Privacy Policy

Last updated: May 3, 2026

SafePlate ("we", "our", or "us") is operated by Finn Digital LLC. This privacy policy explains what information we collect, how we use it, which third parties receive it, and the choices you have. It applies to the SafePlate iOS app and the website finndigital.net/safeplate.

What stays on your device

• Camera frames during a scan. Barcode reads and food-photo analysis happen on your device. Image data is not uploaded unless you explicitly save the result to your scan history.
• Family profiles + allergens. Names, allergens, and severity stay local in SwiftData on your iPhone. Sync to iCloud is your choice.
• EpiPen reminders. Stored in iOS local notifications.

What we collect (only if you opt in)

• Account ID. If you sign in with Apple, we receive an opaque user identifier and (optionally) a relay email so subscriptions and saved palettes can sync across devices.
• Saved scans. If you tap "Save to history," we store the resulting hex-product reference, brand, and verdict in Firebase Firestore, scoped to your account. We do not store the raw camera image.
• Subscription status. Apple tells us whether you have an active SafePlate or PRO subscription. We never receive payment card or Apple ID details.
• Diagnostic data. Anonymous crash reports via Firebase Crashlytics.

What we do not collect

• We do not upload, index, or store your camera frames as images.
• We do not train any model on your scans, family profiles, or saved cards.
• We do not sell your personal data to advertisers or data brokers.
• We do not use third-party advertising SDKs.
• We do not share your child’s allergens with any third party.

Children's data

SafePlate stores names, ages, and allergens for the children in your family at your direction, the parent or guardian. SafePlate is not intended for direct use by children under 13. Family-member data stays under your account and is removed when you delete your account or remove the family member.

Third-party services

• Apple StoreKit — subscription management.
• Firebase Auth, Firestore, Storage, Crashlytics (Google) — account auth, optional cross-device sync, crash reporting.
• Apple MapKit — restaurant finder map display. No personal data sent.
• OpenFoodFacts and FDA OpenFDA (public APIs) — product database and recall alerts. No personal data sent.

Your rights

You can delete your account and all associated data via Profile › Settings › Delete Account. Data is permanently erased within 30 days. To request a data export, email [email protected].

Changes

We may update this policy. Material changes will be reflected in the "Last updated" date and announced in-app.

Contact

Privacy questions: [email protected] — Finn Digital LLC.