Privacy Policy

This Privacy Policy describes how GlutenScan (“we,” “us,” or “our”) collects, uses, and protects your personal data when you use our website, mobile experience, or AI-powered food safety analysis tools (the “Service”). We process your data in accordance with the EU General Data Protection Regulation (GDPR) and other applicable laws.

1. Information We Collect

We collect the following categories of data:

• Account Information: When you sign up or log in, we may collect your name, email address, and unique user ID. If you sign in with Google, we receive this data directly from Google Authentication. We do not receive or store your Google password.
• Submitted Content: When you upload or submit a restaurant menu (image, PDF, or URL), we temporarily store it in our secure Firebase Storage to perform the requested AI analysis.
• Analysis Data: The extracted text and AI-generated analysis results are stored so you can review your history and to improve Service performance.
• Technical Information: We automatically collect limited analytics data, such as browser type, device, IP address, and timestamps, to maintain security and diagnose issues.

2. How We Use Your Information

We use the data we collect for the following purposes:

• To operate, maintain, and improve the Service;
• To authenticate users and manage accounts;
• To process your submissions and generate AI-based menu analyses;
• To enforce usage limits and prevent abuse;
• To communicate with you about Service updates or account-related information;
• To conduct research and enhance model accuracy using anonymized data;
• To comply with legal obligations and ensure platform security.

3. Lawful Basis for Processing

We process your personal data under the following legal bases (Article 6 GDPR):

• Performance of a contract: To provide you with access to the Service and analyze your menus.
• Legitimate interests: To maintain Service integrity, prevent fraud, and improve features.
• Consent: For optional communications or research purposes when explicitly granted.
• Legal obligation: To comply with applicable laws and regulations.

4. Data Sharing & Disclosure

We do not sell or rent your personal information. We share limited data under controlled circumstances:

• Service Providers: We use Google Firebase, Cloud Vision, and Vertex AI to store data, host the app, and perform AI analyses. These providers act as data processors under GDPR and are contractually obligated to handle your data securely and solely for our purposes.
• Legal Requirements: We may disclose data if required by law, subpoena, or valid legal process, or to protect our rights, property, and users.
• Business Transfers: If GlutenScan is involved in a merger or acquisition, data may be transferred to the successor entity under equivalent protection standards.

5. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy:

• Account data is retained until you delete your account or request erasure.
• Uploaded menus and analyses are retained to provide history access, then deleted after 12 months of inactivity.
• Anonymized or aggregated data (which no longer identifies you) may be stored indefinitely for model improvement.

6. Data Security

We use encryption (in transit and at rest), access controls, and secure Google Cloud infrastructure to protect your information. However, no online platform is 100% secure, and you acknowledge that you use the Service at your own risk.

7. Your Rights Under GDPR

As an EU or EEA resident, you have the following rights regarding your personal data:

• Right of access — obtain a copy of the personal data we hold about you;
• Right to rectification — correct inaccurate or incomplete data;
• Right to erasure (“right to be forgotten”) — request deletion of your data;
• Right to data portability — request a machine-readable copy of your data;
• Right to restrict or object to processing — in certain circumstances;
• Right to lodge a complaint — with a supervisory authority (e.g., CNIL in France).

To exercise any of these rights, contact us at privacy@glutenscan.ai. We may need to verify your identity before processing your request.

8. International Data Transfers

Your information may be processed outside your country (e.g., in the EU or the United States) on servers operated by Google Cloud. We ensure such transfers comply with GDPR through Standard Contractual Clauses (SCCs) and equivalent safeguards.

9. Children’s Privacy

Our Service is not directed to children under 16. We do not knowingly collect personal data from minors. If you believe a minor has provided data to us, please contact us immediately, and we will delete it.

10. Updates to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date and post the updated version on this page. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

For questions, data requests, or complaints, please contact our Data Protection Officer (DPO):

Email: privacy@glutenscan.ai
Postal: GlutenScan Privacy Officer
12 Rue de la République, 75001 Paris, France

By using GlutenScan, you acknowledge that you have read, understood, and agreed to this Privacy Policy.