Privacy Policy

SugarFlag ("SugarFlag," "we," "us," or "our") provides a mobile application, website, and related services that help users scan food labels and review ingredient and added sugar information (collectively, the "Services").

This Privacy Policy explains what information we collect, how we use it, when we share it, how long we keep it, and the choices available to you.

1. Who We Are

Service: SugarFlag

Website: https://sugarflag.com

Contact: info@sugarflag.com

If you have privacy questions or want to exercise your privacy rights, contact us at info@sugarflag.com.

2. Information We Collect

We collect the following categories of information.

2.1 Account Information

When you create or use an account, we may collect:

• your email address;
• your password, if you register with email and password, stored in hashed form rather than plain text;
• authentication details from login providers you choose to use, such as:
  • Sign in with Apple, including your Apple-provided user identifier and, where shared, your name and email address or private relay email address;
  • Google Sign-In, including your Google account email address and basic profile information you choose to share;
• account creation date, login timestamps, and related account activity metadata.

2.2 Scan Content and Scan History

When you use the app to scan a product label, we may collect:

• photos or images you choose to capture or upload for scanning;
• text extracted from those images;
• scan prompts, structured label data, or other scan inputs needed to generate results;
• scan results, classifications, and analysis output;
• scan history stored in your account;
• timestamps and related technical metadata associated with a scan.

We only access camera or photo content that you explicitly choose to provide for scan functionality.

2.3 Subscription and Purchase Information

If you purchase or restore a subscription through Apple or Google Play, we may receive information such as:

• subscription status;
• subscription product identifier;
• transaction, renewal, and expiration information;
• purchase validation and entitlement information.

We do not receive or store your full payment card details. Payments are processed by Apple through the App Store or by Google through Google Play.

2.4 Usage, Device, and Diagnostics Information

To operate, secure, and improve the Services, we may collect:

• app version;
• device model and operating system information;
• language, country, or region settings;
• crash logs, error logs, and diagnostics;
• feature usage information, such as scan counts and screens or features used;
• advertising identifiers, such as Apple's Identifier for Advertisers (IDFA), when you grant permission through Apple's App Tracking Transparency prompt;
• ad interaction data, such as whether you installed the app from an advertisement.

2.5 Support Communications

If you contact us, we may collect:

• your email address;
• the content of your message;
• attachments, screenshots, or other information you choose to send us.

2.6 Anti-Abuse and Security Records

To prevent fraud, abuse, repeated misuse of free features, and violations of our Terms, we may retain limited anti-abuse records, including privacy-protective identifiers derived from account information.

For example, after account deletion we may retain a hashed or otherwise pseudonymised identifier derived from an email address so we can detect repeated creation and deletion of accounts used to obtain additional free scans or other free usage.

2.7 Advertising and Analytics Data

With your permission, we may collect certain data to measure the effectiveness of our advertising campaigns and improve our Services. This includes:

• your device's advertising identifier (IDFA), if you grant permission through Apple's App Tracking Transparency prompt;
• app events such as installs, registrations, scans, and purchases, shared with advertising platforms to measure campaign performance;
• website browsing activity on sugarflag.com, collected through tracking pixels for advertising purposes.

You can opt out of ad tracking at any time by declining the tracking prompt in the app or by adjusting your device's privacy settings under Settings > Privacy & Security > Tracking.

3. How We Collect Information

We collect information:

• directly from you, when you create an account, sign in, scan a label, purchase or restore a subscription, contact support, or request account deletion;
• automatically, when you use the Services, through device, diagnostic, and service logs;
• from third parties you choose, such as Apple or Google when you sign in with those services, Apple or Google when you purchase or restore a subscription, and Google Cloud services when scan inputs are processed through our backend.

4. How We Use Information

We use the information described in this Privacy Policy to:

• create and manage your account;
• authenticate you and keep your account secure;
• process scans and provide scan results;
• extract text from product labels;
• analyze scan inputs and generate classifications, ingredient-related insights, and other app responses;
• save your scan history when that feature is enabled for your account;
• provide subscriptions, verify entitlements, and restore purchases;
• operate, maintain, troubleshoot, monitor, and improve the Services;
• respond to support requests and user communications;
• detect, investigate, and prevent fraud, abuse, security issues, repeated free-feature misuse, or violations of our Terms;
• comply with legal obligations and enforce our rights.

We do not sell your personal data.

5. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area, Switzerland, or the United Kingdom, we process personal data under one or more of the following legal bases:

• performance of a contract with you, such as providing the app, your account, subscriptions, and scan functionality;
• your consent, where consent is required;
• compliance with legal obligations;
• our legitimate interests, such as keeping the Services secure, preventing abuse, improving performance, and supporting users, provided those interests are not overridden by your rights.

6. When We Share Information

We share personal data only as reasonably necessary to operate the Services, comply with law, or protect rights and safety.

