WhatsIn
1. Introduction
Welcome to WhatsIn, a food scanning and ingredient analysis application developed by SAS ILabs ("we", "us", or "our"). We are committed to protecting your personal data and your right to privacy.
This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it. It applies to all users of the WhatsIn iOS application ("App").
2. Information We Collect
2.1 Information You Provide
| Data | Purpose | Linked to You |
|---|---|---|
| Google Account email, display name & profile photo | Authentication, account creation | Yes |
| Product scans (barcode, photo, OCR text) | Core food analysis functionality | Yes |
| Allergen preferences | Personalized allergen detection alerts | Yes |
| In-app purchase history | Subscription status verification | Yes |
| AI chat messages about products | Product-specific health Q&A | Yes |
| Referral code | Referral program tracking | Yes |
2.2 Information Collected Automatically
| Data | Purpose | Tracking |
|---|---|---|
| Device model, OS version, app version | Analytics & crash diagnostics | No |
| Anonymous usage events (screen views, feature usage) | Product improvement analytics | No |
| Firebase anonymous installation ID | Analytics session association | No |
| Daily scan counts | Free-tier limit enforcement | No |
NSPrivacyTracking is set to false.
3. How We Use Your Information
- App Functionality: To scan barcodes, analyze ingredients, detect allergens, and provide AI-powered health insights about food products.
- Authentication: To identify your account and sync your data across sessions via Google Sign-In and Firebase.
- Subscription Management: To verify and manage your premium subscription status via Apple StoreKit 2 and Firebase Firestore.
- AI Chat: To provide product-specific health Q&A powered by Google Gemini.
- Analytics: To understand how features are used and improve the app (anonymous, non-tracking events via Firebase Analytics).
- Referral Program: To track referral relationships and adjust daily scan limits accordingly.
- Legal Compliance: To comply with applicable laws and enforce our Terms of Service.
4. Third-Party Services
WhatsIn uses the following third-party services. Each operates under its own privacy policy.
| Service | Provider | Purpose |
|---|---|---|
| Firebase Authentication | Google LLC | Sign-in via Google account |
| Firebase Firestore | Google LLC | Cloud data storage (user profiles, scan history, cached products) |
| Firebase Storage | Google LLC | Product image uploads |
| Firebase Analytics | Google LLC | Anonymous usage analytics |
| Google Sign-In | Google LLC | OAuth 2.0 authentication |
| Google Gemini AI | Google LLC | Ingredient enrichment, health analysis, OCR extraction, AI chat |
| Perplexity AI | Perplexity AI Inc. | Fact validation of health claims with sources |
| Open Food Facts | Open Food Facts (non-profit) | Product lookup by barcode (ingredients, nutrition, allergens) |
| Apple StoreKit 2 | Apple Inc. | In-app subscription processing |
| Apple Vision | Apple Inc. | On-device barcode detection & OCR (no data leaves device) |
We do not sell your personal data to any third party.
5. Device Permissions
| Permission | When Requested | Why It's Needed |
|---|---|---|
| Camera | When scanning a product | Capture barcodes and ingredient labels for analysis |
| Photo Library (read) | When importing a photo for analysis | Select existing photos of product labels to scan |
You can revoke any permission at any time in Settings → Privacy & Security on your device.
6. Data Retention & Deletion
Local Data
Cached product data and preferences are stored in the app's sandboxed container and Core Data store. They are automatically removed when you delete the app.
Cloud Data
Your scan history, user profile, allergen preferences, and referral data are stored in Firebase Firestore. Product images are stored in Firebase Storage. You can:
- Delete individual scan history entries within the app
- Request complete account and data deletion by contacting us
Account deletion permanently removes all data from our servers within 30 days.
7. Children's Privacy
WhatsIn is not directed to children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.
8. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of personal data we hold about you
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data ("Right to be Forgotten")
- Portability: Request a machine-readable copy of your data
- Restriction: Request that we limit processing of your data
- Objection: Object to processing based on legitimate interests
To exercise any right, contact us at saslabs.corp@gmail.com. We will respond within 30 days.
California residents may exercise rights under CCPA. EEA/UK residents may exercise rights under GDPR/UK GDPR. We do not sell personal information.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by updating the "Last Updated" date at the top of this page and, where appropriate, through an in-app notification. Your continued use of WhatsIn after changes are posted constitutes your acceptance of the updated policy.
10. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
- Developer: SAS ILabs
- Email: saslabs.corp@gmail.com