Privacy Policy

KindaOkay is an informational food analysis and decision-support tool. It lets you scan product barcodes or search for products and receive insights about product composition and characteristics.

The Service may display nutritional values (e.g., sugar, fat, salt), ingredient-related flags (e.g., allergens, additives, palm oil), and processing indicators (e.g., ultra-processed food index). It may also calculate an internal informational score based on the goals you select.

Important disclaimer:

• The Service does not provide medical advice, diagnoses, or treatment recommendations.
• Outputs are informational only and may be incomplete or inaccurate due to limitations of third-party data sources.
• You remain responsible for your food choices and decisions.

3.1 Information you provide

• Email address
• Name (as provided by your sign-in provider)
• Goals and preferences (e.g., skin health, digestion, general awareness)

3.2 Barcode scans and history

• Barcodes you scan
• Scan history and timestamps
• Internally calculated informational scores and explanations

3.3 Information collected automatically (limited)

We do not currently use third-party analytics tools (e.g., Google Analytics) for the mobile app. However, standard server and platform logs may collect limited technical data necessary to operate and secure the Service (e.g., IP address in server logs, request metadata, error logs).

3.4 Device permissions

• Camera: used to scan barcodes. We do not store your camera roll or photos because the current MVP does not upload product photos.
• We do not request location, contacts, or microphone access.

3.5 Food data from third-party databases

After you scan a barcode or search for an item, we retrieve publicly available product information from third-party databases. Food data may be cached in our backend to improve performance and availability.

We use collected information to:

• Create and manage your account and sign-in
• Store your goals/preferences and scan history
• Retrieve and display Food Data from public databases
• Compute and display informational scores, positives, negatives, and explanations
• Maintain, secure, debug, and improve the Service

AI-generated notes (coach notes)

The Service may generate short explanatory "coach notes" using AI (e.g., OpenAI) to summarize why certain attributes are highlighted. These notes are informational summaries and may be simplified for clarity.

If you are in the European Economic Area (EEA) or where GDPR applies, we process Personal Data under one or more of the following legal bases:

• Performance of a contract: to provide the Service you request.
• Legitimate interests: to operate, secure, and improve the Service.
• Consent: where required (for example, if we introduce optional marketing).
• Legal obligation: where we must comply with applicable law.

We do not sell your Personal Data. We may share information only as needed to operate the Service:

6.1 Third-party services

We use the following third-party services that may collect information:

We share only the data necessary to provide the relevant functionality. For AI-generated notes, we aim to send de-identified inputs (e.g., product attributes and goal context) and avoid sending direct identifiers.

6.2 Legal compliance and protection

• We may disclose information if required by law or to protect rights, safety, and security.

6.3 Business transfers

• If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as permitted by law.

The Service retrieves Food Data from public databases such as:

• OpenFoodFacts: https://world.openfoodfacts.org/
• USDA: https://www.usda.gov/
• DTU Food: https://www.food.dtu.dk/english/
• Public Health Agency of Canada: https://www.canada.ca/en/public-health.html

Food data is provided by third parties and may be incomplete, incorrect, or outdated. We do not modify Food Data at the source.

We retain Personal Data for as long as your Account is active and as necessary to provide the Service.

• Account data (email/name): retained while your account is active
• Goals/preferences and scan history: retained while your account is active, unless you delete it
• Cached Food Data: retained as needed for performance and availability

We may retain limited information longer if required for legal compliance, security, fraud prevention, or dispute resolution.

Depending on your jurisdiction (including GDPR in the EU and certain US state laws like CCPA/CPRA), you may have rights to:

• Access your personal information
• Correct inaccurate information
• Delete your information
• Export your information (data portability, where applicable)
• Object to or restrict certain processing (where applicable)
• Withdraw consent where processing is based on consent

You can exercise many of these rights through in-app controls. You can also contact us at jaroslabs@gmail.com.

You can delete your account and associated data from within the app. When you request deletion, we delete or anonymize personal data within a reasonable time, unless we must retain some information for legal or security purposes.

We currently host the Service in the EU only (Supabase). If we later use processors outside your country or the EU/EEA, we will implement appropriate safeguards (such as Standard Contractual Clauses where required) and update this Privacy Policy.

We use reasonable administrative, technical, and organizational measures to protect information. No system is perfectly secure; you use the Service at your own risk.

The Service is not intended for children under 13 and is not designed for clinical or professional use. We do not knowingly collect personal information from children under 13.

We may update this Privacy Policy from time to time. We will post the updated version in the app and update the effective date above. For material changes, we may provide additional notice within the app.

If you have questions, requests, or complaints related to privacy, contact:

• Email: jaroslabs@gmail.com