Privacy Policy

Sift is a mobile application that scans packaged food — by barcode or photograph — and returns an AI-generated health score, a breakdown of flagged ingredients, and a plain-English explanation of what's inside. Because that analysis passes through cameras, third-party services, and our own servers, we take privacy seriously and have written this policy to explain exactly what happens to your data, in the plainest English we can manage.

This policy applies to the Sift iOS and Android applications, the Sift web surfaces (including the policy page at sift-legal.netlify.app), and any associated APIs or back-end services (collectively, the "Service"). By using the Service you agree to the collection and use of information in accordance with this policy.

Scope & Who We Are

The Service is operated by the team doing business as Sift ("we," "us," "our"). For the purposes of the EU/UK General Data Protection Regulation (GDPR), we act as the data controller for information collected through the Service. Where we use vendors to process data on our behalf — listed in § 06 — those vendors act as our data processors under binding data-processing agreements.

This policy covers personal data only. It does not apply to third-party websites, services, or integrations that we link to but do not operate. Those third parties have their own policies, and we link to each in § 06.

Information We Collect

We collect only what is necessary to make Sift work, to keep your account secure, to process payments, and to generate the AI analysis you came for. The categories below track Apple's App Store data-type taxonomy so that our App Privacy Details on the App Store and this policy remain perfectly aligned.

Information you provide directly

Account information — your email address, password (stored only as a one-way hash we never see in plaintext), and display name.
Profile preferences — optional dietary goals, allergens, and restrictions you choose to record so the AI analysis can be personalized.
Family profiles — if you add family members to apply allergen checks, we store the name you enter and the allergens you select. Do not add information about people who have not consented.
Scan input — barcodes you scan and photographs you capture of food, packaging, or menus.
Support correspondence — messages, screenshots, and attachments you send when contacting us.

Information collected automatically

Device identifiers — a server-assigned user ID, and on mobile, a device-level install identifier used to authenticate your session.
Diagnostics & performance — crash logs, exception stack traces, launch times, hang rate, and energy-use metrics, so we can fix bugs.
Usage data — which screens you view, which features you use, the number and timestamps of scans you make. Used to understand which features matter and to enforce the free-tier scan limit.
Approximate location — only if your device's network/IP suggests a coarse region. We do not request precise (GPS) location and have no iOS/Android precise-location permission.

Information collected through AI scanning

Barcode lookups — the numeric barcode is sent to the Open Food Facts API, a public open-source database, to retrieve nutrition and ingredient data for that product.
Food photographs — the image bytes and the nutrition facts associated with the product are sent to Google Gemini for analysis. Photographs are processed in near-real-time and are not retained by Google beyond what is needed to return the result. We retain the photo in our storage only long enough to render it in your scan history; you may delete it at any time.

Payment information

All subscriptions are purchased through Apple's In-App Purchase system. Apple handles the entire payment flow; we never see or store your card number, CVV, or bank credentials. We receive only a receipt and entitlement token from Apple, mediated through RevenueCat (our subscription-state provider), which lets us know whether your account currently has an active Premium or Family subscription. RevenueCat receives the same Apple receipt and an anonymous identifier we generate for your account; it does not receive your name or email.

Information we do not collect

We do not collect precise GPS location.
We do not access your contacts, photo library (outside of photos you explicitly capture for scanning), calendars, health records, HealthKit, microphone, or device sensors beyond the camera.
We do not collect browsing history outside of the app.
We do not collect sensitive categories such as racial or ethnic origin, political opinions, religious beliefs, trade-union membership, genetic data, biometric data for identification, sexual orientation, or information about criminal convictions.
We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising.

Apple App Privacy Disclosure

Apple's App Store Privacy Details use sixteen standardized data categories. For transparency, every category is reproduced below with our exact practice. "Linked to user" means the data can be tied to your identity in our systems.

