Privacy Policy

This is the privacy policy for the Bubu Recommends iOS app (“Bubu”, “we”, “us”). It explains what data we collect when you use the app, why, and your choices.

1. Who we are

Bubu Recommends is currently in private TestFlight beta. For privacy questions or requests, send feedback through the TestFlight app (long-press the Bubu Recommends icon and choose Send Beta Feedback). We’ll add a dedicated contact channel before public release.

2. What we collect

Account information. When you sign in we receive information from your sign-in provider: your name (where provided), your email address, and a profile image URL. If you sign in with a password we store a hashed version of it. If you sign in anonymously we generate a random identifier and don’t collect personal details.

Your preferences. We store the dietary filters (such as allergens to avoid) and the nutrition goal you’ve enabled in the app, so we can personalise the recommendation we show you for each product.

Scan history. When you scan a product barcode we store the barcode, the product information we fetched (name, brand, image), the recommendation we returned, and timestamps. This forms your scan history and is linked to your account.

Device and session information. Our server records your IP address and the User-Agent associated with your sign-in session. Your session token is stored on your device using the iOS Keychain.

3. How we use it

We use the information above to operate the app — sign you in, fetch product data, generate recommendations tuned to your preferences, show your scan history, diagnose errors, and prevent abuse. We don’t show advertising and we don’t sell your personal information.

4. Third parties we share data with

We share limited information with service providers that help us run the app. We use “such as” below because we may swap a provider for an equivalent one over time; we’ll update this page when we do.

Product data — such as Open Food Facts. When you scan a barcode we query Open Food Facts to fetch product information. We send the barcode, and a User-Agent string that includes a stable identifier for your account and your session ID, in line with Open Food Facts’ attribution and fair-use policy. See https://openfoodfacts.org.

Error monitoring — such as Sentry. When the server hits an error we send Sentry a record of the request, including request headers (with auth tokens redacted) and your account ID and email, so we can diagnose what went wrong. See https://sentry.io/privacy.

Analytics and session replay — such as PostHog. The mobile app uses PostHog to capture usage events (sign-in, scans, decisions viewed, preference changes), unhandled errors, and session replays of how you use the app. Replays mask text input by default; images are not masked. PostHog receives your account ID and email. See https://posthog.com/privacy.

5. Permissions

Bubu Recommends asks for one iOS permission: Camera, used to read product barcodes. We don’t record photos, video, or audio.

6. Retention and deletion

We retain your account, sign-in records, preferences, and scan history for as long as your account exists. To delete your account and the data linked to it, send beta feedback through TestFlight.

7. Your rights

Depending on where you live, you may have rights under GDPR, UK GDPR, or CCPA — including access, correction, deletion, portability, and the right to object to processing. To exercise these rights, send beta feedback through TestFlight.

8. Children

Bubu Recommends is not directed to children under 13, and we don’t knowingly collect personal information from them.

9. Changes

We’ll update this page when our practices change. Continued use of the app after we update means you accept the updated policy.

10. Contact

Privacy questions or requests: send beta feedback through TestFlight.