At NutriScan360, we take your privacy seriously. This policy explains how we collect, use, and protect your personal information.
NutriScan360 is designed with privacy in mind. Most of your data stays on your device. We do not require you to create an account. We do not sell your data. We process the minimum information necessary to provide the service.
This Privacy Policy is published by Travus Tech Inc. ('Company', 'we', 'us', 'our'), based in Atlanta, Georgia, USA, operator of the NutriScan360 mobile application. For privacy-related inquiries, contact us at: [email protected].
a) Data stored locally on your device: allergen preferences, selected language, scan history, and favorite products. When you create an account and log in, this data may be synced to our servers to enable access across multiple devices. b) Data sent to our servers: product barcodes you scan (for food API lookup), AI analysis usage data (to enforce the free daily limit), and technical server performance data. c) Automatically collected data: IP address, device type, operating system, and server usage logs. d) Subscription data: managed by RevenueCat, Apple App Store, or Google Play Store. We receive only basic subscription status information (active/inactive) to enable premium features. We do not store credit card data or banking information.
We use the information collected to: (a) provide and operate the nutritional analysis service; (b) query food APIs (Open Food Facts, Nutritionix, Spoonacular, USDA) for product data; (c) cache product data on our server to improve performance; (d) process and verify premium subscriptions; (e) maintain the security and integrity of the service; (f) analyze aggregated, anonymous usage patterns to improve the app; (g) comply with applicable legal obligations.
We process your data on the following legal bases: (a) Performance of a contract: to provide the services you requested; (b) Legitimate interest: to maintain service security, prevent fraud, and improve the product; (c) Consent: for optional marketing communications; (d) Legal obligation: when required by law or competent authority. Users in the European Union have rights under the General Data Protection Regulation (GDPR). Users in Brazil have rights under the Lei Geral de Proteção de Dados (LGPD - Law No. 13,709/2018).
The free AI analysis limit (3 full analyses/day) is tracked server-side by user account or device identifier to ensure fair use of the service. Barcode scanning itself is unlimited and is not tracked for limiting purposes. Your preferences (allergens, language, history, and favorites) are stored locally on your device. When you create an account and log in, this information may be synced to our servers to enable access across multiple devices. Without an account, your data remains exclusively on your device.
When you scan a barcode, that code is sent to our server, which queries the following data sources: Open Food Facts (openfoodfacts.org), Nutritionix, Spoonacular, and USDA FoodData Central. Product data is then cached in our database for future use. The barcode number is not linked to your identity. Please consult each provider's privacy policy to understand their practices.
Premium subscriptions are processed by RevenueCat (revenuecat.com), Apple App Store, and/or Google Play Store. These processors collect and handle payment data in accordance with their own privacy policies. Travus Tech Inc. does not store credit card numbers, banking data, or other sensitive payment information. RevenueCat shares with us only subscription status and an anonymous user identifier.
We do not sell, rent, trade, or otherwise transfer your personal information to third parties, except in the following circumstances: (a) Service providers: RevenueCat, Apple, Google, and food API vendors, as necessary to operate the service; (b) Legal obligation: when required by law, court order, or competent governmental authority; (c) Rights protection: when necessary to protect the rights, property, or safety of the Company, users, or the public; (d) Business transaction: in the event of a merger, acquisition, or asset sale, with appropriate prior notice.
Server data: barcode query logs are kept for up to 90 days for diagnostic purposes. Cached product data: stored indefinitely to improve performance. Subscription data: retained as required by accounting and legal obligations. Device data: all scan history, favorites, allergen preferences, and language settings are stored locally and can be deleted at any time by uninstalling the app. They cannot be recovered after uninstallation.
We implement appropriate technical and organizational measures to protect your information, including: encrypted transmission (HTTPS/TLS), secure database with restricted access, internal access controls, and security monitoring. However, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security, and you assume the inherent risks of transmitting data over the internet.
NutriScan360 is not directed at children under 13 years of age in the US, or under 16 in the European Union. We do not intentionally collect personal information from children in those age ranges. If you believe we have collected information from a child, please contact us immediately at [email protected] so we can take appropriate action.
Depending on your location, you may have the following rights: Brazil residents (LGPD): confirmation and access to data; correction of incomplete data; anonymization, blocking, or deletion of unnecessary data; data portability; information about sharing; withdrawal of consent; review of automated decisions. California residents (CCPA): right to know, delete, and not be discriminated against. We do not sell personal information. EU/UK residents (GDPR): access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. To exercise any right, contact us at: [email protected]. We will respond within 30 days.
Our application does not respond to browser 'Do Not Track' (DNT) signals, as it is a native mobile application and does not use cross-site tracking technologies. We do not track your behavior across other apps or websites.
Your data may be processed on servers located in the United States. If you access the service from outside the US, including from Brazil, please be aware that your data will be transferred to the US, where data protection laws may differ from those in your country. By using the service, you consent to this transfer. We adopt appropriate contractual safeguards with our service providers to protect your data in compliance with applicable laws.
We may update this Privacy Policy periodically. When we make material changes, we will notify you via an in-app notice, by email, or by other means at least 30 days before the changes take effect. Your continued use of the service after the effective date of changes indicates your acceptance of the updated policy. We recommend you review this policy regularly.
For questions, data access, correction or deletion requests, or to exercise any other privacy right, please contact: Travus Tech Inc. Atlanta, Georgia, USA Email: [email protected] We will respond within 30 business days.