Contact Info Email address and display name, collected for account creation and authentication. Linked to user. Collected

Health & Fitness We do not access HealthKit, Clinical Health Records, or Motion & Fitness APIs. Not collected

Financial Info Payment card brand and last-four digits for subscription receipts. Credit and other financial data are not collected. Collected

Location Coarse, IP-derived region only. We do not request Precise Location. Coarse only

Sensitive Info Not collected. Not collected

Contacts Not accessed. The app does not request the iOS Contacts permission. Not collected

User Content Food photographs you capture, scan metadata, and customer-support correspondence. Linked to user. Collected

Browsing History Not collected. Not collected

Search History Not collected. The app has no general web search. Not collected

Identifiers User ID assigned by our server, plus an install-level device ID used for session management. Advertising identifier is not collected. Collected

Purchases Subscription purchase history (tier, status, renewal dates) to provision features. Collected

Usage Data Product interaction — screens viewed, buttons tapped, scans performed — used for analytics and to enforce free-tier limits. Collected

Diagnostics Crash logs, performance metrics, technical diagnostic data. Collected

Surroundings Not collected. The app does not use ARKit environment scanning. Not collected

Body Not collected. Not collected

Other Dietary preferences, allergen lists, family profiles you voluntarily enter. Collected

None of the data above is used for Tracking as Apple defines that term. We do not link your data with third-party data for targeted advertising, and we do not share your data with data brokers.

How We Use Information

We process your data only for the purposes listed here. Each purpose maps to one of Apple's "data use" categories in parentheses.

To run the Service (App Functionality) — authenticate you, look up products, generate AI analysis, persist scan history, enforce the daily free-tier scan cap, process subscription changes, and deliver customer support.
To keep the Service reliable (App Functionality / Analytics) — understand how features are used in aggregate, diagnose crashes, profile performance, and prevent abuse such as brute-force sign-in attempts.
To improve the Service (Analytics) — measure which features are valuable, test changes, and prioritize future work. We use aggregated and/or de-identified data where feasible.
To personalize AI output (Product Personalization) — combine your stored dietary preferences and family allergen profiles with scan data so the Gemini-generated verdict reflects what matters to you.
To communicate with you (App Functionality / Developer's Marketing, opt-in only) — send transactional messages (password reset, subscription receipts, security alerts). We do not send promotional email unless you explicitly opt in.
To comply with the law — respond to valid legal process, enforce our Terms of Service, protect the rights, property, and safety of Sift, our users, and the public.

We do not use your data for third-party advertising, cross-context behavioral advertising, or algorithmic profiling that produces legal or similarly significant effects.

Legal Bases for Processing (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, our processing of your personal data is grounded in the following legal bases under Article 6 GDPR:

Performance of a contract (Art. 6(1)(b)) — to deliver the Service you requested, including account authentication, scanning, AI analysis, and subscription management.
Legitimate interests (Art. 6(1)(f)) — to keep the Service secure, to debug and improve it, and to prevent fraud and abuse. Our legitimate interests are balanced against your rights; you may object to this processing at any time.
Consent (Art. 6(1)(a)) — for optional processing such as promotional email, where you provide opt-in consent you can withdraw at any time.
Compliance with legal obligations (Art. 6(1)(c)) — to retain tax, accounting, and transaction records required by applicable law.

We do not rely on Article 9 (special-category) processing. We do not make solely automated decisions with legal or similarly significant effects about you.

Sharing With Third Parties

We share data only with the processors listed below, each under a data-processing agreement that requires them to provide the same or equivalent protections required by this policy and by applicable law (as Apple's App Store guidelines require). We do not sell personal data. We do not share personal data with advertising networks or data brokers.

Supabase, Inc.

Hosted PostgreSQL database, authentication, file storage for the food-photo bucket, and Edge Functions runtime. US-based. Sub-processor of our core application data.
supabase.com/privacy ↗

Google LLC (Gemini API)

AI analysis of food photographs and nutrition data. Your photograph and the associated product data are transmitted to Google's Gemini endpoint to generate a health score and ingredient commentary. Google does not use your API content to train its generally available models.
policies.google.com/privacy ↗

RevenueCat, Inc.

