Back to Home

Privacy Policy

Last updated: 1 April 2026

1. Who We Are

IngredScan is operated from London, United Kingdom. If you have any questions about this privacy policy or how we handle your data, you can contact us at support@ingredscan.com.

2. What Data We Collect

We collect the following data when you use IngredScan:

  • Email address — when you create an account
  • Scan history — products you have scanned
  • Market preference — your selected country/region
  • Device information — browser type, operating system
  • Usage data — feature usage patterns, scan counts

We do not collect:

  • Payment card details (handled entirely by Stripe)
  • Precise location data
  • Contacts or address books
  • Photos or camera data (camera is used locally for scanning only)
  • Data from children under 13

3. How We Use Your Data

  • To process and display your product scans
  • To manage your account and subscription
  • To improve our product database and scoring accuracy
  • To send important service updates (not marketing, unless you opt in)

We never sell your data or share it with advertisers. Your scan data is never used for targeted advertising.

4. Legal Basis (GDPR)

We process your data under the following legal bases:

  • Contract — to provide the IngredScan service you signed up for
  • Legitimate interest — to improve our product and fix bugs
  • Consent — for optional communications like newsletters

5. Data Storage & Security

  • Supabase — our primary database, hosted in the EU
  • Stripe — handles all payment processing and is PCI DSS compliant. We never see or store your card details.

All data is transmitted over HTTPS. We use industry-standard security practices to protect your information.

6. Your Rights

Under GDPR and UK data protection law, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your data in a portable format
  • Object to processing based on legitimate interest
  • Withdraw consent at any time

To exercise any of these rights, email us at support@ingredscan.com or use Settings > Delete Account within the app to delete your account and all associated data.

7. Cookies

We use a minimal number of cookies, none of which are used for advertising:

  • sb-auth-token — essential session cookie for authentication
  • ingredscan_market — stores your preferred market/region
  • ingredscan_scans — functional cookie for scan count tracking

We do not use advertising cookies, Google Analytics, Facebook Pixel, or any third-party tracking cookies. See our Cookie Policy for full details.

8. Third-Party Services

We use the following third-party services:

  • Supabase — database and authentication (EU hosted)
  • Stripe — payment processing (PCI DSS compliant)
  • Vercel — application hosting and deployment
  • Open Food Facts — open-source product data
  • ipapi.co — IP-based country detection for market defaults

Each of these services has their own privacy policy. We only share the minimum data necessary for each service to function.

9. Children's Privacy

IngredScan is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at support@ingredscan.com and we will delete it promptly.

10. Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you via email or through the app. Continued use of IngredScan after changes constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or requests, contact us at support@ingredscan.com.