Privacy Policy — LactoSafe

Last updated: October 30, 2025

This policy explains what information LactoSafe processes and why, including how to contact us, your choices, and your rights. It applies to our mobile apps and this website.

Who we are & contact

LactoSafe helps users read food labels. Contact: contact@lactosafe.com.

If you are in the EEA/UK, LactoSafe is the “data controller” for your personal data processed by the app.

What the app does

LactoSafe uses your device camera to read label text on-device and highlight lactose-related terms. By default, camera images are processed locally on your device and are not uploaded to our servers.

Information we process

Device access & local data

• Camera (required for scanning): frames are processed on-device for text recognition. We do not upload camera frames by default.
• Local app data (e.g., scan history, preferences such as language, analytics opt-out, subscription status cache). Stays on your device unless you export/delete it.

Data sent off device (minimal)

• Purchase & subscription data: when you buy or restore, we receive purchase tokens/receipts from the app stores to activate and maintain your entitlement (e.g., monthly, annual, lifetime).
• Analytics (aggregate, non-PII): event counters such as app opens, scans, paywall views, purchase funnel steps. You can disable analytics in Settings → Privacy.
• Diagnostics: anonymized crash/error signals if enabled by your device/OS settings.
• Network requests: for subscription verification, remote feature flags, and optional promo content (domain-only logging; full URLs aren’t stored).

Why we process this information

• Provide the app: scanning, showing results, maintaining subscriptions/entitlements, and restoring purchases.
• Improve reliability: aggregate analytics and diagnostics.
• Security & fraud prevention: verify receipts and detect abuse.
• Compliance: tax/audit records of transactions via the app stores.

Legal bases (EEA/UK)

• Performance of a contract: purchases, entitlements, restore.
• Legitimate interests: basic, privacy-respecting analytics and app reliability (you may opt out).
• Consent: where required by local law (we’ll ask when needed).
• Legal obligation: keeping transaction records for tax/audit.

Third-party processors / disclosures

We share data only with service providers needed to run the app:

• Google Play Billing (Android): processes payments and provides purchase tokens for verification.
• Apple App Store / StoreKit (iOS): processes payments and provides receipts for verification.
• Hosting/analytics vendors (if used): receive only the minimum necessary aggregate or pseudonymous data.

We do not sell personal data.

Retention

• On-device data remains until you delete it (e.g., clear app data or uninstall).
• Purchase/receipt records are retained as required by the app stores and applicable law (tax, audit, fraud prevention).
• Analytics are stored in aggregate form for trend analysis and then deleted or anonymized.

Your choices

• Analytics opt-out: toggle in Settings → Privacy.
• Exports & deletion (on device): export or clear your scan history in Settings; uninstall removes local data.
• Marketing: we do not send in-app marketing push notifications.

Your rights

EEA/UK: You may request access, correction, deletion, restriction, or portability of your personal data, and object to processing based on legitimate interests. Contact contact@lactosafe.com.

California (CPRA): You may request to know/access, correct, or delete personal information, and to opt out of sale/share (we do not sell). Authorized agent requests are honored as required. Contact us to exercise these rights.

Security

We use reasonable technical and organizational measures (e.g., transport encryption, access controls, least-privilege) to protect data. No method of transmission or storage is 100% secure.

Children

The app is not directed to children under 13 (or the equivalent age as defined by local law). We do not knowingly collect personal data from children.

International transfers

We may process data on servers or with vendors outside your country. Where required, we use appropriate safeguards (e.g., standard contractual clauses).

Changes to this policy

We may update this policy to reflect changes to the app or legal requirements. We will update the “Last updated” date above and, where appropriate, provide in-app notice.

Contact

Questions or requests: contact@lactosafe.com