Privacy Policy

MyGredient website is owned by Mutelligence Ltd, which is a data controller of your personal data.

We have adopted this Privacy Policy, which determines how we are processing the information collected by MyGredient, which also provides the reasons why we must collect certain personal data about you. Therefore, you must read this Privacy Policy before using MyGredient website.

We take care of your personal data and undertake to guarantee its confidentiality and security.

Last Updated: November 19, 2024

---

1. INTRODUCTION

Welcome to MyGredient. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the MyGredient mobile application ("App").

MyGredient is a food and cosmetic ingredient scanning app that helps users make informed choices based on their dietary preferences, skin type, allergies, and religious requirements.

---

2. INFORMATION WE COLLECT

2.1 Information You Provide to Us:

• Account Information: When you create an account, we collect your email address and authentication credentials (if using email/password login)

• Profile Information: Name/profile name, age, gender, dietary preferences (primary diet, lifestyle diet), skin type, allergies, religious preferences, and shopping habits

• User Preferences: Your reasons for using the app, confidence levels regarding food choices, label trust, and cosmetic ingredient knowledge

• Custom Rules: Any custom dietary rules or ingredient preferences you create

• Scan History: Records of products you scan, including barcodes, product information, and your scan results

• Notification Preferences: Your selected days and times for shopping reminders

2.2 Information Collected Automatically:

• Device Information: Device type, operating system version, unique device identifiers

• Usage Data: App features used, frequency of scans, navigation patterns within the app

• Log Data: Error logs, crash reports, and app performance data

2.3 Information from Third Parties:

• Third-Party Sign-In: If you sign in using Apple Sign-In or Google Sign-In, we receive your email address and authentication token from these services

• Payment Information: We use RevenueCat for subscription management. RevenueCat processes your payment information, but we do not directly access your credit card or payment details

---

3. HOW WE USE YOUR INFORMATION

We use your information to:

• Provide Core Functionality: Analyze scanned products against your dietary preferences, allergies, skin type, and religious requirements

• Personalize Your Experience: Customize ingredient analysis and recommendations based on your profile

• Account Management: Create and manage your user account, authenticate your identity

• Subscription Management: Process and manage your subscription status and entitlements

• Send Notifications: Deliver optional shopping reminders based on your selected preferences

• Improve Our Service: Analyze usage patterns to improve app features and user experience

• Customer Support: Respond to your questions, feedback, and support requests

• Legal Compliance: Comply with applicable laws, regulations, and legal processes

---

4. HOW WE SHARE YOUR INFORMATION

We do NOT sell your personal data to third parties. We only share your information in the following circumstances:

4.1 Service Providers:

• Supabase (Database & Authentication): Stores your account information, preferences, and scan history. Data is hosted securely in cloud infrastructure.

• RevenueCat (Subscription Management): Processes subscription purchases and manages entitlements. We share your user ID to link purchases to your account.

• Apple/Google (Authentication): If you use Apple Sign-In or Google Sign-In, authentication is handled through their respective platforms.

• Expo Notifications: Delivers optional push notifications for shopping reminders.

4.2 Legal Requirements:

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations

• Protect our rights, property, or safety

• Prevent fraud or security issues

• Enforce our Terms of Service

4.3 Business Transfers:

If MyGredient is involved in a merger, acquisition, or sale of assets, your information may be transferred to the new owner, subject to this Privacy Policy.

---

5. DATA RETENTION

We retain your personal data for as long as:

• Your account is active

• Necessary to provide our services

• Required by law or for legitimate business purposes

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

---

6. YOUR RIGHTS AND CHOICES

Depending on your location, you may have the following rights:

6.1 Access and Portability:

• Request a copy of the personal data we hold about you

• Export your data in a machine-readable format

6.2 Correction:

• Update or correct your profile information within the app settings

6.3 Deletion:

• Request deletion of your account and associated data

• You can delete your account through the app settings or by contacting us

6.4 Opt-Out:

• Disable push notifications in your device settings or app settings

• Unsubscribe from marketing communications (if any)

6.5 Withdraw Consent:

• Withdraw consent for data processing where we rely on consent as the legal basis

To exercise these rights, please contact us at: support@mygredient.com

---

7. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption of data in transit (HTTPS/TLS)

• Secure authentication mechanisms (including OAuth 2.0 for third-party sign-in)

• Regular security assessments and updates

• Access controls and authentication requirements

• Secure cloud infrastructure provided by Supabase

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

---

8. CHILDREN'S PRIVACY

MyGredient is not intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete such information.

---

9. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer your data internationally, we ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

---

10. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Updating the "Last Updated" date at the top of this policy

• Posting a notice in the app

• Sending you an email notification (if you have an account)

Your continued use of the app after changes become effective constitutes acceptance of the updated Privacy Policy.

---

11. THIRD-PARTY LINKS

The App may contain links to third-party websites or services (such as product manufacturer websites). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

---

12. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about the categories and specific pieces of personal data we have collected about you

• Right to Delete: Request deletion of your personal data

• Right to Opt-Out: Opt-out of the sale of your personal data (Note: We do NOT sell personal data)

• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at: hello@mygredient.com

---

13. EUROPEAN PRIVACY RIGHTS (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Right to Access: Obtain confirmation of whether we process your data and access to your data

• Right to Rectification: Correct inaccurate or incomplete data

• Right to Erasure: Request deletion of your data ("right to be forgotten")

• Right to Restrict Processing: Limit how we use your data

• Right to Data Portability: Receive your data in a structured, machine-readable format

• Right to Object: Object to processing based on legitimate interests

• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

• Right to Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing:

We process your personal data based on:

• Contract Performance: To provide the services you requested

• Consent: Where you have given explicit consent (e.g., notifications)

• Legitimate Interests: To improve our services and ensure security

• Legal Obligations: To comply with applicable laws

---

14. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hello@mygredient.com

Website: https://www.mygredient.com

For data protection inquiries, please include "Privacy Request" in the subject line.

---

15. DATA CONTROLLER

The data controller responsible for your personal data is:

Mutelligence Ltd

71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

Email: hello@mygredient.com

---

END OF PRIVACY POLICY

---