Privacy Policy

This Privacy Policy explains how FoodScan handles personal data in connection with the FoodScan mobile application, the related legal pages, and communications sent to FoodScan.

Last updated: April 16, 2026 | Privacy disclosure | Contact: contact@aishipsafe.com

1. Data Controller

For the processing activities described in this Privacy Policy, the data controller is FoodScan, operated from Lyon, France.

Privacy-related requests may be sent to contact@aishipsafe.com.

No separate Data Protection Officer is designated in this policy as of the date above. Privacy enquiries may be addressed through the same contact channel.

2. Scope of this Policy

This Privacy Policy applies to:

  • use of the FoodScan iOS application;
  • visits to the public legal pages hosted at foodscan-psi.vercel.app;
  • emails and messages sent to FoodScan.

This Privacy Policy does not govern data processing carried out independently by third parties such as Apple, Open Food Facts, or Vercel acting under their own privacy terms for services they directly operate.

3. Categories of Data We Process

3.1 Data stored locally on your device

  • barcode scan history;
  • product names, brands, categories, product image URLs and scoring information retrieved after a scan;
  • scan dates and local app state, such as onboarding completion status.

Based on the current application implementation reviewed on April 16, 2026, this information is stored locally on the user’s device and is not sent by FoodScan to its own backend because FoodScan does not currently operate an app backend for user accounts or cloud sync.

3.2 Camera access

FoodScan requests access to the device camera solely to scan barcodes. The current implementation does not state that camera images or video streams are stored by FoodScan or transmitted to FoodScan-controlled servers.

3.3 Network request data

When a user scans a barcode, the app sends the barcode to the Open Food Facts public API in order to retrieve product information. In that context, Open Food Facts and the user’s network provider may receive technical connection data such as IP address, request headers, and related metadata according to their own systems and policies.

3.4 Website technical data

When a user visits the legal pages, the hosting provider may process technical logs and connection metadata necessary for routing, delivery, service security, fraud prevention, and infrastructure integrity.

3.5 Contact data

If a user contacts FoodScan by email, FoodScan may process the sender’s email address, message content, attachments, and any information voluntarily included in the communication.

4. Purposes of Processing and Legal Bases

Provide barcode lookup results To retrieve and display product information after a scan.
Legal basis: performance of a service requested by the user and FoodScan’s legitimate interest in operating the app.
Maintain scan history locally To enable users to review previously scanned products on their own device.
Legal basis: performance of a service requested by the user.
Ensure security and availability To host the legal pages, maintain service resilience, and prevent abuse.
Legal basis: legitimate interest.
Handle incoming communications To answer support, privacy or legal requests.
Legal basis: legitimate interest and, where applicable, steps taken at the request of the data subject.
No advertising or tracking statement Based on the current iOS project reviewed on April 16, 2026, FoodScan does not declare the use of advertising SDKs, third-party behavioural analytics SDKs, or marketing trackers within the app codebase.

5. Recipients and Disclosure

FoodScan does not sell personal data. Personal data may be disclosed only to the extent necessary to operate the service, comply with legal obligations, or protect legitimate rights.

  • Hosting provider: Vercel, for website hosting and technical delivery of the legal pages.
  • Open Food Facts: when a barcode is queried through the public API at the user’s request.
  • Apple: Apple may process certain data independently when users obtain the app through the App Store, use iOS permissions, or use Apple-managed services. Apple acts under its own privacy terms as a separate controller for those activities.
  • Authorities and advisors: where required by law, regulation, legal process, or for the establishment, exercise or defence of legal claims.

6. International Data Transfers

FoodScan is based in France. Some service providers used in connection with the website may process technical data outside the European Economic Area, including in the United States. Where such transfers occur, they are intended to rely on an appropriate legal transfer mechanism recognised under applicable law, such as adequacy decisions, contractual safeguards, or another lawful transfer basis, as applicable.

Open Food Facts and other third-party services remain independently responsible for the international transfer information contained in their own privacy documentation.

7. Data Retention

  • Local app data: retained on the user’s device until removed by the user, overwritten locally, or deleted when the app is deleted.
  • Email correspondence: retained for the time reasonably necessary to manage the request, maintain a support history where justified, comply with legal obligations, or defend legal rights.
  • Website technical logs: retained according to the hosting provider’s operational and security practices.

8. Your Rights

Subject to applicable law, particularly the GDPR where relevant, you may have the right to request access to, rectification of, erasure of, restriction of, or portability of personal data, and the right to object to certain processing.

  • If your data is stored locally in the app, you can generally control deletion directly from your device by removing the app data or deleting the app.
  • If you contacted FoodScan by email, you may exercise your rights by writing to contact@aishipsafe.com.
  • Where processing is based on legitimate interest, you may object on grounds relating to your particular situation, subject to applicable law.

9. Security

FoodScan seeks to implement reasonable technical and organisational measures appropriate to the nature of the processing described here. However, no system, device, transmission method or hosting environment can be guaranteed as absolutely secure.

10. Children

FoodScan is not designed to knowingly collect personal data from children through account registration or direct profile creation. If you believe that personal data relating to a child has been improperly sent to FoodScan through email or another channel under FoodScan’s control, please contact FoodScan promptly.

11. Changes to this Policy

FoodScan may update this Privacy Policy from time to time to reflect legal, operational or technical changes. The revised version will become effective when published with an updated revision date.

12. Contact and Complaints

For any privacy, legal or data-protection request, please contact contact@aishipsafe.com.

If you are located in the European Union or where equivalent rights apply, you may also lodge a complaint with the competent supervisory authority. In France, this authority is the Commission Nationale de l’Informatique et des Libertés (CNIL), without prejudice to any other administrative or judicial remedy available to you.

FoodScan Privacy Policy. For corporate and publication details, please consult the Legal Notice.