6.1 Service Providers and Processors

We may share data with vendors and processors that help us run the Services, including:

• Supabase, for authentication, database, and related backend services;
• Apple, for Sign in with Apple, App Store purchases, subscription status handling, and related account functionality;
• Google, if you choose Google Sign-In;
• Google Cloud, including Google Cloud Vision API and Vertex AI, for scan-related processing such as OCR, text extraction, scan analysis, and result generation;
• Meta Platforms, Inc. (Facebook), for advertising measurement, campaign optimization, and analytics. When you grant tracking permission, certain app activity data and your device's advertising identifier may be shared with Meta to measure ad performance and deliver relevant advertising. Meta processes this data according to its own Data Policy;
• hosting, infrastructure, logging, analytics, and security providers that support our backend systems.

These providers may process personal data on our behalf subject to contractual, technical, and legal safeguards.

6.2 Scan Processing

To provide scan functionality, we may send scan-related data to our backend systems and third-party cloud processors.

This may include:

• photos or images you choose to capture or upload for scanning;
• text extracted from those images;
• scan prompts, structured label data, or other scan inputs;
• scan results, classifications, and related technical metadata.

We may use:

• Google Cloud Vision API to perform optical character recognition (OCR) or related text extraction from product labels;
• Vertex AI on Google Cloud to analyze scan inputs and generate scan results, classifications, ingredient-related insights, or other app responses.

We use these providers to deliver the core functionality of the Services. We do not use scan content for advertising or cross-context behavioral advertising.

6.3 Legal and Safety Disclosures

We may disclose information if we believe it is reasonably necessary to:

• comply with applicable law, regulation, legal process, or governmental request;
• enforce our Terms or other agreements;
• detect, prevent, or address fraud, abuse, security, or technical issues;
• protect the rights, property, or safety of SugarFlag, our users, or others.

6.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, your information may be transferred as part of that transaction, subject to applicable law.

6.5 Advertising Partners

With your consent (provided through Apple's App Tracking Transparency prompt), we may share certain data with advertising partners to:

• measure whether our advertisements led to app installs or purchases;
• optimize ad delivery to reach people who may benefit from our Services;
• create audiences of similar users for advertising purposes.

Our current advertising partners include:

• Meta Platforms, Inc. (Facebook/Instagram) — receives app install events, subscription events, and advertising identifiers when tracking is permitted.

We do not sell your personal data. Sharing data with advertising partners for the purposes described above is done only with your consent and to support our advertising efforts, not to enable third parties to independently market to you.

You can withdraw consent at any time by going to your device settings: Settings > Privacy & Security > Tracking.

7. Data Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

In general:

• Account data is retained while your account is active.
• Scan history and scan-related records are retained while your account remains active, unless you delete them earlier where that functionality is available.
• Support communications may be retained as needed to respond to your request, maintain records, and improve support operations.
• Diagnostic, fraud-prevention, and security logs may be retained for a limited period as needed for service reliability, abuse prevention, debugging, and security.

Account Deletion

If you request account deletion in the app, we will begin the deletion process for your account and associated personal data.

We may retain limited information after deletion:

• for up to 30 days to complete deletion workflows, maintain backups, prevent fraud, or allow technically necessary processing;
• where we are legally required or otherwise permitted to retain specific records;
• for security, abuse prevention, and enforcement purposes, including limited retained records that help us detect repeated account deletion and re-registration used to misuse free features or evade restrictions.

This may include a hashed or otherwise pseudonymised identifier derived from account information, such as an email address, rather than retaining the full original account record for this purpose.

When retention is no longer required, we delete or anonymize the data.

8. Your Rights and Choices

Depending on where you live, you may have rights to:

• access the personal data we hold about you;
• correct or update inaccurate information;
• request deletion of your account and personal data;
• request a copy of certain data in a portable format;
• object to or restrict certain processing;
• withdraw consent where processing is based on consent.

You may exercise account-related controls directly in the app where available, including account deletion. You may also contact us at info@sugarflag.com.

We may need to verify your identity before completing certain requests.

9. Camera and Photo Library Access

The app may request access to your camera and/or selected photos so you can scan product labels.

• We only access the camera or photos for scan functionality you choose to use.
• We do not access your entire photo library unless your device permissions and your actions allow it.
• You can revoke camera or photo permissions at any time in your device settings.

10. International Data Transfers

Your information may be processed in countries other than the country where you live. Where required by law, we take reasonable steps to provide appropriate safeguards for international transfers.

11. Children's Privacy

The Services are not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided personal data to us, contact us and we will take appropriate steps.

12. Security

We use reasonable technical and organizational measures designed to protect personal data, including measures such as encryption in transit, access controls, authentication protections, and secure service providers.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

13. California and Similar U.S. Privacy Disclosures

If you are a California resident or live in another U.S. state with privacy rights, you may have additional rights under applicable law, including rights to know, delete, correct, or access certain information.

We do not sell personal information. With your opt-in consent (through Apple's App Tracking Transparency prompt), we may share limited data with advertising partners such as Meta to measure ad campaign performance. You may opt out at any time through your device's tracking settings. This sharing is based on your affirmative consent and is limited to campaign measurement and optimization.

To submit a privacy request, email info@sugarflag.com.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date and, where required, provide additional notice in the app or by other appropriate means.

15. Contact Us