Privacy Policy

Introduction

Healther is a mobile application for iOS and Android that lets you scan food barcodes and upload product photos to instantly see nutrition scores, allergen information, and personalised health verdicts. Healther is fully anonymous - we do not require an account, email address, or any personal registration to use the app.

This Privacy Policy explains what information Healther collects, why we collect it, and how we handle it. If you have any questions or concerns, please contact us at privacy@healther.app.

Information We Collect

We collect only what is necessary to provide the Healther service:

• Camera: Used to scan food product barcodes and to capture product photos for AI identification. Camera access is only active when you initiate a scan.
• Photo library: With your permission, you can select existing photos from your device library to identify a product. Photos are accessed only when you choose to upload one.
• Product photos: Photos you capture or upload are resized to a maximum of 1,024 pixels and sent securely to our Firebase Cloud Functions, which forward them to Google Gemini Vision AI for product identification. Photos are not stored permanently on our servers - they are held in a short-lived server-side cache (up to one hour) for performance and then discarded.
• Barcodes: Barcodes you scan are sent to the Open Food Facts API to retrieve product nutrition data. Open Food Facts is a public, community-maintained food database.
• Scan history and personal lists: Your scan history (up to 10 recent scans visible on the home screen) and your personalised Avoid and Trust lists are stored entirely on your device using local storage (AsyncStorage). This data is never uploaded to our servers.
• Usage analytics: We use Firebase Analytics to collect behavioural event data, including screen views, scan events (barcode or photo type, duration, success or failure), filter usage, list operations, product shares, settings changes, paywall opens, and purchase events. No personally identifiable information such as your name, email address, or location is collected.
• Device attestation: Firebase App Check verifies that API calls originate from a genuine, unmodified version of the Healther app, protecting our backend services from abuse.
• Advertising identifiers: On the free tier, Google AdMob serves banner and interstitial ads (shown after every third scan). AdMob collects your advertising ID - IDFA on iOS (via SKAdNetwork) and Ad ID on Android - to serve relevant ads. Healther Pro users are not shown ads and are not subject to advertising ID collection by AdMob within the app.
• Purchase information: RevenueCat receives purchase receipts from the App Store or Google Play to verify your Healther Pro one-time purchase entitlement. We receive only your entitlement status; we do not receive or store your payment details. RevenueCat uses your device ID to manage purchase entitlements.

We do not collect: email addresses, real names, precise or approximate location, contacts, or health records.

How We Use Your Information

We use the information we collect to:

• Provide the core Healther service - decoding barcodes, identifying products from photos, displaying NutriScore and NOVA classifications, detecting allergens, and generating personalised AI health verdicts
• Improve the accuracy and relevance of AI-generated health verdicts over time using aggregated, non-identifiable usage patterns
• Serve advertisements on the free tier via Google AdMob
• Diagnose and fix technical issues and improve app performance using anonymised analytics data
• Verify device integrity and protect our backend APIs via Firebase App Check
• Verify Healther Pro one-time purchase entitlements via RevenueCat
• Comply with applicable laws, regulations, and legal processes

Data Sharing

We do not sell your personal data. We share data only in the following limited circumstances:

• Open Food Facts: Barcodes are sent to the Open Food Facts public API to retrieve product nutrition data. Requests include a User-Agent string with our contact email as required by their API guidelines.
• Google (Gemini Vision, Firebase Analytics, Firebase App Check, and AdMob): Product photos are forwarded to Google Gemini Vision for AI identification. Firebase Analytics receives anonymised behavioural event data. Firebase App Check performs device attestation. Google AdMob receives advertising IDs on the free tier to serve ads. Each Google service operates under Google's Privacy Policy.
• RevenueCat: Purchase receipts are shared with RevenueCat to verify your Healther Pro one-time purchase entitlement. RevenueCat operates under its own Privacy Policy.
• Legal requirements: We may disclose information if required to do so by law, valid legal process, or to protect the rights, property, or safety of Healther, our users, or the public.

We never sell, rent, or trade your data to advertisers or third parties for commercial purposes.

Your Personal Lists and Scan History

Your scan history and your Avoid and Trust lists - including saved ingredients, allergens, brands, countries, and products - are stored entirely on your device using local storage. We do not have access to this data, and it is never transmitted to our servers. If you clear the app’s data or uninstall Healther, this information will be permanently erased from your device.

Data Retention

We retain different types of data for different periods:

• Product photos processed by Google Gemini Vision are not stored beyond the API call. A short-lived server-side cache (up to one hour) may hold processed results for performance; this cache is then automatically cleared.
• Firebase Analytics data is retained in accordance with Google's Firebase Analytics data retention policy (default: two months for user-level data; event-level data may be retained longer in aggregated form).
• Local device data - scan history and personal lists - is controlled entirely by you and persists on your device until you clear it or uninstall the app.
• RevenueCat retains purchase receipt data as needed to verify one-time purchase entitlements, in accordance with RevenueCat's own data retention policies.

Your Rights

Because Healther does not maintain user accounts or personally identifiable profiles, the majority of data associated with your use of the app lives only on your device. You can request information about any data we hold server-side by contacting us at privacy@healther.app.

• EU/EEA residents (GDPR): You have the right to access, rectify, erase, restrict processing of, and port any personal data we hold about you. You may also object to processing and lodge a complaint with your local data protection authority.
• California residents (CCPA): You have the right to know what personal information we collect, to request its deletion, and to opt out of any sale (we do not sell personal data). You have the right to non-discrimination for exercising these rights.
• Advertising opt-out: To limit interest-based advertising, use your device's built-in controls: 'Limit Ad Tracking' or 'Allow Apps to Request to Track' on iOS; 'Opt out of Ads Personalisation' in Google Settings on Android.

Children's Privacy

Healther is not directed at children under the age of 13. We do not knowingly collect personal information from anyone under 13. If you believe we have inadvertently collected data relating to a child, please contact us immediately at privacy@healther.app and we will take prompt steps to address the issue.

Security

We apply industry-standard security measures to protect data in transit and at rest:

• All data transmitted between the app and our servers is encrypted using TLS.
• Firebase App Check verifies device integrity for every API call, preventing unauthorised access to our backend.
• The Google Gemini API key is held exclusively on our server side and is never embedded in the app binary.
• Access to any server-side data is restricted to authorised personnel on a need-to-know basis.

While we take reasonable steps to protect your information, no system is completely immune to security incidents, and we cannot guarantee absolute security.

Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days’ advance notice by displaying a prominent notice in the app before the changes take effect. The updated policy will always be available at this URL with a revised effective date.

Contact

For any privacy-related questions, requests, or complaints, please reach out to our Privacy team at privacy@healther.app. We aim to respond to all requests within 30 days.