Subscription state management on top of Apple's In-App Purchase system. Verifies Apple receipts, tracks entitlement status, and notifies our backend when subscriptions renew, cancel, or expire. Receives only an anonymous account identifier and the Apple receipt — no name, email, or payment details.
revenuecat.com/privacy ↗

Apple Inc.

If you purchase a subscription through the App Store, Apple processes your payment entirely. We receive only a signed receipt and entitlement token. Apple's privacy policy applies to that payment.
apple.com/legal/privacy ↗

Open Food Facts

A non-profit public database of food products. We send the numeric barcode you scan to their API to retrieve product name, ingredients, and nutrition data. No personal identifier is attached to that lookup.
openfoodfacts.org/privacy ↗

Expo / EAS

Provides the build, over-the-air update, and crash-reporting infrastructure for the mobile app. Processes crash logs and build metadata only.
expo.dev/privacy ↗

We may also disclose personal data (a) to comply with a lawful court order, subpoena, or similar legal process; (b) to enforce our Terms of Service; (c) to protect the rights, property, or safety of Sift, our users, or the public; or (d) to a successor entity in connection with a merger, acquisition, reorganization, or sale of assets, provided the successor is bound by this policy or a comparable one.

Health-Related Disclaimer

◆ Not Medical Advice

Sift is not a medical device and does not provide medical advice. Health scores, grades, flagged ingredients, and recommendations are generated by an AI model from nutrition data and product labels that may be incomplete or inaccurate.

They are provided for general informational and educational purposes only. They are not a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of a qualified physician, registered dietitian, or other licensed healthcare provider with any questions you may have regarding a medical condition, diet, or nutrition.

Never disregard professional medical advice or delay seeking it because of something you read in the Service. If you have a food allergy, you remain solely responsible for reading the product label on the physical package before consumption.

Data Retention & Deletion

We keep personal data only as long as necessary to fulfill the purposes described in this policy, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention windows:

Account records — retained while your account is active. Deleted within thirty (30) days of account deletion, except for records we are required to preserve by law (for example, tax records, which we retain for up to seven years in jurisdictions that require it).
Scan history — retained while your account is active. Individual scans can be deleted at any time from within the app. All scans are erased within thirty (30) days of account deletion.
Food photographs — retained in our storage only to render them in your scan history. Photos are deleted from our storage immediately when you delete the scan, and in full within thirty (30) days of account deletion.
Support correspondence — retained for up to two (2) years after the last message, then deleted.
Crash and diagnostic logs — retained for ninety (90) days then rotated out.
Aggregated / de-identified analytics — may be retained indefinitely, because they no longer identify you.

You can delete your account — and with it all linked personal data — at any time from Profile → Delete Account inside the app, or by emailing privacy@siftapps.com.

Your Rights

Depending on where you live, you have some or all of the following rights over your personal data. To exercise any of them, email privacy@siftapps.com from the address associated with your account. We respond within thirty (30) days and without charge for reasonable requests.

Right to access

Request a copy of the personal data we hold about you and the categories of recipients we share it with.

Right to rectify

Correct inaccurate or incomplete personal data. Most fields can also be edited directly in Profile settings.

Right to erase

Have your account and all linked personal data permanently deleted.

Right to portability

Export your scan history and account record in a machine-readable JSON format.

Right to restrict

Ask us to limit how we process your personal data while a dispute or correction is pending.

Right to object

Object to processing we base on legitimate interests, including any profiling performed for the Service.

Right to withdraw consent

Withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal.

Right to lodge a complaint

File a complaint with your local supervisory authority. We would appreciate the chance to address it first.

We do not discriminate against you for exercising any of these rights. We will not deny service, charge different prices, or provide a different level of quality.

