings. Upon its invocation, the Application permanently erases your locally stored identity, deletes your user record and personal grocery list from our database, reconciles shared lists where applicable, and deletes the anonymous authentication user associated with your device.

Without prejudice to any other remedy, you have the right to lodge a complaint with a supervisory authority, in particular the National Supervisory Authority for Personal Data Processing of Romania (ANSPDCP).

10 Security of processing

Having regard to the state of the art, we implement appropriate technical and organisational measures commensurate with the risk. Data transmitted between the Application and our processors is conveyed over encrypted HTTPS connections. Access to stored account and list data is restricted by server-side security rules, such that you may access only your own data and those shared lists of which you are a member; the catalogue of food products is read-only for end users. The maintenance function described in Section 6.3 requires a valid authentication token before any action is taken. No method of transmission or storage is entirely impervious to risk, and we cannot warrant absolute security.

11 Privacy of minors

The Application is not directed to children below the age of sixteen years, nor do we knowingly process the personal data of such children. Should you become aware that a minor has provided personal data, please contact us, whereupon such data shall be erased without undue delay.

12 Amendments to this policy

We reserve the right to amend this Policy from time to time. Where we effect material amendments, we shall update the “Last Revised” date appearing above and, where appropriate, present the revised Policy within the Application. Your continued use of the Application following the entry into force of any such amendment constitutes acceptance thereof.

13 Governing law & contact

This Policy is governed by, and shall be construed in accordance with, the laws of Romania and the directly applicable law of the European Union, without regard to conflict-of-law principles.

Maftei Retegan
Romania
Electronic mail: maftei.retegan@gmail.com

— End of Privacy Policy —