Privacy Policy

Last updated: April 2026

This Privacy Policy describes how NastyTasty ("we", "our", "us") collects, uses, and protects your personal data when you use the NastyTasty mobile application (the "App"). By using the App you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the following categories of data:

• Account data: email address, display name, and — for social sign-in — an authentication identifier from Google or Apple. No password is stored on our servers for social accounts.
• Usage data: products you scan, photos you save with a scan, ingredient lists, scan history, saved products, feedback you submit, and preferences (allergens, language, theme).
• Device data: device model, OS version, app version, language, anonymised device identifier, and push-notification token (FCM) so that we can deliver alerts.
• Diagnostic data: crash reports and anonymised analytics events (screen views, button taps) that help us improve stability and UX.
• Purchase data: subscription state managed through our payments provider (RevenueCat). We do NOT receive or store your card details.

2. How We Use Your Data

• To provide the core functionality of the App (scanning, analysing ingredients, saving products, showing your personal history).
• To manage your account, authenticate you, and send transactional notifications.
• To highlight ingredients you have flagged as personal allergens.
• To improve the App through anonymised analytics and crash reporting.
• To prevent abuse, enforce our Terms of Service, and comply with legal obligations.

3. Third-Party Services

We rely on trusted third parties to run the App. Each of them processes data only for the purposes described in their own privacy policy:

• Firebase (Google) — authentication, push notifications (FCM), analytics, crash reporting.
• Google Cloud Vision — optical character recognition on scanned product labels.
• Google Gemini — AI-powered analysis of ingredient lists.
• RevenueCat — subscription management and receipt validation.
• Cloud hosting provider — application hosting on Google Cloud Run.

4. Legal Basis for Processing (EEA / UK)

If you are located in the European Economic Area or the United Kingdom, our lawful bases for processing are: performance of a contract (to provide the App), your consent (for optional analytics and marketing notifications), and our legitimate interests (product improvement, security).

5. Data Retention

We keep your personal data for as long as your account exists. When you delete your account, we erase your account record and all personally identifiable data associated with it within 30 days. Aggregated, anonymised data (e.g. ingredient statistics shared across all users) may be retained indefinitely as it no longer identifies you.

6. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete information via the profile screen.
• Delete your account and personal data at any time from Settings → Delete Account.
• Withdraw consent for optional data processing (analytics, notifications) in your device settings.
• Export a copy of your data by contacting us at support@nastytasty.app.
• Lodge a complaint with your local data-protection authority.

7. Data Security

All traffic between the App and our servers is encrypted using TLS. Authentication tokens are stored in secure device storage (Keychain on iOS, Keystore on Android). We apply access controls and audit logging on our servers and follow industry best practices. No system is 100% secure — please keep your device and account credentials safe.

8. Children's Privacy

The App is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. International Transfers

Your data may be processed in countries other than your own, including the European Union and the United States, where our service providers operate. We rely on appropriate safeguards (Standard Contractual Clauses or adequacy decisions) for such transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect the latest change. If the changes are material, we will notify you in-app or via email.

11. Contact Us

If you have questions or requests regarding this Privacy Policy, please reach out: support@nastytasty.app.