California Privacy Rights (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act as amended by the CPRA:

Right to know — the categories and specific pieces of personal information we have collected, the sources, the business or commercial purposes, and the categories of recipients.
Right to delete — personal information we have collected, subject to legal exemptions.
Right to correct — inaccurate personal information.
Right to opt out of sale / sharing — we do not sell personal information and we do not share personal information for cross-context behavioral advertising. There is nothing to opt out of, but you may confirm that status at any time.
Right to limit use of sensitive personal information — we do not use sensitive personal information to infer characteristics about you.
Right to non-discrimination — as stated in § 09.

In the previous twelve (12) months we have collected the categories described in § 02 and § 03, from the sources described in § 02, for the purposes described in § 04, and disclosed them for business purposes to the processors described in § 06.

International Data Transfers

Sift is operated from the United States, and our processors (Supabase, Google, Apple, RevenueCat, Expo) are headquartered in the United States. If you use the Service from outside the United States, your personal data will be transferred to, stored, and processed in the United States and other countries where our processors operate.

For transfers out of the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (2021/914) and, where applicable, on a processor's certification under the EU-US Data Privacy Framework. Additional technical and organizational measures — encryption in transit via TLS, encryption at rest, access controls, and minimization — supplement those clauses.

Children's Privacy

The Service is not directed to children under the age of thirteen (13), and we do not knowingly collect personal information from children under 13 in the United States. The Service is rated 4+ in the App Store and 12+ in Google Play, but we intend it for use by individuals aged thirteen and older, or the equivalent minimum age in your jurisdiction (16 in most of the EU/EEA under GDPR, unless lowered by national law).

If you are a parent or guardian and you believe your child has provided us with personal information without your consent, contact us at privacy@siftapps.com. We will promptly delete the information and the associated account.

The Service is not included in the Apple "Kids" category, does not contain behavioral or targeted advertising, and does not include third-party analytics SDKs that collect persistent identifiers from children.

Security

We take reasonable and appropriate administrative, technical, and physical measures to protect personal data from unauthorized access, disclosure, alteration, and destruction. Specifically:

All traffic between the app and our servers is encrypted with TLS 1.2 or higher.
Passwords are hashed with a salted one-way function; we never store or transmit them in plaintext.
Stored data is encrypted at rest using AES-256 by our database and storage provider.
Authentication sessions are stored on-device using the platform's secure enclave (iOS Keychain / Android Keystore).
Database access is governed by Row-Level Security policies that prevent one user from reading another user's data.
Secret keys (Google Gemini, RevenueCat webhook, Supabase service role) live only in server-side environment variables and never ship in the client bundle.
Access to production systems is limited to authorized personnel under the principle of least privilege.

No system is perfectly secure. If we become aware of a security incident that materially affects your personal data, we will notify you and the appropriate supervisory authority within the timeframes required by law (within 72 hours for GDPR-covered breaches).

Tracking & App Tracking Transparency

The Service does not track you as Apple defines that term. We do not link your data with third-party data for the purpose of targeted advertising, and we do not share your data with data brokers. Consequently, the Service does not present an App Tracking Transparency (ATT) prompt; none is required.

We do not integrate advertising SDKs, attribution SDKs, or session-replay SDKs of any kind. We do not fingerprint your device.

Cookies & Local Storage

The mobile application stores a small amount of data on your device — an authentication token in the platform secure store, cached scan results, and UI preferences — to keep you signed in and to make the app feel fast. This storage is strictly necessary for the Service to function; clearing it will sign you out.

Our web surfaces use only strictly necessary first-party cookies for session management. We do not use advertising, analytics, or tracking cookies on any Sift web surface.

Changes to This Policy

We may update this policy to reflect changes in our practices, the Service, or applicable law. When we do, we will update the Last Updated date at the top of the document and, if the change is material, notify you by email to the address on file and/or via an in-app notice at least thirty (30) days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

A full version history, including prior versions of this policy, is available on request.

Contact

For any question, correction, access request, deletion request, portability request, complaint, or media inquiry concerning this policy or how we handle personal data, please write to us. We read every message and respond within thirty (30) days.

Write to the team handling your data.

privacy@siftapps.com